ansible · ssbarnea · Nov 7, 2024 · Nov 7, 2024
@@ -2,222 +2,25 @@
 name: tox
 
 on:
-  push: # only publishes pushes to the main branch to TestPyPI
-    branches: # any integration branch but not tag
+  push:
+    branches:
       - "main"
   pull_request:
     branches:
       - "main"
+  workflow_call:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
-env:
-  FORCE_COLOR: 1
-  PY_COLORS: 1
-
 jobs:
-  prepare:
-    name: prepare
-    runs-on: ubuntu-22.04
-    outputs:
-      matrix: ${{ steps.generate_matrix.outputs.matrix }}
-    steps:
-      - name: Determine matrix
-        id: generate_matrix
-        uses: coactions/dynamic-matrix@v2
-        with:
-          default_python: "3.10"
-          min_python: "3.10"
-          max_python: "3.12"
-          other_names: |
-            lint
-            docs
-          platforms: linux,macos
-
-  build:
-    name: ${{ matrix.name }}
-    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
-    needs:
-      - prepare
-    defaults:
-      run:
-        shell: ${{ matrix.shell || 'bash'}}
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.prepare.outputs.matrix) }}
-    env:
-      # Number of expected test passes, safety measure for accidental skip of
-      # tests. Update value if you add/remove tests.
-      PYTEST_REQPASS: 1
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # needed by setuptools-scm
-          submodules: true
-
-      - name: Set pre-commit cache
-        uses: actions/cache@v4
-        if: ${{ matrix.passed_name == 'lint' }}
-        with:
-          path: |
-            ~/.cache/pre-commit
-          key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
-
-      - name: Set galaxy cache
-        uses: actions/cache@v4
-        if: ${{ startsWith(matrix.passed_name, 'py') }}
-        with:
-          path: |
-            examples/playbooks/collections/*.tar.gz
-            examples/playbooks/collections/ansible_collections
-          key: galaxy-${{ hashFiles('examples/playbooks/collections/requirements.yml') }}
-
-      - name: Set up Python ${{ matrix.python_version || '3.10' }}
-        uses: actions/setup-python@v5
-        with:
-          cache: pip
-          python-version: ${{ matrix.python_version || '3.10' }}
-
-      - name: Install tox
-        run: |
-          python3 -m pip install --upgrade pip
-          python3 -m pip install --upgrade "tox>=4.0.0"
-
-      - name: Log installed dists
-        run: python3 -m pip freeze --all
-
-      - name: Initialize tox envs ${{ matrix.passed_name }}
-        run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
-        timeout-minutes: 5 # average is under 1, but macos can be over 3
-
-      # sequential run improves browsing experience (almost no speed impact)
-      - name: tox -e ${{ matrix.passed_name }}
-        run: python3 -m tox -e ${{ matrix.passed_name }}
-
-      - name: Archive logs
-        uses: actions/upload-artifact@v4
-        with:
-          name: logs-${{ matrix.name }}.zip
-          include-hidden-files: true
-          path: |
-            .tox/**/log/
-            .tox/**/.coverage*
-            .tox/**/coverage.xml
-
-      - name: Report failure if git reports dirty status
-        run: |
-          if [[ -n $(git status -s) ]]; then
-            # shellcheck disable=SC2016
-            echo -n '::error file=git-status::'
-            printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
-            exit 99
-          fi
-        # https://github.com/actions/toolkit/issues/193
-
-  codeql:
-    name: codeql
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ["python"]
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-
-          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:${{matrix.language}}"
-
-  check: # This job does nothing and is only used for the branch protection
-    if: always()
-    permissions:
-      id-token: write # codecov
-      pull-requests: write # allow codenotify to comment on pull-request
-
-    needs:
-      - build
-      - codeql
-
-    runs-on: ubuntu-latest
-
-    steps:
-      # checkout needed for codecov action which needs codecov.yml file
-      - uses: actions/checkout@v4
-
-      - name: Set up Python # likely needed for coverage
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - run: pip3 install 'coverage>=7.5.1'
-
-      - name: Merge logs into a single archive
-        uses: actions/upload-artifact/merge@v4
-        with:
-          name: logs.zip
-          include-hidden-files: true
-          pattern: logs-*.zip
-          # artifacts like py312.zip and py312-macos do have overlapping files
-          separate-directories: true
-
-      - name: Download artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: logs.zip
-          path: .
-
-      - name: Check for expected number of coverage.xml reports
-        run: |
-          JOBS_PRODUCING_COVERAGE=5
-          if [ "$(find . -name coverage.xml | wc -l | bc)" -ne "${JOBS_PRODUCING_COVERAGE}" ]; then
-            echo "::error::Number of coverage.xml files was not the expected one (${JOBS_PRODUCING_COVERAGE}): $(find . -name coverage.xml |xargs echo)"
-            exit 1
-          fi
-
-      - name: Upload coverage data
-        uses: codecov/codecov-action@v4
-        with:
-          name: ${{ matrix.passed_name }}
-          # verbose: true # optional (default = false)
-          fail_ci_if_error: true
-          use_oidc: true # cspell:ignore oidc
-
-      - name: Check codecov.io status
-        if: github.event_name == 'pull_request'
-        uses: coactions/codecov-status@main
-
-      - name: Decide whether the needed jobs succeeded or failed
-        uses: re-actors/alls-green@release/v1
-        with:
-          jobs: ${{ toJSON(needs) }}
-
-      - name: Delete Merged Artifacts
-        uses: actions/upload-artifact/merge@v4
-        with:
-          include-hidden-files: true
-          delete-merged: true
+  tox:
+    uses: ansible/team-devtools/.github/workflows/tox.yml@main
+    with:
+      jobs_producing_coverage: 7
+      other_names: |
+        docs
+        lint
+        pkg
+        devel
@@ -6,8 +6,13 @@ envlist =
   lint
   pkg
   docs
+  py
+  devel
 
 [testenv]
+description =
+  Run tests
+  devel: without constrained dependencies
 extras =
   test
 passenv =
@@ -100,6 +105,7 @@ description =
   Build package, verify metadata, install package and assert behavior when ansible is missing.
 deps =
   build >= 1.0.3
+  pip
   twine >= 4.0.1
 skip_install = true
 # Ref: https://twitter.com/di_codes/status/1044358639081975813