Skip to content

Bump github/codeql-action from 3.27.7 to 3.27.9 #672

Bump github/codeql-action from 3.27.7 to 3.27.9

Bump github/codeql-action from 3.27.7 to 3.27.9 #672

Workflow file for this run

# -*- coding: utf-8 -*- Copyright (C)
# 2023 Benjamin Thomas Schwertfeger
# GitHub: https://github.com/btschwertfeger
#
# Workflow to apply pre-commit, build, test and upload the package to the test
# index of PyPI.
#
# This workflow runs the whole CI of the python-kraken-sdk and serves to run the
# following checks:
# * pre-commit: checks the code style, syntax, formatting, etc.
# * CodeQL: checks security issues
# * Build: builds the python-kraken-sdk for multiple versions and os
# * Build Doc: builds the documentation
# * Test: Runs the unit tests for Spot and Futures. This
# requires the following repository secrets to be set:
# for Spot:
# * SPOT_API_KEY
# * SPOT_SECRET_KEY
# ... see the README for information about how to generate
# Spot API keys. Please also make sure to enable the
# following API permissions:
# * Query funds
# * Deposit funds
# * Query open orders & trades
# * Query closed orders & trades
# * Query ledger entries
# * Export data
# * Access WebSockets API
# Disable all other permissions since we don't want to create or
# cancel real orders or withdraw funds during testing. These tests
# are disabled by default but having the permissions disabled is the
# safest way of testing.
#
# for Futures:
# * FUTURES_API_KEY
# * FUTURES_SECRET_KEY
# * FUTURES_SANDBOX_KEY
# * FUTURES_SANDBOX_SECRET
#
# Please also make sure to set the "Read Only" permission for the
# live account to not risk any funds during testing! The
# demo/sandbox account requires full permissions.
#
name: CI/CD
on:
push:
branches: [master]
schedule:
- cron: "20 16 */7 * *"
release:
types: [created]
pull_request:
types: [opened, synchronize, reopened]
branches: ["**"]
# only run once due to API rate limits
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
## ===========================================================================
## Checks the code logic, style and more
##
Pre-Commit:
uses: ./.github/workflows/_pre_commit.yaml
## ===========================================================================
## Discover vulnerabilities
##
CodeQL:
uses: ./.github/workflows/_codeql.yaml
## ===========================================================================
## Builds the package on multiple OS
##
Build:
needs: [Pre-Commit]
uses: ./.github/workflows/_build.yaml
strategy:
fail-fast: true
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
## ===========================================================================
## Build the documentation
##
Build-Doc:
needs: [Pre-Commit]
uses: ./.github/workflows/_build_doc.yaml
with:
os: "ubuntu-latest"
python-version: "3.11"
## ===========================================================================
## Run the Spot tests
##
## (public endpoints)
##
Test-Spot-Public:
needs: [Pre-Commit]
uses: ./.github/workflows/_test_spot_public.yaml
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
##
## (private endpoints)
Test-Spot-Private:
if: success() && github.actor != 'dependabot[bot]'
needs: [Pre-Commit]
uses: ./.github/workflows/_test_spot_private.yaml
strategy:
max-parallel: 1 # to avoid failing tests because of API Rate limits
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
secrets: inherit
## ===========================================================================
## Run the NFT tests
##
## (public endpoints)
##
Test-NFT-Public:
needs: [Pre-Commit]
uses: ./.github/workflows/_test_nft_public.yaml
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
##
## (private endpoints)
Test-NFT-Private:
if: success() && github.actor != 'dependabot[bot]'
needs: [Test-Spot-Private]
uses: ./.github/workflows/_test_nft_private.yaml
strategy:
max-parallel: 1 # to avoid failing tests because of API Rate limits
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
secrets: inherit
## ===========================================================================
## Run the Futures tests
##
## (public endpoints)
Test-Futures-Public:
needs: [Pre-Commit]
uses: ./.github/workflows/_test_futures_public.yaml
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
##
## (private endpoints)
Test-Futures-Private:
if: success() && github.actor != 'dependabot[bot]'
needs: [Pre-Commit]
uses: ./.github/workflows/_test_futures_private.yaml
strategy:
max-parallel: 1 # to avoid failing tests because of API Rate limits
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12"]
with:
os: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
secrets: inherit
## ===========================================================================
## Generates and uploads the coverage statistics to codecov
##
CodeCov:
if: |
(success() && github.actor == 'btschwertfeger')
&& (github.event_name == 'push' || github.event_name == 'release')
needs:
- Test-Spot-Public
- Test-Spot-Private
- Test-Futures-Public
- Test-Futures-Private
- Test-NFT-Public
- Test-NFT-Private
uses: ./.github/workflows/_codecov.yaml
with:
os: "ubuntu-latest"
python-version: "3.11"
secrets: inherit
## ===========================================================================
## Uploads the package to test.pypi.org on master if triggered by
## a regular commit/push.
##
UploadTestPyPI:
if: |
(success() && github.ref == 'refs/heads/master')
&& (github.event_name == 'push' || github.event_name == 'release')
needs:
- Build
- Build-Doc
- CodeQL
- CodeCov
name: Upload development version to Test PyPI
uses: ./.github/workflows/_pypi_test_publish.yaml
secrets:
API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }}
## ===========================================================================
## Upload the python-kraken-sdk to Production PyPI
##
UploadPyPI:
if: |
success()
&& github.actor == 'btschwertfeger'
&& github.event_name == 'release'
needs:
- Build
- Build-Doc
- CodeQL
- CodeCov
name: Upload release to PyPI
uses: ./.github/workflows/_pypi_publish.yaml
secrets:
API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}