chore(ci): use dedicated dependabot org-secret to check out XML submodule #404
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Coverage" | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: {} | |
| jobs: | |
| coverage: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| python-version: ["3.13"] | |
| os: [ubuntu-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| token: ${{ github.actor == 'dependabot[bot]' && secrets.REPO_AND_READ_PACKAGES_PAT || secrets.XML_SUBMODULE_PAT }} | |
| # XML_SUBMODULE_PAT is a secret token on repository level with repo scope; expires in Jan2026 | |
| # https://github.com/Hochfrequenz/xml-fundamend-python/settings/secrets/actions/XML_AHB_MIG_Token | |
| # REPO_AND_READ_PACKAGES_PAT is a secret token on organization level | |
| # https://github.com/organizations/Hochfrequenz/settings/secrets/dependabot/REPO_AND_READ_PACKAGES_PAT | |
| submodules: "recursive" | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install tox | |
| - name: Run Tests and Record Coverage | |
| run: | | |
| tox -e coverage |