Update github/codeql-action action to v3.26.7 (main) #1902
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Workflow does NOT trigger on a feature branch until a pull request is created. | |
| # Workflow will always run when a pull request is merged to the default branch. | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: ["main"] | |
| permissions: | |
| contents: read | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| jobs: | |
| bandit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Run bandit | |
| run: hatch run bandit-ci | |
| black: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up Python | |
| uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Run black | |
| run: hatch run black-check | |
| flake8: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Run flake8 | |
| run: hatch run flake8-check | |
| isort: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Run isort | |
| run: hatch run isort-check | |
| mypy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Run mypy | |
| run: hatch run typing | |
| renovate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: 🧼 lint renovate config # Validates changes to renovate.json config file | |
| uses: suzuki-shunsuke/github-action-renovate-config-validator@36a15b83e37bf3221dc9c02ff5ffdaefb51ca1cf # v1.1.0 | |
| with: | |
| config_file_path: 'renovate.json' | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| - name: Configure git user | |
| run: | | |
| git config --global user.name "TESTING-${GITHUB_ACTOR}" | |
| git config --global user.email "TESTING-${GITHUB_ACTOR}@example.com" | |
| - name: Create an ephemeral signing key for testing | |
| run: gpg --quick-generate-key --batch --passphrase '' "TESTING-${GITHUB_ACTOR} <TESTING-${GITHUB_ACTOR}@example.com>" default sign seconds=600 | |
| - name: Run pytest | |
| run: hatch run test-ci --cov-report xml:coverage-${{ matrix.python-version }}.xml --junitxml=test-results-${{ matrix.python-version }}.xml | |
| - name: Upload pytest test results artifact | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: pytest-results-${{ matrix.python-version }} | |
| path: test-results-${{ matrix.python-version }}.xml | |
| # Use always() to always run this step to publish test results when there are test failures | |
| if: ${{ always() }} | |
| - name: Upload coverage results artifact | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: pytest-coverage-${{ matrix.python-version }} | |
| path: coverage-${{ matrix.python-version }}.xml | |
| # Use always() to always run this step to publish test results when there are test failures | |
| if: ${{ always() }} | |
| - name: Publish coverage results to Codecov | |
| uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
| with: | |
| file: coverage-${{ matrix.python-version }}.xml | |
| fail_ci_if_error: true | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| verify-wheel: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Build wheel | |
| uses: ./.github/actions/build-dist | |
| - name: Verify wheel | |
| uses: ./.github/actions/verify-wheel | |
| with: | |
| package-import-name: "hyper_bump_it" | |
| script-command: "hyper-bump-it --help" | |
| build-devbox-image: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build devbox image | |
| run: docker compose build devbox | |
| build-docs: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| with: | |
| environment-name: "docs" | |
| - name: Build Docs | |
| run: hatch run docs:build | |
| - name: Upload coverage results artifact | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: docs-site | |
| path: site/ | |
| update-dev-docs: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Initialize Hatch | |
| uses: ./.github/actions/initialize-hatch | |
| with: | |
| environment-name: "docs" | |
| activate: "true" | |
| - name: Push documentation changes | |
| uses: ./.github/actions/publish-docs-with-mike | |
| with: | |
| version_name: dev |