Skip to content

chore(gh-actions-deps): update anchore/scan-action action to v5.2.0 in all dependant reusable workflows #634

chore(gh-actions-deps): update anchore/scan-action action to v5.2.0 in all dependant reusable workflows

chore(gh-actions-deps): update anchore/scan-action action to v5.2.0 in all dependant reusable workflows #634

Workflow file for this run

---
name: Test repository Actions
on:
push:
branches: [main]
merge_group:
pull_request:
branches: [main]
# Cancel running jobs for the same workflow and branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
# IMPORTANT: Any new jobs need to be added to the check-tests-passed job to ensure they correctly gate code changes
jobs:
test-create_unique_testpypi_version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./actions/create_unique_testpypi_version
id: create-version
with:
package-name: example-package # this is an example package that is never updated
- name: Verify the new version number
run: |
if [ "${{ steps.create-version.outputs.new-version }}" != "0.0.1.post1" ]; then
echo "The new version number doesn't match the expected version number."
echo "Expected: 0.0.1.post1"
echo "Actual: ${{ steps.create-version.outputs.new-version }}"
exit 1
fi
test-find_unreleased_changelog_items:
runs-on: ubuntu-latest
env:
UNIT_TESTING_FIND_UNRELEASED_CHANGELOG_ITEMS_ACTION: true
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Overwrite CHANGELOG.md with dummy data
run: |
cat <<EOF > temp_changelog.md
# Changelog
---
## Unreleased
Things to be included in the next release go here.
### Added
- Something will be added
---
## v0.0.1
### Added
- Something was done here in the past
EOF
cp temp_changelog.md CHANGELOG.md
- uses: ./actions/find_unreleased_changelog_items
with:
release-level: patch
previous-changelog-filepath: python_semantic_release_templates/.testing_previous_changelog_for_template.md
previous-release-notes-filepath: python_semantic_release_templates/.testing_previous_release_notes_for_template.md
- name: Get Job Summary
uses: austenstone/job-summary@67b7e1f68ee55e44d073ab7354e7b580cd09567c # v2.0
id: job-summary
with:
name: temp_job_summary
create-pdf: false
create-pdf-artifact: false
create-md: true
create-md-artifact: false
- name: Compare CHANGELOG.md with the created copy
run: |
FILE1="./temp_changelog.md"
FILE2="./python_semantic_release_templates/.testing_previous_changelog_for_template.md"
if diff "$FILE1" "$FILE2" > /dev/null; then
echo "The changelog files are identical."
else
echo "The changelog files are different. Here is the diff:"
diff "$FILE1" "$FILE2"
exit 1
fi
- name: Verify created Release Notes
run: |
FILE_PATH="./python_semantic_release_templates/.testing_previous_release_notes_for_template.md"
# Define the multiline string using a heredoc
MULTILINE_STRING=$(cat <<'EOF'
## Unreleased
Things to be included in the next release go here.
### Added
- Something will be added
EOF
)
# Compare the file contents to the multiline string
if diff <(echo "$MULTILINE_STRING") "$FILE_PATH" > /dev/null; then
echo "The Release Notes contents are correct."
else
echo "The Release Notes contents are not correct. Here is the diff:"
diff <(echo "$MULTILINE_STRING") "$FILE_PATH"
exit 1
fi
- name: Verify the Job Summary
run: |
FILE_PATH="./temp_job_summary.md"
# Define the start and end parts of the multiline string using heredocs
START_STRING=$(cat <<'EOF'
## Workflow Inputs
- release-level: patch
## PRs Merged Since Last Release
EOF
)
END_STRING=$(cat <<'EOF'
## Incoming Changes
Things to be included in the next release go here.
### Added
- Something will be added
EOF
)
# Read file contents
FILE_CONTENTS=$(cat "$FILE_PATH")
# Extract the start and end parts of the file contents
FILE_START=$(echo "$FILE_CONTENTS" | head -n "$(echo "$START_STRING" | wc -l)")
FILE_END=$(echo "$FILE_CONTENTS" | tail -n "$(echo "$END_STRING" | wc -l)")
# Compare the start and end parts
if [ "$FILE_START" == "$START_STRING" ] && [ "$FILE_END" == "$END_STRING" ]; then
echo "The Job Summary contents are correct."
else
echo "The Job Summary contents are not correct."
echo ""
echo "Expected start:"
echo "$START_STRING"
echo ""
echo "Actual start:"
echo "$FILE_START"
echo ""
echo ""
echo "Expected end:"
echo "$END_STRING"
echo ""
echo "Actual end:"
echo "$FILE_END"
exit 1
fi
test-update_development_dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./actions/update_development_dependencies
with:
update-pre-commit: true
run-pre-commit: true
dependency-dict: '{"dev": ["pyright"]}'
pre-commit-repo-update-skip-list: https://github.com/pre-commit/pre-commit-hooks,https://github.com/executablebooks/mdformat
pre-commit-hook-skip-list: remove-tabs,forbid-tabs,check-readthedocs,check-dependabot,check-github-actions,check-github-workflows,commitizen,blacken-docs,yamlfix,hadolint,mdformat,markdown-link-check,check-poetry,toml-sort-fix,pyright,poetry-audit,ruff,ruff-format,docformatter,renovate-config-validator,actionlint
export-dependency-groups: |
actions-update_development_dependencies:actions/update_development_dependencies,
tests
test-fetch_pr_number:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Fetch known PR number
uses: ./actions/fetch_pr_number
id: fetch-pr-number-found
with:
sha: 7a6fb39bda8ace8217530c3bc79407333462fc30
github-repository: ${{ github.repository }}
- name: Verify the PR number
run: |
if [ "${{ steps.fetch-pr-number-found.outputs.number }}" != "30" ]; then
echo "The fetched PR number doesn't match the expected PR number."
echo "Expected: 30"
echo "Actual: ${{ steps.fetch-pr-number-found.outputs.number }}"
exit 1
fi
- name: Fetch known PR number from a fork
uses: ./actions/fetch_pr_number
id: fetch-pr-number-found-fork
with:
sha: 9163270797352721c78d82054f6ead259f2f7366
github-repository: ${{ github.repository }}
- name: Verify the PR number from a fork
run: |
if [ "${{ steps.fetch-pr-number-found-fork.outputs.number }}" != "31" ]; then
echo "The fetched PR number doesn't match the expected PR number."
echo "Expected: 31"
echo "Actual: ${{ steps.fetch-pr-number-found.outputs.number }}"
exit 1
fi
- name: Fetch unknown PR number
uses: ./actions/fetch_pr_number
id: fetch-pr-number-not-found
with:
sha: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
github-repository: ${{ github.repository }}
max-attempts: 2
retry-delay: 2
continue-on-error: true # This step should fail
- name: Verify no PR number was found and the previous step failed
run: |
if [ "${{ steps.fetch-pr-number-not-found.outcome }}" != "failure" ]; then
echo "Step did not fail as expected."
exit 1
else
echo "Step failed as expected."
fi
# Check that all jobs passed
check-action-tests-passed:
if: ${{ !cancelled() }}
needs:
- test-create_unique_testpypi_version
- test-find_unreleased_changelog_items
- test-update_development_dependencies
- test-fetch_pr_number
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}