Skip to content

Update dependencies #259

Update dependencies

Update dependencies #259

Workflow file for this run

name: CI Tests
on: [pull_request]
env:
TEST_TAG: ci_test
permissions:
contents: write
jobs:
reset_test_branches:
runs-on: ubuntu-latest
name: Reset test branches
steps:
- name: Checkout action repo
uses: actions/checkout@v4
with:
token: ${{ secrets.CI_RESET_TEST_BRANCHES }}
fetch-depth: 0
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Reset branches
run: |
python -m pip install -U pip
pip install requests
python -c "import requests; requests.delete('https://api.github.com/repos/CasperWA/push-protected/branches/protected/protection/enforce_admins', headers={'Authorization': 'token ${{ secrets.CI_RESET_TEST_BRANCHES }}', 'Accept': 'application/vnd.github.v3+json'})"
git fetch origin
git push -d origin ${TEST_TAG} || :
git branch not_protected origin/not_protected
git branch protected origin/protected
git checkout not_protected
git reset --hard ${GITHUB_SHA}
git push -f
git checkout protected
git reset --hard ${GITHUB_SHA}
git push -f
python -c "import requests; requests.post('https://api.github.com/repos/CasperWA/push-protected/branches/protected/protection/enforce_admins', headers={'Authorization': 'token ${{ secrets.CI_RESET_TEST_BRANCHES }}', 'Accept': 'application/vnd.github.v3+json'})"
not_protected:
needs: reset_test_branches
runs-on: ubuntu-latest
name: Testing - non-protected
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Perform changes
run: ./ci.sh ${TEST_TAG}
working-directory: .github/utils
- name: Pushing to a non-protected branch
uses: ./
with:
token: '${{ secrets.GITHUB_TOKEN }}'
branch: not_protected
unprotect_reviews: false
- name: Check tags (local)
run: |
git fetch origin -ftp
git ls-remote --tags origin | grep "${TEST_TAG}" && exit 1 || echo "Tag ${TEST_TAG} doesn't exist on remote as expected."
git tag -l | grep "${TEST_TAG}"
- name: Pushing to a non-protected branch (including tags)
uses: ./
with:
token: '${{ secrets.GITHUB_TOKEN }}'
ref: refs/heads/not_protected
unprotect_reviews: false
tags: true
- name: Check tags (local+remote)
run: |
git fetch origin -ftpP
git ls-remote --tags origin | grep "${TEST_TAG}"
git tag -l | grep "${TEST_TAG}"
protected:
needs: [reset_test_branches, not_protected]
runs-on: ubuntu-latest
name: Testing - protected
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Perform changes
run: ./ci.sh
working-directory: .github/utils
- name: Pushing to a protected branch
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
branch: protected
unprotect_reviews: true
acceptable_conclusions: success,skipped
- name: Pushing to a protected branch without any changes
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
ref: refs/heads/protected
unprotect_reviews: true
acceptable_conclusions: success,skipped
force-pushing:
needs: [protected]
runs-on: ubuntu-latest
name: Testing - protected (--force)
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Perform non-fast-forwardable changes
run: |
git config --global user.email "[email protected]"
git config --global user.name "Casper Welzel Andersen"
git fetch origin
git reset --hard ${GITHUB_SHA}
touch test.txt
git add test.txt
git commit -m "Diverged from remote branch"
- name: Push not using `--force` (should fail)
id: push_no_force
continue-on-error: true
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
branch: protected
unprotect_reviews: true
acceptable_conclusions: success,skipped
- name: This runs ONLY if the previous step doesn't fail
if: steps.push_no_force.outcome != 'failure' || steps.push_no_force.conclusion != 'success'
run: |
echo "Outcome: ${{ steps.push_no_force.outcome }} (not 'failure'), Conclusion: ${{ steps.push_no_force.conclusion }} (not 'success')"
exit 1
- name: Push using `--force` (should succeed)
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
branch: protected
unprotect_reviews: true
force: yes
acceptable_conclusions: success,skipped
branch_and_ref:
needs: [force-pushing]
runs-on: ubuntu-latest
name: Testing - Setting `branch` and `ref` fails
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Push setting both `branch` and `ref` (should fail)
id: push_branch_ref
continue-on-error: true
uses: ./
with:
token: '${{ secrets.GITHUB_TOKEN }}'
branch: not_protected
ref: refs/heads/not_protected
unprotect_reviews: false
- name: This runs ONLY if the previous step doesn't fail
if: steps.push_branch_ref.outcome != 'failure' || steps.push_branch_ref.conclusion != 'success'
run: |
echo "Outcome: ${{ steps.push_branch_ref.outcome }} (not 'failure'), Conclusion: ${{ steps.push_branch_ref.conclusion }} (not 'success')"
exit 1
non_existant_branch:
needs: [branch_and_ref]
runs-on: ubuntu-latest
name: Testing - Fail for non-existant branch
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Push to non-existant branch (should fail)
id: push_non_existant
continue-on-error: true
uses: ./
with:
token: '${{ secrets.GITHUB_TOKEN }}'
branch: non-existant-branch
unprotect_reviews: false
- name: This runs ONLY if the previous step doesn't fail
if: steps.push_non_existant.outcome != 'failure' || steps.push_non_existant.conclusion != 'success'
run: |
echo "Outcome: ${{ steps.push_non_existant.outcome }} (not 'failure'), Conclusion: ${{ steps.push_non_existant.conclusion }} (not 'success')"
exit 1
path:
needs: [non_existant_branch]
runs-on: ubuntu-latest
name: Testing - Using `path`
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
with:
path: sub_folder
- name: Pushing to a protected branch without any changes
uses: ./sub_folder/
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
ref: refs/heads/protected
unprotect_reviews: true
path: sub_folder
force: yes
acceptable_conclusions: success,skipped
acceptable_conclusions:
needs: [path]
runs-on: ubuntu-latest
name: Testing - Default for `acceptable_conclusions` with skipped checks
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Perform changes
run: ./ci.sh
working-directory: .github/utils
- name: Push to protected branch without 'skipped' in 'acceptable_conclusions'
id: push_skipped
continue-on-error: true
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
branch: protected
unprotect_reviews: true
# Default value - set here explicitly for clarity
acceptable_conclusions: success
- name: This runs ONLY if the previous step doesn't fail
if: steps.push_skipped.outcome != 'failure' || steps.push_skipped.conclusion != 'success'
run: |
echo "Outcome: ${{ steps.push_skipped.outcome }} (not 'failure'), Conclusion: ${{ steps.push_skipped.conclusion }} (not 'success')"
exit 1
fail_fast:
needs: [acceptable_conclusions]
runs-on: ubuntu-latest
name: Testing - Using `fail_fast`
steps:
- name: Use local action (checkout)
uses: actions/checkout@v4
- name: Perform changes
run: ./ci.sh
working-directory: .github/utils
- name: Push to protected branch without 'skipped' in 'acceptable_conclusions' & with 'fail_fast'
id: fail_fast
continue-on-error: true
uses: ./
with:
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}'
branch: protected
unprotect_reviews: true
# Default value - set here explicitly for clarity
acceptable_conclusions: success
fail_fast: true
- name: This runs ONLY if the previous step doesn't fail
if: steps.fail_fast.outcome != 'failure' || steps.fail_fast.conclusion != 'success'
run: |
echo "Outcome: ${{ steps.fail_fast.outcome }} (not 'failure'), Conclusion: ${{ steps.fail_fast.conclusion }} (not 'success')"
exit 1
pre-commit:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -U setuptools wheel
while IFS="" read -r line || [ -n "${line}" ]; do
if [[ "${line}" =~ ^pre-commit.*$ ]]; then
pre_commit="${line}"
fi
done < requirements_dev.txt
pip install ${pre_commit}
- name: Test with pre-commit
run: SKIP=pylint pre-commit run --all-files --show-diff-on-failure
pylint-safety:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install -U pip
pip install -U setuptools wheel
pip install -U -r requirements.txt -r requirements_dev.txt
pip install safety
- name: Run pylint
run: pylint --rcfile=pyproject.toml *.py push_action
# ID: 70612
# Package: Jinja2
# Has been disputed by the maintainer and multiple third parties.
# For more information see: https://github.com/advisories/GHSA-f6pv-j8mr-w6rr
- name: Run safety
run: pip freeze | safety check --stdin --ignore=70612