chore(deps): update dependency js-yaml to v4.2.0 [security] #5964
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python CI | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| branches: | |
| - "main" | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| request: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| run: ${{ steps.filter.outputs.run }} | |
| steps: | |
| - uses: envoyproxy/toolshed/actions/github/should-run@5171ddd579f53dcef432bc54e16e2d2c90864968 # actions-v0.4.13 | |
| id: filter | |
| with: | |
| config: | | |
| paths: | |
| - py/VERSION.txt | |
| - '.github/workflows/py.yml' | |
| - 'pants.toml' | |
| - 'pants.ci.toml' | |
| - '.coveragerc' | |
| - '.flake8' | |
| - '.flake8.lock' | |
| - 'mypy.ini' | |
| - 'pytest.ini' | |
| - 'py/**' | |
| test: | |
| runs-on: ubuntu-24.04 | |
| needs: request | |
| if: >- | |
| github.repository_owner == 'envoyproxy' | |
| && fromJSON(needs.request.outputs.run) | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Initialize Pants | |
| uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11 | |
| with: | |
| gha-cache-key: "v0-${{ runner.os }}" | |
| named-caches-hash: "${{ hashFiles('pants*toml') }}" | |
| - name: Run pants test | |
| run: "pants --colors test ::" | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: coverage | |
| path: dist/coverage/python/htmlcov/ | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| needs: request | |
| if: >- | |
| fromJSON(needs.request.outputs.run) | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Initialize Pants | |
| uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11 | |
| with: | |
| gha-cache-key: "v0-${{ runner.os }}" | |
| named-caches-hash: "${{ hashFiles('pants*toml') }}" | |
| - name: Run pants lint | |
| run: "pants --colors lint ::" | |
| typecheck: | |
| runs-on: ubuntu-24.04 | |
| needs: request | |
| if: >- | |
| fromJSON(needs.request.outputs.run) | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Initialize Pants | |
| uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11 | |
| with: | |
| gha-cache-key: "v0-${{ runner.os }}" | |
| named-caches-hash: "${{ hashFiles('pants*toml') }}" | |
| - name: Run pants (type) check | |
| run: "pants --colors check ::" | |
| docs: | |
| runs-on: ubuntu-24.04 | |
| # TODO: reenable once plugin is fixed | |
| if: false | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Initialize Pants | |
| uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11 | |
| with: | |
| gha-cache-key: "v0-${{ runner.os }}" | |
| named-caches-hash: "${{ hashFiles('pants*toml') }}" | |
| - name: Run pants README | |
| run: "pants --colors readme --check=README.md ::" | |
| package: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - request | |
| - test | |
| - lint | |
| - typecheck | |
| # - docs | |
| if: >- | |
| fromJSON(needs.request.outputs.run) | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Initialize Pants | |
| uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11 | |
| with: | |
| gha-cache-key: "v0-${{ runner.os }}" | |
| named-caches-hash: "${{ hashFiles('pants*toml') }}" | |
| - name: Run pants package | |
| run: "pants --colors package ::" | |
| - name: Verify wheel METADATA matches setup.cfg | |
| run: | | |
| python -m pip install --quiet packaging | |
| python py/tools/publish_check/check_wheel_metadata.py | |
| - name: Archive wheels | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: python-artifacts | |
| path: dist/*.whl | |
| if-no-files-found: error | |
| - name: Archive sdists | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: python-source | |
| path: dist/*.tar.gz | |
| if-no-files-found: error | |
| status: | |
| runs-on: ubuntu-24.04 | |
| if: >- | |
| always() | |
| && github.event_name == 'pull_request' | |
| name: Python | |
| needs: | |
| - request | |
| - test | |
| - lint | |
| - typecheck | |
| - package | |
| steps: | |
| - run: | | |
| if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then | |
| echo "One or more jobs failed or were cancelled" | |
| exit 1 | |
| fi | |
| echo "All required jobs passed or were skipped" |