Skip to content

chore(deps): update dependency js-yaml to v4.2.0 [security] #5964

chore(deps): update dependency js-yaml to v4.2.0 [security]

chore(deps): update dependency js-yaml to v4.2.0 [security] #5964

Workflow file for this run

name: Python CI
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
request:
runs-on: ubuntu-24.04
outputs:
run: ${{ steps.filter.outputs.run }}
steps:
- uses: envoyproxy/toolshed/actions/github/should-run@5171ddd579f53dcef432bc54e16e2d2c90864968 # actions-v0.4.13
id: filter
with:
config: |
paths:
- py/VERSION.txt
- '.github/workflows/py.yml'
- 'pants.toml'
- 'pants.ci.toml'
- '.coveragerc'
- '.flake8'
- '.flake8.lock'
- 'mypy.ini'
- 'pytest.ini'
- 'py/**'
test:
runs-on: ubuntu-24.04
needs: request
if: >-
github.repository_owner == 'envoyproxy'
&& fromJSON(needs.request.outputs.run)
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants test
run: "pants --colors test ::"
- name: Archive code coverage results
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage
path: dist/coverage/python/htmlcov/
lint:
runs-on: ubuntu-24.04
needs: request
if: >-
fromJSON(needs.request.outputs.run)
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants lint
run: "pants --colors lint ::"
typecheck:
runs-on: ubuntu-24.04
needs: request
if: >-
fromJSON(needs.request.outputs.run)
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants (type) check
run: "pants --colors check ::"
docs:
runs-on: ubuntu-24.04
# TODO: reenable once plugin is fixed
if: false
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants README
run: "pants --colors readme --check=README.md ::"
package:
runs-on: ubuntu-24.04
needs:
- request
- test
- lint
- typecheck
# - docs
if: >-
fromJSON(needs.request.outputs.run)
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@0aaef864bd133c4055feb6adad0bfdce0de1c2e4 # v11
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants package
run: "pants --colors package ::"
- name: Verify wheel METADATA matches setup.cfg
run: |
python -m pip install --quiet packaging
python py/tools/publish_check/check_wheel_metadata.py
- name: Archive wheels
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: python-artifacts
path: dist/*.whl
if-no-files-found: error
- name: Archive sdists
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: python-source
path: dist/*.tar.gz
if-no-files-found: error
status:
runs-on: ubuntu-24.04
if: >-
always()
&& github.event_name == 'pull_request'
name: Python
needs:
- request
- test
- lint
- typecheck
- package
steps:
- run: |
if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
echo "One or more jobs failed or were cancelled"
exit 1
fi
echo "All required jobs passed or were skipped"