build(deps): update dependency jinja2 to v3.1.5 [security] (main) #6116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
push: | |
branches: | |
- main | |
- "feature/**" | |
pull_request: | |
merge_group: | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
snap-build: | |
runs-on: [self-hosted, amd64] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Build snap | |
uses: canonical/action-build@v1 | |
id: snapcraft | |
- name: Upload snap artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: snap | |
path: ${{ steps.snapcraft.outputs.snap }} | |
snap-publish: | |
needs: [snap-build] | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name == 'pull_request' }} | |
steps: | |
- name: Download snap artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: snap | |
path: snap-artifacts | |
- name: Get snap filename | |
id: snap-name | |
run: | | |
echo "snap=$(find . -type f -name '*.snap')" >> $GITHUB_OUTPUT | |
- name: Publish feature branch to edge/pr-${{ github.event.number }} | |
if: env.SNAPCRAFT_STORE_CREDENTIALS != '' | |
uses: canonical/action-publish@v1 | |
env: | |
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }} | |
with: | |
snap: ${{ steps.snap-name.outputs.snap }} | |
release: edge/pr-${{ github.event.number }} | |
snap-tests: | |
needs: [snap-build] | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, ubuntu-22.04] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Download snap artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: snap | |
path: snap-artifacts | |
- name: Install snap | |
run: | | |
sudo snap install --classic --dangerous snap-artifacts/*.snap | |
rm -rf snap-artifacts | |
- name: Install test dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y python3-pip python3-setuptools python3-wheel python3-distutils | |
sudo snap install charm --classic | |
- name: Refresh LXD dependency on 20.04 | |
if: ${{ matrix.os == 'ubuntu-20.04' }} | |
run: | | |
sudo snap refresh lxd || echo "Cannot refresh LXD dependency, using $(lxd --version)" | |
snap list lxd | |
- name: Configured LXD | |
run: | | |
sudo groupadd --force --system lxd | |
sudo usermod --append --groups lxd $USER | |
sudo snap start lxd | |
sudo lxd waitready --timeout=30 | |
sudo lxd init --auto | |
- name: Validate snap configuration | |
run: | | |
sudo snap set charmcraft provider=lxd | |
sudo snap set charmcraft provider=multipass | |
if sudo snap set charmcraft provider=invalid; then | |
echo "configure script failure" | |
exit 1 | |
fi | |
sudo snap set charmcraft provider=lxd | |
windows-build: | |
runs-on: windows-2019 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up uv with caching | |
id: setup-uv | |
uses: astral-sh/setup-uv@v4 | |
with: | |
enable-cache: true | |
- name: Install dependencies | |
run: | | |
uv sync --no-dev | |
uv pip install pyinstaller | |
- name: Build | |
run: | | |
uv run pyinstaller charmcraft.spec | |
- name: Upload unsigned exe | |
uses: actions/upload-artifact@v4 | |
with: | |
name: windows-exe | |
path: dist\charmcraft.exe | |
- name: Smoke test executable | |
run: | | |
mkdir my-charm | |
cd my-charm | |
..\dist\charmcraft.exe version | |
..\dist\charmcraft.exe init --author "Charmcraft Team" | |
..\dist\charmcraft.exe clean | |
- name: Update Installer Version | |
run: | | |
python -m tools.version set-charmcraft-iss | |
- name: Build installer(s) | |
env: | |
INNOCC: C:\Program Files (x86)\Inno Setup 6\iscc.exe | |
MAKEAPPX: C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\makeappx.exe | |
SIGNTOOL: C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe | |
TIMESTAMP_SERVICE: http://timestamp.digicert.com | |
run: | | |
windows\generate-self-signed-cert.ps1 | |
& $Env:SIGNTOOL sign /fd SHA256 /td SHA256 /tr $Env:TIMESTAMP_SERVICE /f test-signing.pfx /p Password1234 dist\charmcraft.exe | |
& $Env:INNOCC windows\charmcraft.iss | |
copy dist\charmcraft-installer.exe dist\charmcraft-installer-self-signed.exe | |
echo "Test signing charmcraft inno installer..." | |
& $Env:SIGNTOOL sign /fd SHA256 /td SHA256 /tr $Env:TIMESTAMP_SERVICE /f test-signing.pfx /p Password1234 dist\charmcraft-installer-self-signed.exe | |
echo "Building charmcraft msix installer..." | |
mkdir dist\msix | |
copy dist\charmcraft.exe dist\msix\ | |
copy windows\charmcraft.png dist\msix\ | |
copy windows\AppxManifest.xml dist\msix\ | |
& $Env:MAKEAPPX pack /h SHA256 /d dist\msix /p dist\charmcraft-installer.msix | |
echo "Test signing charmcraft msix installer..." | |
& $Env:SIGNTOOL sign /fd SHA256 /td SHA256 /tr $Env:TIMESTAMP_SERVICE /f test-signing.pfx /p Password1234 dist\charmcraft-installer.msix | |
- name: Upload installer(s) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: installers | |
path: | | |
dist\charmcraft-installer-self-signed.exe | |
dist\charmcraft-installer.msix | |
macos-smoke-test: | |
strategy: | |
matrix: | |
os: [macos-13, macos-14-large] | |
runs-on: ${{ matrix.os }} | |
steps: | |
# Installing and caching homebrew using the action should speed up subsequent CI: | |
# https://github.com/Homebrew/actions/tree/master/setup-homebrew | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Cache Homebrew Bundler RubyGems | |
id: cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.set-up-homebrew.outputs.gems-path }} | |
key: ${{ runner.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }} | |
restore-keys: ${{ runner.os }}-rubygems- | |
- name: Install Homebrew Bundler RubyGems | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: brew install-bundler-gems | |
- name: Install dependencies with homebrew | |
run: | | |
brew install multipass | |
brew install [email protected] # For building pygit2 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up uv with caching | |
id: setup-uv | |
uses: astral-sh/setup-uv@v4 | |
with: | |
enable-cache: true | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
- name: Build and install Charmcraft | |
run: | | |
uv sync --no-dev | |
- name: Check for fully-configured multipass | |
run: | | |
while ! multipass version; do | |
sleep 1 | |
done | |
- name: Init and pack | |
run: | | |
source .venv/bin/activate | |
mkdir test-charm | |
cd test-charm | |
export CRAFT_VERBOSITY_LEVEL=trace | |
charmcraft init --profile=machine | |
charmcraft pack | |
test -f *.charm |