[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #1131
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Stable Deployment Workflow | |
on: | |
pull_request: | |
branches: | |
- master | |
push: | |
branches: | |
- master | |
schedule: | |
- cron: "0 0 * * *" | |
jobs: | |
lint: | |
name: Lint PyFunceble | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.11" | |
os: | |
- ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- name: Set up Python ${{ matrix.python_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
pip install -r requirements.txt | |
pip install pylint | |
- name: Lint PyFunceble with Pylint | |
run: pylint PyFunceble | |
- name: Lint tests with Pylint | |
run: pylint tests | |
deps_safety_check: | |
name: Check the safety of our dependencies. | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.11" | |
os: | |
- ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- name: Set up Python ${{ matrix.python_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
pip install -r requirements.txt | |
pip install safety | |
- name: Check the safety of our dependencies. | |
run: safety check -i 51668 | |
test: | |
needs: [lint, deps_safety_check] | |
name: "[${{ matrix.os }}] Test PyFunceble with Python ${{ matrix.python_version }}" | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- name: Set up Python ${{ matrix.python_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
pip install -r requirements.txt | |
pip install tox coveralls | |
- name: Test PyFunceble as defined by tox.ini | |
run: | | |
tox -c tox.ini | |
- name: Upload Coverage | |
continue-on-error: true | |
run: | | |
coveralls | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
COVERALLS_PARALLEL: true | |
coveralls: | |
needs: test | |
name: Finish Coveralls | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.11" | |
os: | |
- ubuntu-latest | |
steps: | |
- name: Sending finish flag to coveralls.io | |
uses: coverallsapp/github-action@master | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
parallel-finished: true | |
deploy_to_pypi: | |
needs: test | |
name: "Deploy 📦 to the PyPi" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.11" | |
os: | |
- ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- name: Set up Python ${{ matrix.python_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
pip install twine wheel setuptools | |
- name: Build 📦 | |
run: | | |
python setup.py sdist bdist_wheel | |
- name: Check 📦 | |
run: | | |
twine check dist/* | |
- name: Publish 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
skip-existing: true | |
deploy_to_docker_hub: | |
needs: test | |
name: "Deploy 📦 to the Docker Hub" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: | |
- "3.11" | |
os: | |
- ubuntu-latest | |
env: | |
DOCKER_PYTHON_VERSION: "3.11" | |
BUILDER_CLONE_DIRNAME: pyfunceble_docker | |
OUR_DOCKER_USERNAME: ${{ secrets.OUR_DOCKER_USERNAME }} | |
OUR_DOCKER_PASSWORD: ${{ secrets.OUR_DOCKER_PASSWORD }} | |
OUR_DOCKER_EMAIL: ${{ secrets.OUR_DOCKER_EMAIL }} | |
steps: | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- uses: actions/checkout@v3 | |
name: Clone docker 📦 repository | |
with: | |
repository: PyFunceble/docker | |
path: ${{ env.BUILDER_CLONE_DIRNAME }}/ | |
- name: Set up Python ${{ matrix.python_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
pip install ${{ env.BUILDER_CLONE_DIRNAME }}/. | |
- name: Get version of builder | |
run: | | |
pyfunceble-docker-builder --version | |
- name: Build, Check and Publish 📦 | |
run: > | |
pyfunceble-docker-builder -b ${{ env.BUILDER_CLONE_DIRNAME }}/builder | |
-p "$(python setup.py --name)" | |
--pyfunceble-version="$(python setup.py --version)" | |
--python-version="${DOCKER_PYTHON_VERSION}" | |
--is-latest --publish --commit="$(git log -1 --format=format:'%H')" | |
deploy_to_aur: | |
needs: deploy_to_pypi | |
name: "Deploy 📦 to the AUR" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
container: | |
image: archlinux | |
steps: | |
- name: Store the SSH key | |
run: | | |
echo "${{ secrets.AUR_SSH_KEY }}" | install -Dm600 /dev/stdin /root/.ssh/id_rsa | |
- name: Get time for cache | |
id: cache_time | |
run: echo "time=$(date +%F-%T)" >> ${GITHUB_OUTPUT} | |
- name: Set up cache | |
uses: actions/cache@master | |
with: | |
path: /var/cache/pacman/pkg | |
key: pacman-cache-x86_64-${{ steps.cache_time.outputs.time }} | |
restore-keys: pacman-cache-x86_64- | |
- name: Install dependencies | |
run: | | |
pacman -Syu --needed --noconfirm && \ | |
pacman -S --needed --noconfirm git binutils pacman-contrib openssh rsync python python-setuptools jq | |
- uses: actions/checkout@v3 | |
name: Clone repository | |
- name: Publish 📦 to the AUR - if necessary | |
env: | |
GIT_SSH_COMMAND: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" | |
run: | | |
aurRepoDir=/tmp/pyfunceble | |
githubRepoDir="${PWD}" | |
buildDir="/tmp/build" | |
latest=$(python3 setup.py --version) | |
if [[ $(python3 setup.py --name) == "PyFunceble-dev" ]] | |
then | |
licenseURL="https://raw.githubusercontent.com/funilrys/PdyFunceble/dev/LICENSE" | |
newURL=$(curl -s https://pypi.org/pypi/PyFunceble-dev/json | jq -r ".releases.\"${latest}\"[] | select(.filename | strings | test(\".tar\")).url") | |
else | |
licenseURL="https://raw.githubusercontent.com/funilrys/PyFunceble/master/LICENSE" | |
newURL=$(curl -s https://pypi.org/pypi/PyFunceble/json | jq -r ".releases.\"${latest}\"[] | select(.filename | strings | test(\".tar\")).url") | |
fi | |
git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
git config --global --add safe.directory ${aurRepoDir} | |
git config --global --add safe.directory ${githubRepoDir} | |
git config --global user.name ${{ github.actor }} | |
git config --global user.email ${{ secrets.GIT_EMAIL }} | |
git clone ssh://[email protected]/pyfunceble.git ${aurRepoDir} | |
rsync --progress --delete -r --exclude={'*.gz','*.xz','.github','pkg','src','.git','LICENSE'} ${aurRepoDir}/ ${buildDir}/ | |
cd ${buildDir} | |
current=$(grep -P "^pkgver" PKGBUILD | cut -d= -f2) | |
echo "Previous version: ${current}" | |
echo "New version: ${latest}" | |
useradd makepkg | |
chown makepkg:root . -R | |
sed "/^pkgver=/s/.*/pkgver=${latest}/" -i PKGBUILD | |
sed "/^pkgrel=/s/.*/pkgrel=1/" -i PKGBUILD | |
sed "s,^source=(.*),source=('${newURL}' '${licenseURL}')," -i PKGBUILD | |
su makepkg -c "updpkgsums" | |
su makepkg -c "makepkg --printsrcinfo" > .SRCINFO | |
rsync --progress --delete -r --exclude={'*.gz','*.xz','.github','pkg','src','.git','LICENSE'} ${buildDir}/ ${aurRepoDir}/ | |
cd ${aurRepoDir} | |
git add . | |
git diff --quiet --exit-code --cached || git commit -m "Update PyFunceble to v${latest}" | |
git push origin master |