Skip to content

build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the actions group #2448

build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the actions group

build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the actions group #2448

Workflow file for this run

name: Lint
on:
push:
branches:
- main
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev SIGSTORE_EXTRA=lint
- name: lint
run: make lint
check-readme:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# NOTE: We intentionally check `--help` rendering against our minimum Python,
# since it changes slightly between Python versions.
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.9"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev
- name: check-readme
run: make check-readme
licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# adapted from Warehouse's bin/licenses
- run: |
for fn in $(find . -type f -name "*.py"); do
if [[ ! "$(head -5 $fn | grep "^ *\(#\|\*\|\/\/\) .* License\(d*\)")" ]]; then
echo "${fn} is missing a license"
exit 1
fi
done
x509-testcases:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# NOTE: We intentionally check test certificates against our minimum supported Python.
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.9"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev
- name: ensure testcase generation does not regress
run: make gen-x509-testcases
all-lints-pass:
if: always()
needs:
- lint
- check-readme
- licenses
- x509-testcases
runs-on: ubuntu-latest
steps:
- name: check lint jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}