build(deps): bump actions/dependency-review-action from 3.1.2 to 3.1.… #1374
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| release: | |
| types: [published] | |
| env: | |
| python_version: '3.12' | |
| name: CI | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: Lint with Pre-commit | |
| uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0 | |
| - name: Check Poetry lock file integrity | |
| run: | | |
| python -m pip install --constraint=.github/constraints.txt poetry | |
| poetry config virtualenvs.in-project true | |
| poetry check | |
| test: | |
| needs: lint | |
| name: Test with Python ${{ matrix.python-version }} | |
| strategy: | |
| matrix: | |
| python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
| runs-on: windows-latest | |
| timeout-minutes: 60 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| with: | |
| path: ~\AppData\Local\pip\Cache | |
| key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: ${{ runner.os }}-poetry- | |
| - name: Install Poetry | |
| run: | | |
| python -m pip install --constraint=.github/constraints.txt poetry | |
| poetry config virtualenvs.in-project true | |
| - name: Install Python Dependencies | |
| run: poetry install | |
| - name: Install dependencies | |
| run: | | |
| pip install tox tox-gh-actions | |
| # Temporarily move the preinstalled git, it causes errors related to cygwin. | |
| - name: Move git binary | |
| run: | | |
| Move-Item "C:\Program Files\Git\usr\bin" "C:\Program Files\Git\usr\notbin" | |
| Move-Item "C:\Program Files\Git\bin" "C:\Program Files\Git\notbin" | |
| - name: Test with tox | |
| run: tox | |
| - name: Restore git binary | |
| run: | | |
| Move-Item "C:\Program Files\Git\usr\notbin" "C:\Program Files\Git\usr\bin" | |
| Move-Item "C:\Program Files\Git\notbin" "C:\Program Files\Git\bin" | |
| build: | |
| needs: lint | |
| name: Build GTK${{ matrix.gtk-version }} Binaries | |
| runs-on: windows-latest | |
| timeout-minutes: 75 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| strategy: | |
| matrix: | |
| gtk-version: ['3', '4'] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| with: | |
| path: ~\AppData\Local\pip\Cache | |
| key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: ${{ runner.os }}-poetry- | |
| - name: Install Poetry | |
| run: | | |
| python -m pip install --constraint=.github/constraints.txt poetry | |
| poetry config virtualenvs.in-project true | |
| - name: Install Python Dependencies | |
| run: poetry install | |
| # Temporarily move the preinstalled git, it causes errors related to cygwin. | |
| - name: Move git binary | |
| run: | | |
| Move-Item "C:\Program Files\Git\usr\bin" "C:\Program Files\Git\usr\notbin" | |
| Move-Item "C:\Program Files\Git\bin" "C:\Program Files\Git\notbin" | |
| - name: Build GTK3 | |
| if: matrix.gtk-version == '3' | |
| run: > | |
| poetry run gvsbuild build --ninja-opts -j2 gtk3 gtksourceview4 graphene | |
| glib-networking | |
| - name: Build GTK4 | |
| if: matrix.gtk-version == '4' | |
| run: > # Use -j2 option to prevent out of memory errors with GitHub Action runners | |
| poetry run gvsbuild build --ninja-opts -j2 --enable-gi cairo gtk4 libadwaita | |
| gtksourceview5 gobject-introspection adwaita-icon-theme hicolor-icon-theme | |
| - name: Restore git binary | |
| run: | | |
| Move-Item "C:\Program Files\Git\usr\notbin" "C:\Program Files\Git\usr\bin" | |
| Move-Item "C:\Program Files\Git\notbin" "C:\Program Files\Git\bin" | |
| - name: Create Source Dist and Wheel | |
| run: poetry build | |
| - name: Upload gvsbuild-${{ github.event.release.tag_name }}.tar.gz | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| if: github.event_name == 'release' && matrix.gtk-version == '4' | |
| with: | |
| name: gvsbuild-${{ github.event.release.tag_name }}.tar.gz | |
| path: dist/gvsbuild-${{ github.event.release.tag_name }}.tar.gz | |
| - name: Upload gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| if: github.event_name == 'release' && matrix.gtk-version == '4' | |
| with: | |
| name: gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl | |
| path: dist/gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl | |
| publish-to-pypi: | |
| name: Publish to PyPI (release only) | |
| needs: build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| if: ${{ github.event_name == 'release' }} | |
| steps: | |
| - name: Download tar.gz | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: gvsbuild-${{ github.event.release.tag_name }}.tar.gz | |
| path: dist | |
| - name: Download wheel | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl | |
| path: dist | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # release/v1 |