Skip to content

py/deps: Bump to resolve flagged vuln #8074

py/deps: Bump to resolve flagged vuln

py/deps: Bump to resolve flagged vuln #8074

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types:
released
permissions:
contents: read
jobs:
test:
runs-on: envoy-x64-small
if: github.repository_owner == 'envoyproxy'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@d767b356a10c6c50fc0db0ddc215611b300b226b # v9
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants test
run: "pants --colors test ::"
- name: Archive code coverage results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: coverage
path: dist/coverage/python/htmlcov/
lint:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@d767b356a10c6c50fc0db0ddc215611b300b226b # v9
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants lint
run: "pants --colors lint ::"
lint-envoy:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- run: pip install --require-hashes -r .github/workflows/requirements.txt
- run: |
envoy.code.check . -c glint shellcheck yamllint -x ".*/dist/.*"
typecheck:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@d767b356a10c6c50fc0db0ddc215611b300b226b # v9
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants (type) check
run: "pants --colors check ::"
docs:
runs-on: ubuntu-22.04
# TODO: reenable once plugin is fixed
if: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@d767b356a10c6c50fc0db0ddc215611b300b226b # v9
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants README
run: "pants --colors readme --check=README.md ::"
package:
runs-on: ubuntu-22.04
needs:
- test
- lint
- typecheck
# - docs
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Initialize Pants
uses: pantsbuild/actions/init-pants@d767b356a10c6c50fc0db0ddc215611b300b226b # v9
with:
gha-cache-key: "v0-${{ runner.os }}"
named-caches-hash: "${{ hashFiles('pants*toml') }}"
- name: Run pants package
run: "pants --colors package ::"
- name: Archive created packages
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: packages
path: dist
publish:
runs-on: ubuntu-22.04
needs:
- package
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download all workflow run artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
- name: Find packages to publish
run: |
echo "PUBLISH_PACKAGES=true" >> $GITHUB_ENV
mkdir dist-out
find packages/ -maxdepth 1 -type f ! -path "*dev*" | xargs -I{} cp {} dist-out/
[ "$(ls -A dist-out)" ] || echo "PUBLISH_PACKAGES=false" >> $GITHUB_ENV
- name: Publish to PyPi
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags') && env.PUBLISH_PACKAGES == 'true'
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN }}
packages_dir: dist-out/