build: bump bandit from 1.7.5 to 1.7.7 #302
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow runs when a pull request is closed. | |
| # | |
| # - Job 1: | |
| # - Gets list of PR labels. | |
| # - Get release version from VERSION. | |
| # - IF 'Release' label: | |
| # - Cut release. | |
| # - IF release is cut: | |
| # - Build artifacts. | |
| # - Upload to Test PyPi if build succeeds. | |
| # - Test install from Test PyPi. | |
| # - Upload to PyPi if test install succeeds. | |
| # - Add wheel to GitHub release. | |
| # - Build pdf documentation. | |
| # - Add pdf documentation to GitHub release. | |
| # - Job 2 (needs job 1): | |
| # - Close old milestone. | |
| # - Create new minor version milestone. | |
| # - Create new major version milestone. | |
| name: Do Release Workflow | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| types: | |
| - closed | |
| jobs: | |
| cut-release: | |
| name: Cut New Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get PR labels | |
| id: prlabels | |
| uses: joerick/pr-labels-action@v1.0.9 | |
| - name: Get release version | |
| id: relversion | |
| if: contains(steps.prlabels.outputs.labels, ' Release ') | |
| run: | | |
| echo "rel_version=$(cat VERSION)" >> $GITHUB_OUTPUT | |
| echo "cut_release=1" >> $GITHUB_ENV | |
| - name: Cut the release | |
| id: cutrelease | |
| if: ${{ env.cut_release == 1 }} | |
| uses: release-drafter/release-drafter@master | |
| with: | |
| name: "v${{ steps.relversion.outputs.rel_version }}" | |
| tag: "v${{ steps.relversion.outputs.rel_version }}" | |
| version: "${{ steps.relversion.outputs.rel_version }}" | |
| prerelease: false | |
| publish: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Print release info | |
| run: | | |
| echo ${{ steps.cutrelease.outputs.id }} | |
| echo ${{ steps.cutrelease.outputs.name }} | |
| echo ${{ steps.cutrelease.outputs.tag_name }} | |
| echo ${{ steps.cutrelease.outputs.html_url }} | |
| echo ${{ steps.cutrelease.outputs.upload_url }} | |
| - name: Build release | |
| if: startsWith(steps.cutrelease.outputs.tag_name, 'v') | |
| id: build | |
| run: | | |
| pip install -U pip poetry twine | |
| make build && echo "build_ok=1" >> $GITHUB_ENV | |
| - name: Publish to Test PyPi | |
| if: ${{ env.build_ok == 1 }} | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
| repository_url: https://test.pypi.org/legacy/ | |
| - name: Test install from Test PyPI | |
| if: ${{ env.build_ok == 1 }} | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends apt-utils git libgirepository1.0-dev gir1.2-gtk-3.0 python3-gi python3-gi-cairo python3-pytest libenchant1c2a libenchant-dev python3-numpy python3-scipy xauth xvfb | |
| pip install \ | |
| --index-url https://test.pypi.org/simple/ \ | |
| --extra-index-url https://pypi.org/simple \ | |
| ramstk==${{ steps.relversion.outputs.rel_version }} && echo "install_ok=1" >> $GITHUB_ENV | |
| - name: Publish to PyPi | |
| if: ${{ env.install_ok == 1 }} | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| - name: Upload wheel to Release | |
| id: upload-wheel | |
| if: ${{ env.install_ok == 1 }} | |
| uses: shogo82148/actions-upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.cutrelease.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
| asset_path: ./dist/*.whl | |
| create_new_milestone: | |
| name: Create New Milestone | |
| needs: cut-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get new version | |
| id: newversion | |
| run: echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT | |
| - name: Get next semantic version | |
| id: nextversion | |
| uses: WyriHaximus/github-action-next-semvers@v1.1.0 | |
| with: | |
| version: ${{ steps.newversion.outputs.version }} | |
| - name: Close old milestone | |
| uses: WyriHaximus/github-action-close-milestone@master | |
| with: | |
| number: ${{ steps.newversion.outputs.version }} | |
| - name: Create new minor release milestone | |
| uses: WyriHaximus/github-action-create-milestone@v1.2.0 | |
| with: | |
| title: "${{ steps.nextversion.outputs.v_minor }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create new major release milestone | |
| uses: WyriHaximus/github-action-create-milestone@v1.2.0 | |
| with: | |
| title: "${{ steps.nextversion.outputs.v_major }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |