fix: make update-constraints action upgrade pins (backport #24) (#25) #231
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Lint | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "release-**" | |
| paths: | |
| - '**.py' | |
| - '**.yml' | |
| - '**.yaml' | |
| - 'requirements**.txt' | |
| - 'tox.ini' | |
| - .pylintrc | |
| - 'actions/**' # Any time an action is updated or added | |
| - '.github/workflows/**' # All workflows, including this one | |
| pull_request: | |
| branches: | |
| - "main" | |
| - "release-**" | |
| paths: | |
| - '**.py' | |
| - '**.yml' | |
| - '**.yaml' | |
| - 'requirements**.txt' | |
| - 'tox.ini' | |
| - .pylintrc | |
| - 'actions/**' # Any time an action is updated or added | |
| - '.github/workflows/**' # All workflows, including this one | |
| env: | |
| LC_ALL: en_US.UTF-8 | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| # Start name with 'lint:' for lint-workflow-complete job_ids | |
| name: "lint: ${{ matrix.lint.name }}" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| lint: | |
| - name: "ruff" | |
| commands: | | |
| tox -e ruff | |
| - name: "pylint" | |
| commands: | | |
| echo "::add-matcher::.github/workflows/matchers/pylint.json" | |
| tox -e fastlint | |
| tox -e lint | |
| - name: "mypy" | |
| commands: | | |
| echo "::add-matcher::.github/workflows/matchers/mypy.json" | |
| tox -e mypy | |
| - name: "yamllint" | |
| commands: | | |
| tox -e yamllint | |
| steps: | |
| - name: "Harden Runner" | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: "Checkout" | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # https://github.com/actions/checkout/issues/249 | |
| fetch-depth: 0 | |
| - name: Setup Python 3.11 | |
| uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| cache-dependency-path: | | |
| **/requirements*.txt | |
| - name: "Install tox" | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install tox tox-gh | |
| - name: "${{ matrix.lint.name }}" | |
| run: | | |
| ${{ matrix.lint.commands }} | |
| env: | |
| RUFF_OUTPUT_FORMAT: github | |
| lint-workflow-complete: | |
| permissions: | |
| checks: read | |
| uses: ./.github/workflows/status-checks.yml | |
| with: | |
| job_ids: >- # Space-separated job ids to wait on for status checks | |
| security-lint | |
| lint: |