From 0987712671fc1f0df1da165f2a48c0f02d2dfc25 Mon Sep 17 00:00:00 2001
From: John Agapiou <jagapiou@users.noreply.github.com>
Date: Wed, 20 Mar 2024 02:34:24 +0000
Subject: [PATCH 1/2] Create sdist-test.yml

---
 .github/workflows/sdist-test.yml | 39 ++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/workflows/sdist-test.yml

diff --git a/.github/workflows/sdist-test.yml b/.github/workflows/sdist-test.yml
new file mode 100644
index 00000000..24485f07
--- /dev/null
+++ b/.github/workflows/sdist-test.yml
@@ -0,0 +1,39 @@
+# A workflow to test the sdist that will be released to PyPI
+
+name: sdist-test
+
+on:
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  sdist-test:
+    name: Test sdist
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+
+    steps:
+      - name: Checkout Melting Pot
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - name: Build source distribution
+        run: python setup.py sdist
+
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
+        with:
+          python-version: '3.11'
+
+      - name: Install Python dependencies
+        run: |
+          pip install --upgrade pip
+          pip install pytest-xdist setuptools
+
+      - name: Install source distribution
+        run: |
+          pip install dist/*.tar.gz
+
+      - name: Test source distribution
+        run: |
+          pytest -n auto --pyargs meltingpot

From b7903ebda0ca3be84a261e50562eda210533e4e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 May 2024 17:23:16 +0000
Subject: [PATCH 2/2] Bump github/codeql-action from 3.24.6 to 3.25.3

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8a470fddafa5cbb6266ee11b37ef4d8aae19c571...d39d31e687223d841ef683f52467bd88e9b21c14)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql-analysis.yml     | 6 +++---
 .github/workflows/scorecards-analysis.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d1ec1a81..6d663834 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571
+      uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -46,7 +46,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571
+      uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -59,4 +59,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571
+      uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index eeba9353..4659d1b2 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571
+        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14
         with:
           sarif_file: results.sarif