Skip to content

Release v4.7.2

Release v4.7.2 #5153

Workflow file for this run

---
name: Lint
"on":
workflow_call:
push:
branches:
- main
pull_request:
concurrency:
# Group workflow jobs so new commits cancels in-progress execution triggered by previous commits.
# Source: https://mail.python.org/archives/list/pypa-committers@python.org/thread/PCBCQMJF64JGRBOX7E2EE4YLKHT4DI55/
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
project-metadata:
name: Project metadata
runs-on: ubuntu-24.04
outputs:
python_files: ${{ steps.project-metadata.outputs.python_files }}
is_python_project: ${{ steps.project-metadata.outputs.is_python_project }}
mypy_params: ${{ steps.project-metadata.outputs.mypy_params }}
steps:
- uses: actions/checkout@v4.2.2
with:
# Checkout pull request HEAD commit to ignore actions/checkout's merge commit. Fallback to push SHA.
ref: ${{ github.event.pull_request.head.sha || github.sha }}
# We're going to browse all new commits.
fetch-depth: 0
- name: Hack setup-python cache
id: setup_python_hack
# XXX Create an empty pyproject.toml if this file (or any *requirements.txt) can't be found in repository.
# This hack fix an issue with setup-python, which ends up with this error in non-Python repos:
#
# Run actions/setup-python@v5.3.0
# with:
# python-version: 3.12
# cache: pip
# cache-dependency-path: |
# **/pyproject.toml
# requirements/*.txt
# Installed versions
# Successfully set up CPython (3.12.1)
# Error: No file in /home/runner/work/awesome-iam/awesome-iam matched to
# [requirements/*.txt or **/pyproject.toml], make sure you have checked out the target repository
#
# This has been reported at: https://github.com/actions/setup-python/issues/807
# In the future this might be addressed by: https://github.com/actions/setup-python/pull/762
# or https://github.com/actions/setup-python/issues/751
if: hashFiles('**/pyproject.toml', '*requirements.txt', 'requirements/*.txt') == ''
run: |
touch ./pyproject.toml
echo "tmp_deps_file=true" >> "$GITHUB_OUTPUT"
- uses: actions/setup-python@v5.3.0
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: |
**/pyproject.toml
*requirements.txt
requirements/*.txt
- name: Remove setup-python hack
if: steps.setup_python_hack.outputs.tmp_deps_file
run: |
rm ./pyproject.toml
- name: Install uv
run: |
python -m pip install -r https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/uv.txt
- name: Install gha-utils
run: >
uv tool install --with-requirements
https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/gha-utils.txt gha-utils
- name: Project metadata
id: project-metadata
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: |
gha-utils --verbosity DEBUG metadata --overwrite "$GITHUB_OUTPUT"
mypy-lint:
needs:
- project-metadata
# Skip linting on prepare-release branch as it points to a tagged URL that does not exist yet.
if: github.head_ref != 'prepare-release' && needs.project-metadata.outputs.python_files
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
- uses: actions/setup-python@v5.3.0
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: |
**/pyproject.toml
*requirements.txt
requirements/*.txt
- name: Install uv
run: |
python -m pip install -r https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/uv.txt
- name: Install Mypy
run: |
uv --no-progress venv
uv --no-progress pip install \
--requirement https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/mypy.txt
- name: Install package
# Use --inexact so that uv doesn't try to remove the mypy package installed above.
run: |
uv --no-progress sync --all-extras --inexact
- name: Run Mypy
# --color-output - Force colorized output as in CI, Mypy defaults to no color in CI.
run: >
uv --no-progress run --frozen -- mypy --color-output ${{ needs.project-metadata.outputs.mypy_params }}
${{ needs.project-metadata.outputs.python_files }}
lint-yaml:
# Skip linting on prepare-release branch as it points to a tagged URL that does not exist yet.
if: github.head_ref != 'prepare-release'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
- name: Hack setup-python cache
id: setup_python_hack
# XXX Create an empty pyproject.toml if this file (or any *requirements.txt) can't be found in repository.
# This hack fix an issue with setup-python, which ends up with this error in non-Python repos:
#
# Run actions/setup-python@v5.3.0
# with:
# python-version: 3.12
# cache: pip
# cache-dependency-path: |
# **/pyproject.toml
# requirements/*.txt
# Installed versions
# Successfully set up CPython (3.12.1)
# Error: No file in /home/runner/work/awesome-iam/awesome-iam matched to
# [requirements/*.txt or **/pyproject.toml], make sure you have checked out the target repository
#
# This has been reported at: https://github.com/actions/setup-python/issues/807
# In the future this might be addressed by: https://github.com/actions/setup-python/pull/762
# or https://github.com/actions/setup-python/issues/751
if: hashFiles('**/pyproject.toml', '*requirements.txt', 'requirements/*.txt') == ''
run: |
touch ./pyproject.toml
echo "tmp_deps_file=true" >> "$GITHUB_OUTPUT"
- uses: actions/setup-python@v5.3.0
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: |
**/pyproject.toml
*requirements.txt
requirements/*.txt
- name: Remove setup-python hack
if: steps.setup_python_hack.outputs.tmp_deps_file
run: |
rm ./pyproject.toml
- name: Install uv
run: |
python -m pip install -r https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/uv.txt
- name: Install yamllint
run: >
uv tool install --with-requirements
https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements/yamllint.txt yamllint
- name: Run yamllint
run: |
yamllint --strict --config-data "{rules: {line-length: {max: 120}}}" --format github .
lint-zsh:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
- name: Install Zsh
run: |
sudo apt update
sudo apt install --yes zsh
- name: Lint
run: |
find . -iname "*.sh" -exec zsh --no-exec "{}" \;
lint-github-action:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
- name: Install actionlint
id: install_actionlint
run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
- name: Install shellcheck
run: |
sudo apt update
sudo apt install --yes shellcheck
- name: Install problem matcher
# Source: https://github.com/rhysd/actionlint/blob/main/docs/usage.md#problem-matchers
run: >
curl -fsSL --output ./.github/labeller-file-based.yaml
https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
- name: Register problem matcher
run: |
echo "::add-matcher::.github/labeller-file-based.yaml"
- name: Run actionlint
# XXX actionlint triggers this error:
# Error: .github/workflows/release.yaml:198:27:
# property "workflow_update_github_pat" is not defined in object type {actions_runner_debug: string;
# actions_step_debug: string; github_token: string; pypi_token: string} [expression]
# See: https://github.com/rhysd/actionlint/issues/148
run: >
${{ steps.install_actionlint.outputs.executable }}
-color
-ignore 'property "workflow_update_github_pat" is not defined in .+'
broken-links:
# Skip checks on prepare-release branch as it contains commits in changelog and documentation that points to a tag
# that does not exist yet, rendering URLs artificially broken. Also skips the merge commit of the prepare-release
# branch, as if the URLs are good, the tag is created asynchronously by release.yaml:git-tag job. And as a
# precautionary measure, just skip any event that contains a post-release bump commit.
if: >
github.head_ref != 'prepare-release'
&& github.ref != 'refs/heads/prepare-release'
&& (! contains(github.event.commits.*.message, '[changelog] Post-release version bump'))
runs-on: ubuntu-24.04
# XXX We need to manually manage the life-cycle of issues created in this job because the create-issue-from-file
# action blindly creates issues ad-nauseam. See: https://github.com/peter-evans/create-issue-from-file/issues/298 .
# This was also discussed at: https://github.com/lycheeverse/lychee-action/issues/74#issuecomment-1587089689
steps:
- uses: actions/checkout@v4.2.2
- uses: lycheeverse/lychee-action@v2.1.0
id: lychee_run
with:
# XXX Skip HN because of rate-limiting.
# See: https://github.com/lycheeverse/lychee/issues/989#issuecomment-1587208730
# https://github.com/lycheeverse/lychee/pull/1147
args: >
--exclude ycombinator.com
--base .
--verbose
--no-progress
'./**/*.md' './**/*.html' './**/*.rst'
- name: Install hub
run: |
sudo apt --quiet --yes update
sudo apt install --yes hub
- name: List open issues
id: open_issues
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: >
echo "issues=$(
hub issue
--state open
--creator "github-actions[bot]"
--format $'%I %t\t'
--sort created )" >> "$GITHUB_OUTPUT"
- name: Print open issues
run: |
echo "Open issues: ${{ steps.open_issues.outputs.issues }}"
- name: Filter issues
id: issue_groups
shell: python
run: |
import os
from pathlib import Path
exit_code = """${{ steps.lychee_run.outputs.exit_code }}"""
print(f"Lychee exit code: {exit_code!r}")
broken_links_found = bool(int(exit_code))
if broken_links_found:
print("Broken links found: create or update an issue.")
else:
print("No broken link found: close all open issues.")
open_issues = """${{ steps.open_issues.outputs.issues }}"""
update_issue = ""
close_issues = set()
for entry in (e.strip() for e in open_issues.split("\t") if e.strip()):
print(f"Processing {entry!r} ...")
number, title = entry.split(" ", 1)
if title != "Broken links":
print(f"{entry!r} is not a broken links issue, skip it.")
continue
if broken_links_found and not update_issue:
print(f"Issue #{number} is the last open issue.")
update_issue = number
else:
print(f"Issue #{number} is an old open issue.")
close_issues.add(number)
output = f"broken_links_found={str(broken_links_found).lower()}\n"
output += f"update_issue={update_issue}\n"
output += f"close_issues={' '.join(close_issues)}\n"
env_file = Path(os.getenv("GITHUB_OUTPUT"))
env_file.write_text(output)
- name: Print issue groups
run: |
echo "Broken links found: ${{ steps.issue_groups.outputs.broken_links_found }}"
echo "Issue to update: ${{ steps.issue_groups.outputs.update_issue }}"
echo "Issues to close: ${{ steps.issue_groups.outputs.close_issues }}"
- name: Close old issues
if: steps.issue_groups.outputs.close_issues
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
NUMBER_LIST="${{ steps.issue_groups.outputs.close_issues }}"
for number in $NUMBER_LIST; do
hub issue update "$number" --state closed;
done
- name: Get label
if: fromJSON(steps.issue_groups.outputs.broken_links_found)
id: get_label
run: >
echo "label=${{ startsWith(github.event.repository.name, 'awesome-')
&& '🩹 fix link' || '📚 documentation' }}" >> "$GITHUB_OUTPUT"
- name: Create or update issue
if: fromJSON(steps.issue_groups.outputs.broken_links_found)
uses: peter-evans/create-issue-from-file@v5.0.1
with:
title: "Broken links"
issue-number: ${{ steps.issue_groups.outputs.update_issue }}
content-filepath: ./lychee/out.md
labels: ${{ steps.get_label.outputs.label }}
lint-awesome:
name: Lint Awesome list
if: >
startsWith(github.event.repository.name, 'awesome-')
&& github.event.repository.name != 'awesome-template'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
with:
# Fetch all history to please linter's age checks.
fetch-depth: 0
- run: |
npx awesome-lint --version
npx awesome-lint
check-secrets:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2.3.7
with:
config-path: .github/gitleaks.toml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}