Skip to content

[dependabot] Chore: Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 #31

[dependabot] Chore: Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0

[dependabot] Chore: Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 #31

Workflow file for this run

---
name: "🧱 Builds (Matrix)"
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
pull_request:
types: [opened, reopened, edited, synchronize]
branches:
- "*"
- "!update-devops-tooling"
env:
package-path: "dist/"
jobs:
get-python-versions:
name: "Validate Python project"
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.parse-project-metadata.outputs.python-matrix-versions }}
steps:
- uses: actions/checkout@v4
- name: "Parse: pyproject.toml"
id: parse-project-metadata
# yamllint disable-line rule:line-length
uses: os-climate/devops-reusable-workflows/.github/actions/python-versions-matrix@main
builds:
name: "Python builds"
needs: [get-python-versions]
runs-on: "ubuntu-latest"
continue-on-error: true
# Don't run when pull request is merged
if: github.event.pull_request.merged == false
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.get-python-versions.outputs.matrix) }}
steps:
- name: "Populate environment variables"
id: setenv
run: |
echo "Action triggered by user: ${GITHUB_TRIGGERING_ACTOR}"
set -x
datetime=$(date +'%Y%m%d%H%M')
export datetime
echo "datetime=${datetime}" >> "$GITHUB_OUTPUT"
vernum="${{ matrix.python-version }}.${datetime}"
echo "vernum=${vernum}" >> "$GITHUB_OUTPUT"
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Set up Python ${{ matrix.python-version }}"
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: "Setup PDM for build commands"
uses: pdm-project/setup-pdm@v4
with:
python-version: ${{ matrix.python-version }}
- name: "Tag for test release"
# Delete all local tags, then create a synthetic tag for testing
# Use the date/time to avoid conflicts uploading to Test PyPI
run: |
scripts/dev-versioning.sh "${{ steps.setenv.outputs.vernum }}"
git tag | xargs -L 1 | xargs git tag --delete
git tag "v${{ steps.setenv.outputs.vernum }}"
git checkout "tags/v${{ steps.setenv.outputs.vernum }}"
grep version pyproject.toml
- name: "Performing build"
run: |
python -m pip install --upgrade pip
if [ -f tox.ini ]; then
pip install tox tox-gh-actions
echo "Found file: tox.ini"
echo "Building with command: tox -e build"
tox -e build
elif [ -f pyproject.toml ]; then
echo "Found file: pyproject.toml"
echo "Building with command: pdm build"
pdm build
else
echo "Neither file found: tox.ini/pyproject.toml"
pip install --upgrade build
echo "Attempting build with: python -m build"
python -m build
fi
- name: "Validate Artefacts with Twine"
id: twine-check-artefacts
env:
package-path: ${{ env.package-path }}
uses: os-climate/devops-reusable-workflows/.github/actions/twine-check-artefacts@main