Fix vulnerability CWE-1333 #1709
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rpaframework | |
on: | |
push: | |
branches: | |
- master | |
paths: | |
- "packages/main/**" | |
- ".github/workflows/main.yaml" | |
pull_request: | |
branches: | |
- master | |
paths: | |
- "packages/main/**" | |
- ".github/workflows/main.yaml" | |
defaults: | |
run: | |
working-directory: "./packages/main" | |
jobs: | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
name: | |
[ | |
"windows-py38", | |
"windows-py39", | |
"windows-py310", | |
"ubuntu-py38", | |
"ubuntu-py39", | |
"ubuntu-py310", | |
"macos-py38", | |
"macos-py39", | |
"macos-py310", | |
] | |
include: | |
- name: "windows-py38" | |
python: "3.8" | |
os: windows-latest | |
- name: "windows-py39" | |
python: "3.9" | |
os: windows-latest | |
- name: "windows-py310" | |
python: "3.10" | |
os: windows-latest | |
- name: "ubuntu-py38" | |
python: "3.8" | |
os: ubuntu-latest | |
- name: "ubuntu-py39" | |
python: "3.9" | |
os: ubuntu-latest | |
- name: "ubuntu-py310" | |
python: "3.10" | |
os: ubuntu-latest | |
- name: "macos-py38" | |
python: "3.8" | |
os: macos-13 | |
- name: "macos-py39" | |
python: "3.9" | |
os: macos-13 | |
- name: "macos-py310" | |
python: "3.10" | |
os: macos-13 | |
env: | |
SETUPTOOLS_USE_DISTUTILS: stdlib | |
INVOKE_IS_CI_CD: 1 | |
HUBSPOT_TOKEN: ${{ secrets.HUBSPOT_TOKEN }} | |
SYSTEM_VERSION_COMPAT: "0" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Install xclip on linux | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
DEBIAN_FRONTEND=noninteractive sudo apt-get update -y | |
DEBIAN_FRONTEND=noninteractive sudo apt-get install xclip -y | |
- name: Upgrade pip | |
run: python -m pip install --upgrade pip | |
- name: Install invocation prerequisites | |
run: pip install -Ur ../../invocations/requirements.txt | |
- name: Get python version | |
id: full-python-version | |
shell: bash | |
run: | | |
echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info[:3]))") | |
- name: Set up cache | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('poetry.lock') }} | |
- name: Install invocation package | |
run: invoke install-invocations || invoke self.install-invocations | |
- name: Install dependencies | |
run: invoke install | |
- name: Lint | |
run: invoke code.lint -e | |
- name: Test (non-linux) | |
if: matrix.os != 'ubuntu-latest' | |
run: invoke code.test -a | |
- name: Test (linux) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
export XDG_SESSION_TYPE=x11 | |
xvfb-run --server-args="-screen 0 1280x720x24" invoke code.test | |
- uses: actions/upload-artifact@v4 | |
if: success() || failure() | |
with: | |
name: ${{ matrix.os }}-py${{ matrix.python }}-test-reports | |
path: packages/main/tests/results | |
# publish: | |
# # Only publish on master workflow runs | |
# if: github.ref == 'refs/heads/master' | |
# needs: test | |
# runs-on: ubuntu-latest | |
# env: | |
# INVOKE_IS_CI_CD: 1 | |
# steps: | |
# - uses: actions/checkout@v2 | |
# - name: Set up Python | |
# uses: actions/setup-python@v1 | |
# with: | |
# python-version: '3.9' | |
# - name: Upgrade pip | |
# run: python -m pip install --upgrade pip | |
# - name: Install invocation prerequisites | |
# run: pip install -Ur ../../invocations/requirements.txt | |
# - name: Install invocation package | |
# run: invoke install-invocations || invoke self.install-invocations | |
# - name: Install dependencies | |
# run: invoke install | |
# - name: Build and publish package | |
# if: success() | |
# run: | | |
# invoke install.setup-poetry --devpi-url ${{ secrets.devpiUrl }} --username ci --password ${{ secrets.devpiPassword }} | |
# invoke build.publish --ci --version=prerelease --yes-to-all |