Skip to content

Commit ba62920

Browse files
fix: Maintenance missing or outdated check-vulnerabilities and check-actions-security ansys actions (#54)
Co-authored-by: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com>
1 parent 681ecb4 commit ba62920

6 files changed

Lines changed: 41 additions & 289 deletions

File tree

.github/dependabot.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,9 @@ updates:
33
- package-ecosystem: "pip"
44
directory: "/"
55
schedule:
6-
interval: monthly
6+
interval: "monthly"
7+
cooldown:
8+
default-days: 7
79
labels:
810
- "maintenance"
911
- "dependencies"
@@ -15,7 +17,9 @@ updates:
1517
- package-ecosystem: "github-actions"
1618
directory: "/"
1719
schedule:
18-
interval: monthly
20+
interval: "monthly"
21+
cooldown:
22+
default-days: 7
1923
labels:
2024
- "maintenance"
2125
groups:

.github/labeler.yml

Lines changed: 0 additions & 13 deletions
This file was deleted.

.github/labels.yml

Lines changed: 0 additions & 32 deletions
This file was deleted.

.github/workflows/ci_cd.yml

Lines changed: 34 additions & 143 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
name: GitHub CI
22
on:
33
pull_request:
4+
# opened, reopened, and synchronize are default for pull_request
5+
# edited - when PR title or body is changed
6+
# labeled - when labels are added to PR
7+
types: [opened, reopened, synchronize, edited, labeled]
48
push:
59
tags:
610
- "*"
@@ -9,173 +13,60 @@ on:
913
workflow_dispatch:
1014

1115
env:
12-
MAIN_PYTHON_VERSION: '3.10'
16+
MAIN_PYTHON_VERSION: '3.12'
1317
DOCUMENTATION_CNAME: 'python-wrapper.scade.docs.pyansys.com'
1418
LIBRARY_NAME: 'ansys-scade-python-wrapper'
1519

1620
concurrency:
1721
group: ${{ github.workflow }}-${{ github.ref }}
1822
cancel-in-progress: true
1923

20-
jobs:
21-
22-
pr-name:
23-
if: github.event_name == 'pull_request'
24-
name: Check the name of the PR
25-
runs-on: ubuntu-latest
26-
steps:
27-
- name: Check commit name
28-
uses: ansys/actions/check-pr-title@v10
29-
with:
30-
token: ${{ secrets.GITHUB_TOKEN }}
31-
32-
code-style:
33-
name: "Code style"
34-
runs-on: ubuntu-latest
35-
steps:
36-
- uses: ansys/actions/code-style@v10
37-
with:
38-
python-version: ${{ env.MAIN_PYTHON_VERSION }}
39-
40-
doc-style:
41-
name: "Documentation style"
42-
runs-on: ubuntu-latest
43-
steps:
44-
- uses: ansys/actions/doc-style@v10
45-
with:
46-
token: ${{ secrets.GITHUB_TOKEN }}
47-
48-
smoke-tests:
49-
name: "Build and Smoke tests"
50-
runs-on: ${{ matrix.os }}
51-
needs: [code-style]
52-
strategy:
53-
fail-fast: false
54-
matrix:
55-
os: [ubuntu-latest]
56-
python-version: ['3.10']
57-
steps:
58-
- uses: ansys/actions/build-wheelhouse@v10
59-
with:
60-
library-name: ${{ env.LIBRARY_NAME }}
61-
operating-system: ${{ matrix.os }}
62-
python-version: ${{ matrix.python-version }}
63-
64-
tests:
65-
name: "Tests"
66-
runs-on: [self-hosted, 'SCADE']
67-
needs: [smoke-tests]
68-
strategy:
69-
matrix:
70-
os: [windows-latest]
71-
scade-version: ['25.2']
72-
fail-fast: false
73-
steps:
74-
- name: "Install Git and clone project"
75-
uses: actions/checkout@v6
76-
77-
- uses: ansys/scade-actions/scade-tests-pytest@v2
78-
with:
79-
checkout: false
80-
scade-version: ${{ matrix.scade-version }}
81-
82-
- name: "Upload coverage reports to Codecov"
83-
uses: codecov/codecov-action@v5
84-
with:
85-
token: ${{ secrets.CODECOV_TOKEN }}
86-
slug: ansys/scade-python-wrapper
87-
files: .cov/xml
24+
permissions: {}
8825

89-
doc-build:
90-
name: "Build documentation"
91-
runs-on: ubuntu-latest
92-
timeout-minutes: 30
93-
needs: [doc-style]
94-
steps:
95-
- uses: ansys/actions/doc-build@v10
96-
with:
97-
python-version: ${{ env.MAIN_PYTHON_VERSION }}
98-
99-
build-library:
100-
name: "Build library basic example"
101-
runs-on: ubuntu-latest
102-
needs: [tests, doc-build]
103-
steps:
104-
- uses: ansys/actions/build-library@v10
105-
with:
106-
library-name: ${{ env.LIBRARY_NAME }}
107-
python-version: ${{ env.MAIN_PYTHON_VERSION }}
26+
jobs:
10827

109-
update-changelog:
110-
name: "Update CHANGELOG (on release)"
111-
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
112-
runs-on: ubuntu-latest
28+
sc:
29+
uses: ansys/scade-actions/.github/workflows/scade-ext-workflow.yml@v3
11330
permissions:
114-
contents: write
115-
pull-requests: write
116-
steps:
117-
- uses: ansys/actions/doc-deploy-changelog@v10
118-
with:
119-
python-version: ${{ env.MAIN_PYTHON_VERSION }}
120-
token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
121-
bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
122-
bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
31+
attestations: write # needed for build-wheelhouse and build-library jobs
32+
contents: write # needed for update-changelog, doc-deploy-pr, release, doc-deploy-dev, and doc-deploy-stable jobs
33+
id-token: write # needed for build-wheelhouse and build-library jobs
34+
pull-requests: write # needed for labeler, changelog-fragment, update-changelog, and doc-deploy-pr jobs
35+
with:
36+
# ${{ env.XXX }} not accessible when calling a reusable workflow
37+
documentation-cname: "python-wrapper.scade.docs.pyansys.com"
38+
library-name: "ansys-scade-python-wrapper"
39+
repository-name: "ansys/scade-python-wrapper"
40+
is-public: true
41+
main-python-version: '3.12'
42+
# strategies
43+
build-wheelhouse-versions: "['3.10']"
44+
python-tests-versions: "['3.10']"
45+
secrets:
46+
PYANSYS_CI_BOT_TOKEN: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
47+
PYANSYS_CI_BOT_USERNAME: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
48+
PYANSYS_CI_BOT_EMAIL: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
49+
PYANSYS_PYPI_PRIVATE_PAT: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
12350

12451
release:
12552
name: "Release project"
126-
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
12753
runs-on: ubuntu-latest
128-
needs: [build-library, update-changelog]
54+
needs: [sc]
55+
if: ${{ needs.sc.outputs.to-release }}
12956
permissions:
130-
id-token: write
131-
contents: write
57+
id-token: write # mandatory for trusted publishing with pypa/gh-action-pypi-publish
58+
contents: read
13259
steps:
13360
- name: "Download the library artifacts from build-library step"
134-
uses: actions/download-artifact@v6
61+
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
13562
with:
13663
name: ${{ env.LIBRARY_NAME }}-artifacts
13764
path: ${{ env.LIBRARY_NAME }}-artifacts
13865

13966
- name: "Upload artifacts to PyPI using trusted publisher"
140-
uses: pypa/gh-action-pypi-publish@v1.13.0
67+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
14168
with:
14269
repository-url: "https://upload.pypi.org/legacy/"
14370
print-hash: true
14471
packages-dir: ${{ env.LIBRARY_NAME }}-artifacts
14572
skip-existing: false
146-
147-
- name: "Release to GitHub"
148-
uses: ansys/actions/release-github@v10
149-
with:
150-
library-name: ${{ env.LIBRARY_NAME }}
151-
token: ${{ secrets.GITHUB_TOKEN }}
152-
153-
doc-deploy-dev:
154-
name: "Deploy development documentation"
155-
# Deploy development only when merging or pushing to the 'main' branch
156-
runs-on: ubuntu-latest
157-
needs: [build-library]
158-
if: github.event_name == 'push' && !contains(github.ref, 'refs/tags')
159-
steps:
160-
- uses: ansys/actions/doc-deploy-dev@v10
161-
with:
162-
doc-artifact-name: 'documentation-html'
163-
cname: ${{ env.DOCUMENTATION_CNAME }}
164-
token: ${{ secrets.GITHUB_TOKEN }}
165-
bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
166-
bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
167-
168-
doc-deploy-stable:
169-
name: "Deploy stable documentation"
170-
# Deploy release documentation when creating a new tag
171-
runs-on: ubuntu-latest
172-
needs: [release]
173-
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
174-
steps:
175-
- uses: ansys/actions/doc-deploy-stable@v10
176-
with:
177-
doc-artifact-name: 'documentation-html'
178-
cname: ${{ env.DOCUMENTATION_CNAME }}
179-
token: ${{ secrets.GITHUB_TOKEN }}
180-
bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
181-
bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}

.github/workflows/label.yml

Lines changed: 0 additions & 99 deletions
This file was deleted.

doc/changelog.d/54.fixed.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Maintenance missing or outdated check-vulnerabilities and check-actions-security ansys actions

0 commit comments

Comments
 (0)