Chore: update dependabot config #267
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # SPDX-FileCopyrightText: 2025 The Linux Foundation | |
| # Action test/validation workflow | |
| name: "GitHub Action" | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| permissions: {} | |
| env: | |
| # flask==0.5 contains a known security vulnerability | |
| DEFECTIVE_DEPS: '["typer>=0.15.2", "jupyterlab>=4.3.6", "flask==0.5"]' | |
| jobs: | |
| ### Test the GitHub Action in this Repository ### | |
| tests: | |
| name: "Run Tests 🧪" | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| timeout-minutes: 12 | |
| steps: | |
| - name: "Checkout repository" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # Perform setup prior to running test(s) | |
| - name: "Checkout sample project repository" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| repository: "lfreleng-actions/test-python-project" | |
| path: "test-python-project" | |
| # Build sample Python project | |
| - name: "Build Python Project" | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-build-action@7ff456c72f1dd50ef212ea7222efc12693221af3 # v1.0.4 | |
| with: | |
| path_prefix: "test-python-project/" | |
| tox_build: false | |
| # Perform Python project audit | |
| - name: "Run action: ${{ github.repository }}" | |
| uses: ./ | |
| with: | |
| python_version: "${{ env.build_python }}" | |
| path_prefix: "test-python-project/" | |
| - name: "Inject known defective dependency" | |
| shell: bash | |
| env: | |
| INJECT_DEPS: ${{ env.DEFECTIVE_DEPS }} | |
| run: | | |
| # Inject known defective dependency | |
| cat > /tmp/inject_deps.py << 'EOF' | |
| import json, os, pathlib, re, tomllib | |
| toml_path = pathlib.Path("test-python-project/pyproject.toml") | |
| raw = toml_path.read_text() | |
| # Parse to validate the file is valid TOML before modification | |
| tomllib.loads(raw) | |
| # Build replacement dependencies list from environment variable | |
| new_deps = json.loads(os.environ["INJECT_DEPS"]) | |
| new_line = "dependencies = " + json.dumps(new_deps) | |
| # Replace the (possibly multi-line) dependencies array | |
| updated, count = re.subn( | |
| r"^dependencies\s*=\s*\[.*?\]", | |
| new_line, | |
| raw, | |
| count=1, | |
| flags=re.MULTILINE | re.DOTALL, | |
| ) | |
| assert count == 1, "dependencies array not found in pyproject.toml" | |
| toml_path.write_text(updated) | |
| # Validate the result is still valid TOML with expected deps | |
| check = tomllib.loads(updated) | |
| deps = check["project"]["dependencies"] | |
| print(f"dependencies = {deps}") | |
| assert deps == new_deps, f"deps mismatch: {deps} != {new_deps}" | |
| print("TOML validation passed ✅") | |
| EOF | |
| python3 /tmp/inject_deps.py | |
| # Rebuild sample Python project | |
| - name: "Rebuild Python Project" | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-build-action@7ff456c72f1dd50ef212ea7222efc12693221af3 # v1.0.4 | |
| with: | |
| path_prefix: "test-python-project/" | |
| tox_build: false | |
| purge_artefact_path: true | |
| # Perform audit where project has known security vulnerability | |
| - name: "Run action: ${{ github.repository }} [Failure Test]" | |
| id: tests-fail | |
| uses: ./ | |
| # Override failure | |
| continue-on-error: true | |
| with: | |
| python_version: "${{ env.build_python }}" | |
| path_prefix: "test-python-project/" | |
| - name: "Validate previous step failure" | |
| if: steps.tests-fail.outcome == 'success' | |
| shell: bash | |
| run: | | |
| # Check previous step failure | |
| echo "Error: previous step should have failed ❌" | |
| exit 1 | |
| # Perform audit where project has known security vulnerability | |
| - name: "Run action: ${{ github.repository }} [Failure Test]" | |
| id: tests-fail-permitted | |
| uses: ./ | |
| with: | |
| python_version: "${{ env.build_python }}" | |
| path_prefix: "test-python-project/" | |
| # Override failure | |
| permit_fail: true | |
| ### Test custom artefact_name support ### | |
| tests-custom-artefact-name: | |
| name: "Test Custom Artefact Name" | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| timeout-minutes: 12 | |
| steps: | |
| - name: "Checkout repository" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: "Checkout sample project repository" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| repository: "lfreleng-actions/test-python-project" | |
| path: "test-python-project" | |
| # Build with custom artefact name | |
| - name: "Build Python project with custom artefact name" | |
| id: build-custom | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-build-action@7ff456c72f1dd50ef212ea7222efc12693221af3 # v1.0.4 | |
| with: | |
| path_prefix: "test-python-project/" | |
| artefact_name: "test-python-project-x64" | |
| tox_build: false | |
| # Audit with custom artefact name | |
| # Will fail if artefact download does not work | |
| - name: "Run action with custom artefact_name" | |
| uses: ./ | |
| with: | |
| python_version: "${{ env.build_python }}" | |
| path_prefix: "test-python-project/" | |
| artefact_name: "test-python-project-x64" |