chore(deps): bump actions/setup-python from 6.0.0 to 6.1.0 #979
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| paths-ignore: | |
| - "**/*.md" | |
| - security-insights.yml | |
| - .github/ISSUE_TEMPLATE/** | |
| - assets/** | |
| - examples/** | |
| - plans/** | |
| jobs: | |
| run-tests: | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: | |
| - "3.9" | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| exclude: | |
| # Temporarily exclude Python 3.13 on Windows | |
| # Remove this exclusion once Python 3.13 is stable on Windows runners | |
| - os: windows-latest | |
| python-version: "3.13" | |
| name: Test | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Free Disk Space (Ubuntu) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: false | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| large-packages: true | |
| docker-images: true | |
| swap-storage: true | |
| - name: Set up Python | |
| uses: actions/setup-python@v6.1.0 | |
| with: | |
| python-version: ${{matrix.python-version}} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| poetry install --with dev | |
| - name: Run tests | |
| run: poetry run pytest -v | |
| lint-and-security-checks: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@v6.1.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| poetry install --with dev | |
| - name: Run ruff checks | |
| run: poetry run ruff check | |
| - name: Install snyk | |
| uses: snyk/actions/setup@86b1cee1b8e110a78d528b3e1328a80e218111d2 | |
| with: | |
| snyk-version: v1.1298.3 | |
| # - name: Run snyk test | |
| # run: snyk test --file=poetry.lock --package-manager=pip --fail-on=upgradable | |
| # env: | |
| # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| semgrep: | |
| name: semgrep/ci | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write # Required to upload SARIF results | |
| env: | |
| SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} | |
| container: | |
| image: semgrep/semgrep:1.132.1 | |
| if: (github.actor != 'dependabot[bot]') | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - run: semgrep scan --sarif --config auto --config "p/trailofbits" > semgrep.sarif | |
| continue-on-error: true | |
| # upload the results for the CodeQL GitHub app to annotate the code | |
| - name: Save SARIF results as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: semgrep-scan-results | |
| path: semgrep.sarif | |
| # Upload SARIF file generated in previous step | |
| - name: Upload SARIF result to the GitHub Security Dashboard | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: semgrep.sarif | |
| if: always() |