Update dependency jinja2 to v3.1.5 [SECURITY] #581
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
- master | |
permissions: read-all | |
jobs: | |
mega-linter: | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
pull-requests: write | |
# For GitHub Comment Reporter | |
# https://megalinter.io/latest/reporters/GitHubCommentReporter/ | |
steps: | |
- uses: actions/checkout@v4 | |
# Mega-Linter | |
- name: Mega-Linter | |
id: ml | |
# You can override Mega-Linter flavor used to have faster performances | |
# More info at https://megalinter.io/flavors/ | |
uses: oxsecurity/megalinter/flavors/python@v8 | |
env: | |
# All available variables are described in documentation | |
# https://megalinter.io/config-file/ | |
VALIDATE_ALL_CODEBASE: true | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Upload Mega-Linter artifacts | |
- name: Archive production artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Mega-Linter reports | |
path: | | |
megalinter-reports | |
mega-linter.log | |
test: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
- "3.13" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install poetry | |
run: | | |
python3 -m pipx install poetry | |
# We have to install poetry before `setup-python` if cache is enabled. | |
# | |
# https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages | |
# https://github.com/actions/setup-python/issues/659 | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: poetry | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install --upgrade pipx | |
python3 -m pipx ensurepath | |
python3 -m pipx install poetry | |
poetry env use ${{ matrix.python-version }} | |
poetry install --sync | |
- name: Lint | |
run: | | |
poetry run poe lint | |
- name: Test | |
run: | | |
poetry run poe test | |
- name: Upload Coverage Report | |
uses: codecov/codecov-action@v4 | |
with: | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- name: Packaging Test | |
run: | | |
poetry run poe clean | |
poetry build | |
poetry run poe check-package | |
continue-on-error: true | |
# Figure out which versions of Python work well with Invoke, since | |
# Invoke may not work with recent Python releases. | |
# | |
# https://github.com/pyinvoke/invoke/issues/833#issuecomment-1293148106 | |
# https://github.com/pyinvoke/invoke/pull/458 | |
# https://github.com/pyinvoke/invoke/pull/606 | |
package: | |
runs-on: ubuntu-latest | |
needs: | |
- mega-linter | |
- test | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install poetry | |
run: | | |
python3 -m pipx install poetry | |
# We have to install poetry before `setup-python` if cache is enabled. | |
# | |
# https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages | |
# https://github.com/actions/setup-python/issues/659 | |
- name: Setup Python 3.13 | |
id: setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.13" | |
cache: poetry | |
# Package with Python 3.13 | |
# | |
# https://github.com/pyinvoke/invoke/issues/833#issuecomment-1397480677 | |
# https://github.com/pyinvoke/invoke/issues/833#issuecomment-1369097355 | |
# https://github.com/pyinvoke/invoke/commit/406a45e854f6e8df4aa0de01e3b731fea2b1f1ec | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install --upgrade pipx | |
python3 -m pipx ensurepath | |
python3 -m pipx install poetry | |
poetry env use ${{ steps.setup-python.outputs.python-version }} | |
poetry install | |
- name: Package | |
run: | | |
poetry run poe clean | |
poetry build | |
poetry run poe check-package | |
- name: Publish to PyPI | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} |