Skip to content
OWASP Schema CI/CD

Bump actions/checkout from 6.0.0 to 6.0.1 #162

Sign in to view logs

Bump actions/checkout from 6.0.0 to 6.0.1

Bump actions/checkout from 6.0.0 to 6.0.1 #162

Workflow file for this run

.github/workflows/ci-cd.yaml at 2935d7f
name: OWASP Schema CI/CD
on:
merge_group:
pull_request:
branches:
- main
push:
branches:
- main
workflow_dispatch:
permissions:
contents: write
id-token: write
concurrency:
cancel-in-progress: true
group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
env:
FORCE_COLOR: 1
jobs:
pre-commit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
- name: Install Poetry
run: pipx install poetry
- name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
with:
cache: poetry
cache-dependency-path: poetry.lock
python-version: '3.14'
- name: Run pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd
- name: Check for uncommitted changes
run: |
git diff --exit-code || (echo 'Unstaged changes detected. \
Run `make check` and use `git add` to address it.' && exit 1)
code-ql:
name: CodeQL
permissions:
security-events: write
runs-on: ubuntu-latest
strategy:
matrix:
language:
- python
steps:
- name: Check out repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
- name: Initialize CodeQL
uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2
with:
category: /language:${{ matrix.language }}
run-tests:
name: Run tests (Python ${{ matrix.python-version }})
needs:
- pre-commit
runs-on: ubuntu-latest
strategy:
matrix:
python-version:
- '3.13'
- '3.14'
steps:
- name: Check out repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
- name: Set up Docker buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
- name: Build test image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
build-args: |
PYTHON_VERSION=${{ matrix.python-version }}
cache-from: |
type=gha,scope=py${{ matrix.python-version }}
type=registry,ref=owasp/nest:test-owasp-schema-cache-py${{ matrix.python-version }}
cache-to: |
type=gha,compression=zstd,scope=py${{ matrix.python-version }}
context: .
file: docker/Dockerfile.test
load: true
platforms: linux/amd64
tags: owasp/nest:test-owasp-schema-py${{ matrix.python-version }}
- name: Run tests
run: |
docker run --rm owasp/nest:test-owasp-schema-py${{ matrix.python-version }} pytest
publish-schema-package:
name: Publish to PyPI
needs:
- code-ql
- run-tests
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Check out repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
with:
python-version: '3.14'
- name: Install Poetry
run: pipx install poetry
- name: Install dependencies
run: |
poetry install
- name: Configure Git
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
- name: Bump version
id: bump-version
run: |
poetry run bump2version patch --commit --tag --allow-dirty
echo "tag_name=$(poetry version --short)" >> $GITHUB_OUTPUT
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Push changes
run: |
git push
git push --tags
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build with new version
run: |
make build-package
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
with:
skip-existing: true
- name: Create GitHub Release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.bump-version.outputs.tag_name }}
release_name: OWASP Schema v${{ steps.bump-version.outputs.tag_name }}
body: |
Automated release for OWASP package.
Changes in this release:
- Updated files
- Automated build and publish
Package: https://pypi.org/project/owasp-schema/
draft: false
prerelease: false