if: needs.check_source.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v5
- name: Install dependencies
run: |
- uses: actions/checkout@v4
with:
fetch-depth: 1
+ persist-credentials: false
- name: Runner image version
run: echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
- name: Check Autoconf and aclocal versions
if: needs.check_source.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: '3.x'
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Runner image version
run: echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
- name: Restore config.cache
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Register gcc problem matcher
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
- name: Install dependencies
#
# (GH-104097) test_sysconfig is skipped because it has tests that are
# failing when executed from inside a virtual environment.
- ${{ env.VENV_PYTHON }} -m test \
+ "${VENV_PYTHON}" -m test \
-W \
-o \
-j4 \
ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Runner image version
run: echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
- name: Restore config.cache
- 'Doc/**'
- '.github/workflows/doc.yml'
-permissions:
- pull-requests: write
-
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
documentation-links:
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
+
steps:
- uses: readthedocs/actions/preview@v1
with:
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: "3.x"
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: "3.x"
pull_request:
types: [opened, reopened, labeled, unlabeled, synchronize]
-permissions:
- issues: write
- pull-requests: write
-
jobs:
label:
name: DO-NOT-MERGE / unresolved review
if: github.repository_owner == 'python'
runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
timeout-minutes: 10
steps:
- run: >-
echo '${{ github.event_name }}'
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Check for source changes
id: check
run: |
env:
branch_base: 'origin/${{ github.event.pull_request.base.ref }}'
branch_pr: 'origin/${{ github.event.pull_request.head.ref }}'
+ commits: ${{ github.event.pull_request.commits }}
refspec_base: '+${{ github.event.pull_request.base.sha }}:remotes/origin/${{ github.event.pull_request.base.ref }}'
refspec_pr: '+${{ github.event.pull_request.head.sha }}:remotes/origin/${{ github.event.pull_request.head.ref }}'
steps:
- name: 'Check out latest PR branch commit'
uses: actions/checkout@v4
with:
+ persist-credentials: false
ref: >-
${{
github.event_name == 'pull_request'
if: github.event_name == 'pull_request'
run: |
# Fetch enough history to find a common ancestor commit (aka merge-base):
- git fetch origin ${{ env.refspec_pr }} --depth=$(( ${{ github.event.pull_request.commits }} + 1 )) \
+ git fetch origin "${refspec_pr}" --depth=$(( commits + 1 )) \
--no-tags --prune --no-recurse-submodules
# This should get the oldest commit in the local fetched history (which may not be the commit the PR branched from):
- COMMON_ANCESTOR=$( git rev-list --first-parent --max-parents=0 --max-count=1 ${{ env.branch_pr }} )
+ COMMON_ANCESTOR=$( git rev-list --first-parent --max-parents=0 --max-count=1 "${branch_pr}" )
DATE=$( git log --date=iso8601 --format=%cd "${COMMON_ANCESTOR}" )
# Get all commits since that commit date from the base branch (eg: master or main):
- git fetch origin ${{ env.refspec_base }} --shallow-since="${DATE}" \
+ git fetch origin "${refspec_base}" --shallow-since="${DATE}" \
--no-tags --prune --no-recurse-submodules
- name: 'Set up Python'
uses: actions/setup-python@v5
if: github.event_name == 'pull_request'
run: |
python Doc/tools/check-warnings.py \
- --annotate-diff '${{ env.branch_base }}' '${{ env.branch_pr }}' \
+ --annotate-diff "${branch_base}" "${branch_pr}" \
--fail-if-regression \
--fail-if-improved \
--fail-if-new-news-nit
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: 'Set up Python'
uses: actions/setup-python@v5
with:
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/cache@v4
with:
path: ~/.cache/pip
runs-on: ${{ inputs.os }}
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Runner image version
run: echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
- name: Restore config.cache
name: 'Thread sanitizer'
runs-on: ubuntu-22.04
timeout-minutes: 60
+ env:
+ OPTIONS: ${{ inputs.options }}
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Runner image version
run: echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
- name: Restore config.cache
save: ${{ github.event_name == 'push' }}
max-size: "200M"
- name: Configure CPython
- run: ${{ inputs.options }}
+ run: "${OPTIONS}"
- name: Build CPython
run: make -j4
- name: Display build info
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Register gcc problem matcher
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
- name: Install dependencies
runs-on: windows-latest
timeout-minutes: 60
env:
+ ARCH: ${{ inputs.arch }}
IncludeFreethreaded: true
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Build CPython installer
- run: .\Tools\msi\build.bat --doc -${{ inputs.arch }}
+ run: .\Tools\msi\build.bat --doc -"${ARCH}"
(${{ inputs.arch }})
runs-on: windows-latest
timeout-minutes: 60
+ env:
+ ARCH: ${{ inputs.arch }}
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- name: Register MSVC problem matcher
if: inputs.arch != 'Win32'
run: echo "::add-matcher::.github/problem-matchers/msvc.json"
- name: Build CPython
run: >-
- .\PCbuild\build.bat
+ .\\PCbuild\\build.bat
-e -d
- -p ${{ inputs.arch }}
+ -p "${ARCH}"
${{ fromJSON(inputs.free-threading) && '--disable-gil' || '' }}
+ shell: bash
- name: Display build info
if: inputs.arch != 'arm64'
run: .\python.bat -m test.pythoninfo
- name: Tests
if: inputs.arch != 'arm64'
run: >-
- .\PCbuild\rt.bat
- -p ${{ inputs.arch }}
+ .\\PCbuild\\rt.bat
+ -p "${ARCH}"
-d -q -uall -u-cpu -rwW
--slowest --timeout=1200 -j0
+ shell: bash
schedule:
- cron: "0 0 * * *"
-permissions:
- pull-requests: write
-
jobs:
stale:
if: github.repository_owner == 'python'
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
timeout-minutes: 10
steps:
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: '3'
--- /dev/null
+# Configuration for the zizmor static analysis tool, run via pre-commit in CI
+# https://woodruffw.github.io/zizmor/configuration/
+rules:
+ dangerous-triggers:
+ ignore:
+ - documentation-links.yml
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
- rev: v0.6.7
+ rev: v0.8.2
hooks:
- id: ruff
name: Run Ruff (lint) on Doc/
files: ^Doc/
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.5.0
+ rev: v5.0.0
hooks:
- id: check-case-conflict
- id: check-merge-conflict
- id: trailing-whitespace
types_or: [c, inc, python, rst]
+ - repo: https://github.com/woodruffw/zizmor-pre-commit
+ rev: v0.8.0
+ hooks:
+ - id: zizmor
+
- repo: https://github.com/sphinx-contrib/sphinx-lint
- rev: v0.9.1
+ rev: v1.0.0
hooks:
- id: sphinx-lint
args: [--enable=default-role]
projects / thirdparty / Python / cpython.git / commitdiff
