Skip to content
Test, build, release

Bump pillow from 12.1.0 to 12.2.0 #123

Sign in to view logs

Bump pillow from 12.1.0 to 12.2.0

Bump pillow from 12.1.0 to 12.2.0 #123

Workflow file for this run

.github/workflows/wheels.yaml at fa7b993
name: Test, build, release
on:
pull_request:
branches:
- master
push:
branches:
- master
- 'releases/**'
release:
types: [published]
jobs:
format_test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.12"]
steps:
- uses: actions/checkout@v4
- name: Install uv and set the python version
uses: astral-sh/setup-uv@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
uv venv
uv run python -m compileall -f arc/*.py
- name: Lint and format check
run: |
# stop the build if there are Python syntax errors or undefined names
uvx ruff check
uv run python -m compileall -f arc/*.py
- name: Typing check
run: |
uv run mypy .
function_test:
name: Basic test suite
runs-on: ubuntu-latest
needs: [format_test]
steps:
- uses: actions/checkout@v4
- name: Install uv and set the python version
uses: astral-sh/setup-uv@v4
with:
python-version: ${{ matrix.python-version }}
- name: Setup ARC
run: |
uv venv
- name: Run tests
run:
uv run coverage run -m pytest -s -v
- name: Coverage report
run:
uv run coverage report -m
security_test:
name: Trivy security scan
runs-on: ubuntu-24.04
strategy:
matrix:
python-version: ["3.12"]
permissions:
contents: read # Required to checkout and read repo files
security-events: write # Required to upload SARIF files to Security tab
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv and set the python version
uses: astral-sh/setup-uv@v4
with:
python-version: ${{ matrix.python-version }}
- name: Setup ARC
run: |
uv venv
uv sync
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.33.1
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'HIGH,CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: 'trivy-results.sarif'
- name: Fail build on High/Criticial Vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
format: table
scan-ref: .
severity: HIGH,CRITICAL
ignore-unfixed: true
exit-code: 1
# On a subsequent call to the action we know trivy is already installed so can skip this
skip-setup-trivy: true
build_wheels:
name: Build wheels on ${{ matrix.os }}
needs: [function_test, security_test]
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/checkout@v4
# Used to host cibuildwheel
- uses: actions/setup-python@v5
- name: Install cibuildwheel
run: python -m pip install cibuildwheel==3.3.1
- name: Build wheels
run: python -m cibuildwheel --output-dir wheelhouse
- uses: actions/upload-artifact@v4
with:
name: cibw-wheels-${{ matrix.os }}-${{ strategy.job-index }}
path: ./wheelhouse/*.whl
build_sdist:
name: Build source distribution
needs: [function_test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build sdist
run: pipx run build --sdist
- uses: actions/upload-artifact@v4
with:
name: cibw-sdist
path: dist/*.tar.gz
upload_pypi:
name: Publish package to PyPI
needs: [build_wheels, build_sdist]
runs-on: ubuntu-latest
environment: deploy
permissions:
id-token: write
if: github.event_name == 'release' && github.event.action == 'published'
steps:
- name: Get artifacts
uses: actions/download-artifact@v4
with:
# unpacks all CIBW artifacts into dist/
pattern: cibw-*
path: dist
merge-multiple: true
- name: Upload
uses: pypa/gh-action-pypi-publish@release/v1