Skip to content
This repository was archived by the owner on Jul 2, 2026. It is now read-only.

chore(deps): update binary tool pins #319

chore(deps): update binary tool pins

chore(deps): update binary tool pins #319

Workflow file for this run

name: CI
on:
pull_request:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
lint:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v8.2.0
with:
enable-cache: true
- name: Set up Python 3.14
run: uv python install 3.14
- name: Install task
uses: kreuzberg-dev/actions/install-task@v1
- name: Setup
run: uv sync --no-install-project --no-install-workspace --group dev
- name: Lint
run: task lint
test:
name: test (${{ matrix.os }} / py${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# Windows is intentionally excluded — these are bash-based hooks; native
# Windows consumers run them under WSL or Git Bash, which is covered by
# the same Ubuntu test path. Running on `windows-latest` exercises a
# PowerShell environment where `bash -n` and Unix exec-bit semantics
# don't apply.
os: [ubuntu-latest, macos-latest]
python-version: ["3.10", "3.14"]
steps:
- uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v8.1.0
with:
enable-cache: true
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install task
uses: kreuzberg-dev/actions/install-task@v1
- name: Setup
run: uv sync --no-install-project --no-install-workspace --group dev
- name: Unit tests
run: task test:unit
cov:
name: coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v8.1.0
with:
enable-cache: true
- name: Set up Python 3.14
run: uv python install 3.14
- name: Install task
uses: kreuzberg-dev/actions/install-task@v1
- name: Setup
run: uv sync --no-install-project --no-install-workspace --group dev
- name: Coverage
run: task cov
- name: Upload coverage artifact
if: always()
uses: actions/upload-artifact@v7
with:
name: coverage
path: |
.coverage
htmlcov/
if-no-files-found: ignore
audit:
name: audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v8.1.0
with:
enable-cache: true
- name: Set up Python 3.14
run: uv python install 3.14
- name: Install task
uses: kreuzberg-dev/actions/install-task@v1
- name: Setup
run: uv sync --no-install-project --no-install-workspace --group dev
- name: pip-audit + bandit
run: task audit
shell-syntax:
name: shell-syntax
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Bash syntax check
run: |
set -e
for f in lib/*.sh hooks/*/run.sh scripts/*.sh; do
[ -f "$f" ] || continue
bash -n "$f"
done
echo "shell syntax ok"
hooks-smoke:
name: hooks-smoke
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Smoke-test every hook against its tests/ fixtures
run: bash scripts/smoke_hooks.sh
prek-dogfood:
name: prek-dogfood
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v8.1.0
with:
enable-cache: true
- name: Set up Python 3.14
run: uv python install 3.14
- name: Install task
uses: kreuzberg-dev/actions/install-task@v1
- name: Install prek
run: uv tool install prek
- name: Setup
run: uv sync --no-install-project --no-install-workspace --group dev
- name: prek run --all-files
run: uv tool run prek run --all-files --show-diff-on-failure