Skip to content

chore(deps): update github/codeql-action action to v3.28.0 #28873

chore(deps): update github/codeql-action action to v3.28.0

chore(deps): update github/codeql-action action to v3.28.0 #28873

Workflow file for this run

# Copyright © Michal Čihař <[email protected]>
#
# SPDX-License-Identifier: GPL-3.0-or-later
name: Distribution
on:
push:
branches-ignore:
- deepsource-fix-**
- renovate/**
- weblate
tags:
- weblate-*
pull_request:
permissions:
contents: read
jobs:
dist:
runs-on: ubuntu-24.04
name: Build packages
env:
PYTHONUNBUFFERED: 1
PYTHONWARNINGS: default,ignore:unclosed:ResourceWarning
permissions:
# Needed for Sigstore
id-token: write
# Needed for attestations
attestations: write
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: build
run: |
echo "::add-matcher::.github/matchers/setuptools.json"
uv build
echo "::remove-matcher owner=setuptools::"
- name: Sign the dists with Sigstore
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
uses: sigstore/[email protected]
with:
inputs: dist/*
- name: Attest
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
uses: actions/attest-build-provenance@v2
with:
subject-path: dist/*
- uses: actions/upload-artifact@v4
with:
path: dist/*
name: dist
lint:
runs-on: ubuntu-24.04
name: Lint packages
env:
PYTHONUNBUFFERED: 1
needs:
- dist
steps:
- uses: actions/checkout@v4
- name: Install apt dependencies
run: sudo ./ci/apt-install
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- uses: astral-sh/setup-uv@v5
with:
enable-cache: true
cache-dependency-glob: ''
cache-suffix: '3.13'
- uses: actions/download-artifact@v4
- name: Cleanup dist
# Remove files not supported on PyPI (eg. Sigstore signatures)
run: find dist -mindepth 1 -not -name '*.tar.gz' -not -name '*.whl' -delete
- name: list wheel
run: unzip -l dist/*.whl
- name: list sdist
run: tar tvf dist/*.tar.gz
- name: twine check
run: uvx twine check --strict dist/*
- name: pydistcheck
run: uvx pydistcheck --inspect dist/*
- name: pyroma
run: uvx pyroma dist/*.tar.gz
- name: check-wheel-contents
run: uvx check-wheel-contents dist/*.whl
- name: check-manifest
run: uvx check-manifest -v
- name: install
run: |
uv venv .venv-install
source .venv-install/bin/activate
uv pip install dist/*.whl
notes:
runs-on: ubuntu-24.04
name: Build release notes
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: Install apt dependencies
run: |
sudo apt update
sudo apt install -y graphviz pandoc
- name: Install Python dependencies
run: uv sync --no-sources --only-group docs --frozen
- name: Sphinx build
run: |
. .venv/bin/activate
./ci/run-docs
- name: Convert release notes
run: |
version=$(sed -n '/^VERSION =/ s/.*"\(.*\)"/\1/p' weblate/utils/version.py)
namever="weblate-$version"
sed "s/latest/$namever/" < scripts/release-notes-filter.lua > scripts/release-notes-filter.version.lua
mkdir dist
./scripts/extract-release-notes > "dist/Weblate-$version.html"
pandoc "dist/Weblate-$version.html" --write=gfm --wrap=none --lua-filter=scripts/release-notes-filter.version.lua -o "dist/Weblate-$version.md"
rm scripts/release-notes-filter.version.lua
- uses: actions/upload-artifact@v4
with:
path: dist/*
name: notes
publish_pypi:
name: Publish to PyPI
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
permissions:
# this permission is mandatory for trusted publishing
id-token: write
needs:
- notes
- dist
- lint
runs-on: ubuntu-24.04
steps:
- uses: actions/download-artifact@v4
- name: Cleanup dist
# Remove files not supported on PyPI (eg. Sigstore signatures)
run: find dist -mindepth 1 -not -name '*.tar.gz' -not -name '*.whl' -delete
- uses: astral-sh/setup-uv@v5
- run: uv publish --trusted-publishing always
publish_github:
name: Publish to GitHub
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
permissions:
# this permission is mandatory for creating a release
contents: write
needs:
- notes
- dist
- lint
runs-on: ubuntu-24.04
steps:
- uses: actions/download-artifact@v4
- name: Extract notes body
run: tail -n+3 notes/Weblate-*.md > notes.md
- name: Extract notes title
id: get-name
run: echo name=$(head -n1 notes/Weblate-*.md) > "$GITHUB_OUTPUT"
- uses: ncipollo/release-action@v1
with:
artifacts: dist/*
bodyFile: notes.md
name: ${{ steps.get-name.outputs.name }}