Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin dependencies in workflows #1744

Merged
merged 4 commits into from
May 10, 2024
Merged

Pin dependencies in workflows #1744

merged 4 commits into from
May 10, 2024

Conversation

Zeitsperre
Copy link
Collaborator

@Zeitsperre Zeitsperre commented May 6, 2024

Pull Request Checklist:

  • This PR addresses an already opened issue (for bug fixes / features)
    • This PR fixes #xyz
  • Tests for the changes have been added (for bug fixes / features)
    • (If applicable) Documentation has been added / updated (for bug fixes / features)
  • CHANGES.rst has been updated (with summary of main changes)
    • Link to issue (:issue:number) and pull request (:pull:number) has been added

What kind of change does this PR introduce?

  • Pins the dependencies of pip-related packages in GitHub Workflows
  • Synchronizes more dependencies between configs
  • Adds the latest coveralls (supports Python3.12)

Does this PR introduce a breaking change?

No.

Other information:

Pinning dependencies in GitHub Workflows is a suggestion from the Security Hardening linter. (see: https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies)

@github-actions github-actions bot added the CI Automation and Contiunous Integration label May 6, 2024
Copy link

github-actions bot commented May 6, 2024

Note
It appears that this Pull Request modifies the main.yml workflow.

On inspection, the XCLIM_TESTDATA_BRANCH environment variable is set to the most recent tag (v2023.12.14).

No further action is required.

Copy link
Contributor

@SarahG-579462 SarahG-579462 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks fine to me, unless you need me to test the workflows are compatible with all this.

pyproject.toml Show resolved Hide resolved
tox.ini Outdated Show resolved Hide resolved
@github-actions github-actions bot added the approved Approved for additional tests label May 8, 2024
@coveralls
Copy link

coveralls commented May 8, 2024

Coverage Status

coverage: 90.833%. first build
when pulling 5fb3c58 on pin-workflows
into 3d6c310 on main.

@Zeitsperre Zeitsperre merged commit edf1e13 into main May 10, 2024
21 checks passed
@Zeitsperre Zeitsperre deleted the pin-workflows branch May 10, 2024 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Approved for additional tests CI Automation and Contiunous Integration
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants