fix: safety vulnerability - pip is not a dependency itself #2220
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
workflow_dispatch: | |
push: | |
tags: | |
- "v*.*.*" | |
branches: | |
- main | |
env: | |
MAIN_PYTHON_VERSION: '3.10' | |
DOCUMENTATION_CNAME: 'actions.docs.ansys.com' | |
test-library-name: 'ansys-actions' | |
MEILISEARCH_API_KEY: ${{ secrets.MEILISEARCH_API_KEY }} | |
MEILISEARCH_PUBLIC_API_KEY: ${{ secrets.MEILISEARCH_PUBLIC_API_KEY }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
labeler: | |
name: "Label syncer" | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: micnncim/action-label-syncer@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Label based on changed files | |
uses: actions/labeler@v5 | |
with: | |
repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
- uses: actions-ecosystem/action-add-labels@v1 | |
if: | | |
startsWith(github.event.pull_request.head.ref, 'doc') || | |
startsWith(github.event.pull_request.head.ref, 'docs') | |
with: | |
labels: documentation | |
- uses: actions-ecosystem/action-add-labels@v1 | |
if: | | |
startsWith(github.event.pull_request.head.ref, 'maint') || | |
startsWith(github.event.pull_request.head.ref, 'no-ci') || | |
startsWith(github.event.pull_request.head.ref, 'ci') | |
with: | |
labels: maintenance | |
- uses: actions-ecosystem/action-add-labels@v1 | |
if: startsWith(github.event.pull_request.head.ref, 'feat') | |
with: | |
labels: | | |
enhancement | |
- uses: actions-ecosystem/action-add-labels@v1 | |
if: | | |
startsWith(github.event.pull_request.head.ref, 'fix') || | |
startsWith(github.event.pull_request.head.ref, 'patch') | |
with: | |
labels: bug | |
- name: Suggest to add labels | |
uses: peter-evans/create-or-update-comment@v4 | |
if: toJSON(github.event.pull_request.labels.*.name) == '{}' | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
Please add one of the following labels to add this contribution to the Release Notes :point_down: | |
- [bug](https://github.com/ansys/actions/pulls?q=label%3Abug+) | |
- [documentation](https://github.com/ansys/actions/pulls?q=label%3Adocumentation+) | |
- [enhancement](https://github.com/ansys/actions/pulls?q=label%3Aenhancement+) | |
- [good first issue](https://github.com/ansys/actions/pulls?q=label%3Agood+first+issue) | |
- [maintenance](https://github.com/ansys/actions/pulls?q=label%3Amaintenance+) | |
- [release](https://github.com/ansys/actions/pulls?q=label%3Arelease+) | |
commit-and-branch-style: | |
name: "Commit and branch style" | |
runs-on: ubuntu-latest | |
needs: labeler | |
steps: | |
- uses: ansys/actions/commit-style@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: ansys/actions/branch-name-style@main | |
code-style: | |
name: "Code style" | |
runs-on: ubuntu-latest | |
needs: commit-and-branch-style | |
steps: | |
- name: "Run code style checks" | |
uses: ansys/actions/code-style@main | |
with: | |
python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
use-python-cache: false | |
- name: "Verify private actions are not pointing to the 'main' branch" | |
if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
run: | | |
if $(grep -q --exclude-dir={.git,.github,doc} "ansys\/actions\/.*\@main" -r .); then | |
echo -e "\033[1;91m[ERROR]: Found private actions pointing to the 'main' branch.\033[0m" | |
grep -q --exclude-dir={.git,.github,doc} "ansys\/actions\/.*\@main" -r . | |
fi | |
doc-style: | |
name: "Doc style" | |
runs-on: ubuntu-latest | |
needs: commit-and-branch-style | |
steps: | |
- name: "Run documentation style checks" | |
uses: ansys/actions/doc-style@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
doc-build: | |
name: "Doc build" | |
runs-on: ubuntu-latest | |
needs: doc-style | |
steps: | |
- name: "Build documentation" | |
uses: ansys/actions/doc-build@main | |
with: | |
skip-install: true | |
python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
use-python-cache: false | |
tests: | |
name: "Tests" | |
runs-on: ubuntu-latest | |
needs: code-style | |
steps: | |
- name: "Install Git and clone project" | |
uses: actions/checkout@v4 | |
- name: "Set up Python" | |
uses: ansys/actions/_setup-python@main | |
with: | |
python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
use-cache: false | |
- name: "Isolate testing library" | |
run: mv .ci/${{ env.test-library-name }} ~/ | |
- name: "Install build and twine" | |
shell: bash | |
run: | | |
python -m pip install build twine | |
- name: "Build distribution artifacts and check their health" | |
shell: bash | |
run: | | |
cd ~/${{ env.test-library-name }} | |
ls -R && python -m build && python -m twine check dist/* | |
- name: "Upload distribution artifacts to GitHub artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.test-library-name }}-artifacts | |
path: ~/${{ env.test-library-name }}/dist/ | |
retention-days: 7 | |
- name: "Release to the test PyPI repository" | |
uses: ansys/actions/release-pypi-test@main | |
with: | |
library-name: ${{ env.test-library-name }} | |
twine-username: "__token__" | |
twine-token: ${{ secrets.PYANSYS_PYPI_TEST_PAT }} | |
doc-deploy-dev: | |
name: "Deploy developers documentation" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && !contains(github.ref, 'refs/tags') | |
needs: [doc-build, tests] | |
steps: | |
- uses: ansys/actions/doc-deploy-dev@main | |
with: | |
cname: ${{ env.DOCUMENTATION_CNAME }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
doc-index-dev: | |
name: "Deploy dev index docs" | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: doc-deploy-dev | |
steps: | |
- name: "Deploy the latest documentation index" | |
uses: ansys/actions/doc-deploy-index@main | |
with: | |
cname: ${{ env.DOCUMENTATION_CNAME }}/version/dev | |
index-name: "actions-vdev" | |
host-url: ${{ vars.MEILISEARCH_HOST_URL }} | |
api-key: ${{ env.MEILISEARCH_API_KEY }} | |
release: | |
name: "Release to GitHub" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
needs: [doc-build, tests] | |
steps: | |
- name: "Download HTML documentation" | |
uses: actions/download-artifact@v4 | |
with: | |
name: documentation-html | |
path: documentation-html | |
- name: "Zip HTML documentation" | |
uses: vimtor/action-zip@v1.2 | |
with: | |
files: documentation-html | |
dest: documentation-html.zip | |
- name: "Download PDF documentation" | |
uses: actions/download-artifact@v4 | |
with: | |
name: documentation-pdf | |
path: documentation-pdf | |
- name: "Zip PDF documentation" | |
uses: vimtor/action-zip@v1.2 | |
with: | |
files: documentation-pdf | |
dest: documentation-pdf.zip | |
- name: "Display the structure of downloaded files" | |
shell: bash | |
run: ls -R | |
- name: "Release to GitHub" | |
uses: softprops/action-gh-release@v2 | |
with: | |
generate_release_notes: true | |
files: | | |
documentation-html.zip | |
documentation-pdf.zip | |
doc-deploy-stable: | |
name: "Deploy stable documentation" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
needs: release | |
steps: | |
- uses: ansys/actions/doc-deploy-stable@main | |
with: | |
cname: ${{ env.DOCUMENTATION_CNAME }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
doc-index-stable: | |
name: "Deploy stable docs index" | |
if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: doc-deploy-stable | |
steps: | |
- name: "Install Git and clone project" | |
uses: actions/checkout@v4 | |
- name: "get version of library" | |
shell: bash | |
run: | | |
echo "FULL_VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Scrape the stable documentation to PyMeilisearch | |
run: | | |
VERSION=$(python -c "import os; version=os.environ['FULL_VERSION']; print('.'.join(version.split('.')[:2]))") | |
VERSION_MEILI=$(python -c "import os; version=os.environ['FULL_VERSION']; print('-'.join(version.split('.')[:2]))") | |
echo "Calculated VERSION: $VERSION" | |
echo "Calculated VERSION_MEILI: $VERSION_MEILI" | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
echo "VERSION_MEILI=$VERSION_MEILI" >> $GITHUB_ENV | |
- name: "Deploy the latest documentation index" | |
uses: ansys/actions/doc-deploy-index@main | |
with: | |
cname: ${{ env.DOCUMENTATION_CNAME }}/version/${{ env.VERSION }} | |
index-name: actions-v${{ env.VERSION_MEILI }} | |
host-url: ${{ vars.MEILISEARCH_HOST_URL }} | |
api-key: ${{ env.MEILISEARCH_API_KEY }} |