From 97ce6209389cb61089d576c4d10b23c1ee3c97dc Mon Sep 17 00:00:00 2001 From: Anfimov Dima Date: Thu, 23 Oct 2025 12:10:36 +0200 Subject: [PATCH 1/4] chore: do not run tests in CI for docs changes --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bf0c8131..3c10f9c5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,6 +2,9 @@ name: Testing taskiq on: pull_request: + paths-ignore: + - 'docs/**' + - '*.md' push: jobs: From 3f96102bce3eba222007aeb829a88fa91c20cb6b Mon Sep 17 00:00:00 2001 From: Anfimov Dima Date: Thu, 23 Oct 2025 12:19:33 +0200 Subject: [PATCH 2/4] chore: update version of github actions --- .github/workflows/release.yml | 4 ++-- .github/workflows/release_docs.yaml | 8 ++++---- .github/workflows/test.yml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be8497bf..d6d2a67d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,11 +9,11 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install poetry run: pipx install poetry - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: "3.11" - name: Install deps diff --git a/.github/workflows/release_docs.yaml b/.github/workflows/release_docs.yaml index af56972c..89dd8dd8 100644 --- a/.github/workflows/release_docs.yaml +++ b/.github/workflows/release_docs.yaml @@ -13,11 +13,11 @@ jobs: deploy_docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup pnpm - uses: pnpm/action-setup@v2 + uses: pnpm/action-setup@v4 - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 18 cache: pnpm @@ -31,7 +31,7 @@ jobs: git config --global lfs.allowincompletepush true - name: Deploy - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@v4 with: personal_token: ${{ secrets.PERSONAL_TOKEN }} external_repository: taskiq-python/taskiq-python.github.io diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3c10f9c5..c0d84dad 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,11 +17,11 @@ jobs: - mypy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install poetry run: pipx install poetry - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: "3.11" cache: "poetry" @@ -37,11 +37,11 @@ jobs: os: [ubuntu-latest, windows-latest, macos-latest] runs-on: "${{ matrix.os }}" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install poetry run: pipx install poetry - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: "${{ matrix.py_version }}" cache: "poetry" From 130a747e0551041c327c724fcf82798965d2cb04 Mon Sep 17 00:00:00 2001 From: Anfimov Dima Date: Thu, 23 Oct 2025 12:25:40 +0200 Subject: [PATCH 3/4] chore: fix security issues according to zizmor --- .github/workflows/release.yml | 4 +++- .github/workflows/release_docs.yaml | 2 ++ .github/workflows/test.yml | 9 +++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6d2a67d..4f179486 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,6 +10,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry - name: Set up Python @@ -19,7 +21,7 @@ jobs: - name: Install deps run: poetry install - name: Set version - run: poetry version "${{ github.ref_name }}" + run: poetry version "${GITHUB_REF_NAME}" - name: Release package env: POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }} diff --git a/.github/workflows/release_docs.yaml b/.github/workflows/release_docs.yaml index 89dd8dd8..f28822d4 100644 --- a/.github/workflows/release_docs.yaml +++ b/.github/workflows/release_docs.yaml @@ -14,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Setup pnpm uses: pnpm/action-setup@v4 - name: Setup Node.js diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c0d84dad..c1a8342e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,11 @@ on: - '*.md' push: +permissions: + actions: read + contents: read + pull-requests: read + jobs: lint: strategy: @@ -18,6 +23,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry - name: Set up Python @@ -38,6 +45,8 @@ jobs: runs-on: "${{ matrix.os }}" steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry - name: Set up Python From 5f46742de332bce1fbfa18dc03a755b2e7345dc6 Mon Sep 17 00:00:00 2001 From: Anfimov Dima Date: Thu, 23 Oct 2025 12:27:15 +0200 Subject: [PATCH 4/4] chore: add ignore on push action --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c1a8342e..0ba38d3a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,9 @@ on: - 'docs/**' - '*.md' push: + paths-ignore: + - 'docs/**' + - '*.md' permissions: actions: read