Bump github/codeql-action from 3.25.11 to 3.27.1 #384
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: [push, workflow_dispatch] | |
permissions: read-all | |
jobs: | |
delete-old-artifacts: | |
permissions: | |
actions: write | |
if: github.actor == 'calendulish' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: calendulish/purge-artifacts-action@2e8a85a677ea67a31edfe3e348d9379ad7e26988 # v1.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
expire-in: 0 | |
linux-build: | |
if: ${{ always() }} | |
needs: delete-old-artifacts | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.9', '3.10', '3.11', '3.12'] | |
name: Python ${{ matrix.python-version }} linux build | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- run: sudo apt-fast -y install gettext | |
- run: python -m pip install -r requirements.txt | |
- run: python -m build | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: linux_${{ matrix.python-version }} | |
path: | | |
build/*.zip | |
dist/ | |
if-no-files-found: error | |
retention-days: 90 | |
if: github.actor == 'calendulish' | |
rpi-build: | |
if: ${{ always() }} | |
needs: delete-old-artifacts | |
runs-on: ubuntu-latest | |
name: Build ${{ matrix.arch }} ${{ matrix.python-version }} | |
strategy: | |
matrix: | |
include: | |
- arch: 'armv7' | |
distro: 'archarm_latest' | |
- arch: 'aarch64' | |
distro: 'archarm_latest' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: uraimo/run-on-arch-action@b0ffb25eb00af00468375982384441f063da1741 # v2.7.2 | |
id: build | |
with: | |
arch: ${{ matrix.arch }} | |
distro: ${{ matrix.distro }} | |
setup: mkdir -p "${PWD}/artifacts" | |
dockerRunArgs: --volume "${PWD}/artifacts:/artifacts" | |
env: | | |
release_name: "steam-tools-ng-RPI-${{ matrix.arch }}" | |
shell: /bin/sh | |
run: | | |
pacman -Syu --noconfirm | |
pacman -S --noconfirm python python-build tar | |
python -m build | |
cp -rfv dist/ /artifacts/ | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: rpi_${{ matrix.arch }} | |
path: | | |
artifacts/dist/ | |
if-no-files-found: error | |
retention-days: 90 | |
if: github.actor == 'calendulish' | |
windows-build: | |
if: ${{ always() }} | |
needs: delete-old-artifacts | |
runs-on: windows-2022 | |
strategy: | |
matrix: | |
python-version: ['3.10', '3.11', '3.12'] | |
defaults: | |
run: | |
shell: cmd | |
working-directory: .\\tools\Windows | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- run: python -m pip install -r .\\..\..\requirements.txt | |
- run: dist_script_native.cmd | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: windows_${{ matrix.python-version }} | |
path: | | |
build/*.zip | |
installer/build/*.exe | |
if-no-files-found: error | |
retention-days: 90 | |
if: github.actor == 'calendulish' | |
deploy: | |
permissions: | |
contents: write | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: [linux-build, windows-build, rpi-build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
- uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 | |
with: | |
draft: true | |
files: | | |
linux_3.12/dist/* | |
windows_3.12/installer/build/*.exe | |
windows_3.10/build/*.zip | |
windows_3.11/build/*.zip | |
windows_3.12/build/*.zip | |
rpi_aarch64/dist/*.whl | |
rpi_armv7/dist/*.whl | |
pypi-upload: | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: [deploy] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: [ '3.12' ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
- uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
packages_dir: linux_${{ matrix.python-version }}/dist/ | |
verbose: true | |
print_hash: true | |
generate-badges: | |
permissions: | |
contents: write | |
if: ${{ always() && github.actor == 'calendulish' }} | |
needs: [linux-build, windows-build, rpi-build] | |
runs-on: ubuntu-latest | |
env: | |
linux-badge-color: ${{ needs.linux-build.result == 'success' && 'green' || 'red' }} | |
windows-badge-color: ${{ needs.windows-build.result == 'success' && 'green' || 'red' }} | |
rpi-badge-color: ${{ needs.rpi-build.result == 'success' && 'green' || 'red' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
with: | |
NAME: steam-tools-ng-linux-build | |
LABEL: 'Linux build' | |
STATUS: ${{ needs.linux-build.result }} | |
COLOR: ${{ env.linux-badge-color }} | |
GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
REPOSITORY: calendulish/.github | |
ACTOR: calendulish | |
- uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
with: | |
NAME: steam-tools-ng-windows-build | |
LABEL: 'Windows build' | |
STATUS: ${{ needs.windows-build.result }} | |
COLOR: ${{ env.windows-badge-color }} | |
GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
REPOSITORY: calendulish/.github | |
ACTOR: calendulish | |
- uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
with: | |
NAME: steam-tools-ng-rpi-build | |
LABEL: 'RPI build' | |
STATUS: ${{ needs.rpi-build.result }} | |
COLOR: ${{ env.rpi-badge-color }} | |
GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
REPOSITORY: calendulish/.github | |
ACTOR: calendulish |