Bump github/codeql-action from 2.21.4 to 2.21.7 (#44) #201
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: [push, workflow_dispatch] | |
| jobs: | |
| delete-old-artifacts: | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: calendulish/purge-artifacts-action@7f45b429560cfdf0ae26758e1b069b806489e094 # v1.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| expire-in: 0 | |
| linux-build: | |
| if: ${{ always() }} | |
| needs: delete-old-artifacts | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11'] | |
| name: Python ${{ matrix.python-version }} linux build | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - run: sudo apt-fast -y install gettext | |
| - run: python -m pip install build | |
| - run: python -m build | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: linux_${{ matrix.python-version }} | |
| path: | | |
| build/*.zip | |
| dist/ | |
| if-no-files-found: error | |
| retention-days: 90 | |
| if: github.event_name != 'pull_request' | |
| rpi-build: | |
| if: ${{ always() }} | |
| needs: delete-old-artifacts | |
| runs-on: ubuntu-latest | |
| name: Build ${{ matrix.arch }} ${{ matrix.python-version }} | |
| strategy: | |
| matrix: | |
| include: | |
| - arch: 'armv7' | |
| distro: 'archarm_latest' | |
| - arch: 'aarch64' | |
| distro: 'archarm_latest' | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: uraimo/run-on-arch-action@213f9061987de116e4221ec1ea239a9fc61c4102 # v2 | |
| id: build | |
| with: | |
| arch: ${{ matrix.arch }} | |
| distro: ${{ matrix.distro }} | |
| setup: mkdir -p "${PWD}/artifacts" | |
| dockerRunArgs: --volume "${PWD}/artifacts:/artifacts" | |
| env: | | |
| release_name: "steam-tools-ng-RPI-${{ matrix.arch }}" | |
| shell: /bin/sh | |
| run: | | |
| pacman -Syu --noconfirm | |
| pacman -S --noconfirm python python-build tar | |
| python -m build | |
| cp -rfv dist/ /artifacts/ | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: rpi_${{ matrix.arch }} | |
| path: | | |
| artifacts/dist/ | |
| if-no-files-found: error | |
| retention-days: 90 | |
| if: github.event_name != 'pull_request' | |
| windows-build: | |
| if: ${{ always() }} | |
| needs: delete-old-artifacts | |
| runs-on: windows-2022 | |
| strategy: | |
| matrix: | |
| python-version: ['3.10', '3.11'] | |
| defaults: | |
| run: | |
| shell: cmd | |
| working-directory: .\\tools\Windows | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - run: python -m pip install certifi aiohttp cx_freeze pywin32 psutil stlib stlib-plugins | |
| - run: dist_script_native.cmd | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: windows_${{ matrix.python-version }} | |
| path: | | |
| build/*.zip | |
| installer/build/*.exe | |
| if-no-files-found: error | |
| retention-days: 90 | |
| if: github.event_name != 'pull_request' | |
| deploy: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: [linux-build, windows-build, rpi-build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 | |
| with: | |
| draft: true | |
| files: | | |
| linux_3.11/dist/* | |
| windows_3.11/installer/build/*.exe | |
| windows_3.10/build/*.zip | |
| windows_3.11/build/*.zip | |
| rpi_aarch64/dist/*.whl | |
| rpi_armv7/dist/*.whl | |
| pypi-upload: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: [deploy] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [ '3.11' ] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| - uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| packages_dir: linux_${{ matrix.python-version }}/dist/ | |
| verbose: true | |
| print_hash: true | |
| generate-badges: | |
| if: ${{ always() && github.event_name != 'pull_request' }} | |
| needs: [linux-build, windows-build, rpi-build] | |
| runs-on: ubuntu-latest | |
| env: | |
| linux-badge-color: ${{ needs.linux-build.result == 'success' && 'green' || 'red' }} | |
| windows-badge-color: ${{ needs.windows-build.result == 'success' && 'green' || 'red' }} | |
| rpi-badge-color: ${{ needs.rpi-build.result == 'success' && 'green' || 'red' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| - uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
| with: | |
| NAME: steam-tools-ng-linux-build | |
| LABEL: 'Linux build' | |
| STATUS: ${{ needs.linux-build.result }} | |
| COLOR: ${{ env.linux-badge-color }} | |
| GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
| REPOSITORY: calendulish/.github | |
| ACTOR: calendulish | |
| - uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
| with: | |
| NAME: steam-tools-ng-windows-build | |
| LABEL: 'Windows build' | |
| STATUS: ${{ needs.windows-build.result }} | |
| COLOR: ${{ env.windows-badge-color }} | |
| GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
| REPOSITORY: calendulish/.github | |
| ACTOR: calendulish | |
| - uses: RubbaBoy/BYOB@24f464284c1fd32028524b59607d417a2e36fee7 # v1.3.0 | |
| with: | |
| NAME: steam-tools-ng-rpi-build | |
| LABEL: 'RPI build' | |
| STATUS: ${{ needs.rpi-build.result }} | |
| COLOR: ${{ env.rpi-badge-color }} | |
| GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} | |
| REPOSITORY: calendulish/.github | |
| ACTOR: calendulish |