build(deps): bump github/codeql-action in the all group #58
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: ts=2 sw=2 et | |
| # On every push, and on every PR, run tests. | |
| # | |
| # We do the following things: | |
| # * Check for any NOCOMMIT things. | |
| # * Install Bind & MIT Kerberos. | |
| # * Run PyTest, which includes… | |
| # * Running MyPy. | |
| # * Run CodeQL | |
| # | |
| # Tests are run against every Python version we list support for. | |
| # | |
| # We do not test against Windows yet, but some of the pieces are in place. | |
| # | |
| # Based on the workflow template from https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | |
| name: Run tests | |
| on: | |
| push: | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| nocommit: | |
| name: Check Nocommit | |
| runs-on: ubuntu-latest | |
| steps: | |
| # This is v4 of the action | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| # This is v2 of the action | |
| - name: Check for N.O.C.O.M.M.I.T in the commits | |
| uses: nobssoftware/nocommit@e4be6eb73ee96af2ade61ac54cdd3f5852714530 | |
| pytest: | |
| name: Run Tests on ${{ matrix.os }} & Python ${{ matrix.python }} | |
| needs: nocommit | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| python: | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| os: | |
| - "ubuntu-latest" | |
| steps: | |
| - name: Install non-Python dependencies (Ubuntu) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| # Install BIND & Kerberos | |
| sudo apt install -y bind9 krb5-admin-server krb5-kdc krb5-user libkrb5-dev | |
| # Stop & disable system named | |
| sudo systemctl disable --now named | |
| # Add AppArmor config to allow named into our workspace | |
| cat - > /tmp/usr.sbin.named <<EOF | |
| # Allow read/write in bind's space in the workdir | |
| ${{ github.workspace }}/ rwk, | |
| ${{ github.workspace }}/** rwk, | |
| EOF | |
| sudo cp /tmp/usr.sbin.named /etc/apparmor.d/local/usr.sbin.named | |
| cat /etc/apparmor.d/local/usr.sbin.named | |
| sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named | |
| - name: Install non-Python dependencies (Windows) | |
| if: ${{ runner.os == 'Windows' }} | |
| shell: powershell | |
| run: | | |
| $pkg = "$env:TMP\kfw.msi" | |
| Invoke-WebRequest -OutFile $pkg -Uri https://web.mit.edu/kerberos/dist/kfw/4.1/kfw-4.1-amd64.msi | |
| Start-Process -FilePath msiexec -ArgumentList @("/i", "$pkg", "/qn", "/norestart", "ADDLOCAL=ALL") -Wait | |
| # This is v4 of the action | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| # This is v5.5.0 of the action | |
| - name: Set up Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 | |
| with: | |
| python-version: "${{ matrix.python }}" | |
| cache: 'pip' | |
| - name: Install dependencies for testing | |
| run: | | |
| ls -l | |
| make .installed-test-editable | |
| - name: Start test DNS and KDC | |
| run: | | |
| make test-env | |
| - name: Run tests | |
| run: | | |
| make test | |
| - name: Stop test DNS and KDC | |
| run: | | |
| make test-clean | |
| codeql: | |
| name: Run CodeQL on ubuntu-latest & Python 3.13 | |
| needs: pytest | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| packages: read | |
| steps: | |
| - name: Install non-Python dependencies (Ubuntu) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| # Install BIND & Kerberos | |
| sudo apt install -y bind9 krb5-admin-server krb5-kdc krb5-user libkrb5-dev | |
| # Stop & disable system named | |
| sudo systemctl disable --now named | |
| # Add AppArmor config to allow named into our workspace | |
| cat - > /tmp/usr.sbin.named <<EOF | |
| # Allow read/write in bind's space in the workdir | |
| ${{ github.workspace }}/ rwk, | |
| ${{ github.workspace }}/** rwk, | |
| EOF | |
| sudo cp /tmp/usr.sbin.named /etc/apparmor.d/local/usr.sbin.named | |
| cat /etc/apparmor.d/local/usr.sbin.named | |
| sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named | |
| # This is v4 of the action | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| # This is v5.5.0 of the action | |
| - name: Set up Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 | |
| with: | |
| python-version: "3.13" | |
| cache: 'pip' | |
| - name: Install dependencies for testing | |
| run: | | |
| ls -l | |
| make .installed-test-editable | |
| # This is v3.28.13 | |
| - name: CodeQL Init | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b | |
| with: | |
| languages: python | |
| # This is v3.28.13 | |
| - name: CodeQL Analyze | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b | |
| with: | |
| category: "/language:python" |