mirror of
https://github.com/yt-dlp/yt-dlp.git
synced 2026-05-19 05:42:34 +00:00
35684c1171
* Include `pin*` extras in lockfile * Fix and clean up `devscripts/update_requirements.py` * Improve release channel documentation * Remove false statement from `--prefer-insecure` documentation * Assorted code cleanup * Set `GH_TELEMETRY=false` in CI/CD whenever `gh` is used * Add comments about required checks in CI workflows * Run `test-workflows.yml` for every PR so its checks can be required * Verify actionlint attestation in CI * Remove zizmor version to reduce workflow maintenance burden (zizmor-action handles pinning on its end) Authored by: bashonly
80 lines
2.7 KiB
YAML
80 lines
2.7 KiB
YAML
name: Test and lint workflows
|
|
on:
|
|
push:
|
|
branches: ['master']
|
|
# This workflow contains required checks and needs to run for EVERY pull_request
|
|
pull_request:
|
|
branches: ['**']
|
|
|
|
permissions: {}
|
|
|
|
concurrency:
|
|
group: test-workflows-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
|
|
env:
|
|
ACTIONLINT_VERSION: "1.7.11"
|
|
ACTIONLINT_SHA256SUM: 900919a84f2229bac68ca9cd4103ea297abc35e9689ebb842c6e34a3d1b01b0a
|
|
ACTIONLINT_REPO: rhysd/actionlint
|
|
GH_TELEMETRY: "false"
|
|
|
|
jobs:
|
|
check:
|
|
# Required check; do not change name
|
|
name: Check workflows
|
|
permissions:
|
|
contents: read
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: "3.13" # Keep this in sync with release.yml's prepare job
|
|
- name: Install requirements
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
ACTIONLINT_TARBALL: ${{ format('actionlint_{0}_linux_amd64.tar.gz', env.ACTIONLINT_VERSION) }}
|
|
shell: bash
|
|
run: |
|
|
python -m devscripts.install_deps --omit-default --include-group test
|
|
sudo apt -y install shellcheck
|
|
python -m pip install -U pyflakes
|
|
gh release download \
|
|
--repo "${ACTIONLINT_REPO}" \
|
|
--pattern "${ACTIONLINT_TARBALL}" \
|
|
"v${ACTIONLINT_VERSION}"
|
|
gh attestation verify \
|
|
--repo "${ACTIONLINT_REPO}" \
|
|
"${ACTIONLINT_TARBALL}"
|
|
printf '%s %s' "${ACTIONLINT_SHA256SUM}" "${ACTIONLINT_TARBALL}" | sha256sum -c -
|
|
tar xvzf "${ACTIONLINT_TARBALL}" actionlint
|
|
sudo install -D --mode=755 actionlint /usr/bin/
|
|
- name: Run actionlint
|
|
run: |
|
|
actionlint -color
|
|
- name: Check Docker shell scripts
|
|
run: |
|
|
shellcheck bundle/docker/linux/*.sh
|
|
- name: Test GHA devscripts
|
|
run: |
|
|
pytest -Werror --tb=short --color=yes devscripts/setup_variables_tests.py
|
|
|
|
zizmor:
|
|
# Required check; do not change name
|
|
name: Run zizmor
|
|
permissions:
|
|
contents: read
|
|
actions: read # Needed by zizmorcore/zizmor-action if repository is private
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Run zizmor
|
|
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
|
|
with:
|
|
advanced-security: false
|
|
persona: pedantic
|