yt-dlp/.github/workflows/test-workflows.yml
dlp-bot 84db5246fa
[ci] Update 5 actions in 8 workflows (#17024)
* Bump actions/cache v5.0.5 => v6.1.0
* Bump actions/setup-python v6.2.0 => v6.3.0
* Bump docker/setup-qemu-action v4.1.0 => v4.2.0
* Bump github/codeql-action v4.36.2 => v4.36.3
* Bump zizmorcore/zizmor-action v0.5.6 => v0.5.7

Authored by: dlp-bot
2026-07-02 18:18:59 +00:00

90 lines
2.9 KiB
YAML

name: Test and lint workflows
on:
push:
branches: ['master']
# This workflow contains required checks and needs to run for EVERY pull_request
pull_request:
branches: ['**']
permissions: {}
concurrency:
group: test-workflows-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
env:
ACTIONLINT_VERSION: "1.7.12"
ACTIONLINT_SHA256SUM: 8aca8db96f1b94770f1b0d72b6dddcb1ebb8123cb3712530b08cc387b349a3d8
ACTIONLINT_REPO: rhysd/actionlint
GH_TELEMETRY: "false"
jobs:
check:
# Required check; do not change name
name: Check workflows
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "3.13" # Keep this in sync with release.yml's prepare job
- name: Install Python dependencies
run: |
python -m pip install -U --require-hashes -r "bundle/requirements/pip.txt"
python -m pip install -U --require-hashes -r "bundle/requirements/pyflakes.txt"
python -m pip install -U --require-hashes -r "bundle/requirements/test.txt"
- name: Install requirements
env:
GH_TOKEN: ${{ github.token }}
ACTIONLINT_TARBALL: ${{ format('actionlint_{0}_linux_amd64.tar.gz', env.ACTIONLINT_VERSION) }}
shell: bash
run: |
sudo apt -y install shellcheck
gh release download \
--repo "${ACTIONLINT_REPO}" \
--pattern "${ACTIONLINT_TARBALL}" \
"v${ACTIONLINT_VERSION}"
gh attestation verify \
--repo "${ACTIONLINT_REPO}" \
"${ACTIONLINT_TARBALL}"
printf '%s %s' "${ACTIONLINT_SHA256SUM}" "${ACTIONLINT_TARBALL}" | sha256sum -c -
tar xvzf "${ACTIONLINT_TARBALL}" actionlint
sudo install -D --mode=755 actionlint /usr/bin/
- name: Run actionlint
run: |
actionlint -color
- name: Check Docker shell scripts
run: |
shellcheck bundle/docker/linux/*.sh
- name: Test GHA devscripts
run: |
pytest -Werror --tb=short --color=yes devscripts/setup_variables_tests.py
zizmor:
# Required check; do not change name
name: Run zizmor
permissions:
contents: read
actions: read # Needed by zizmorcore/zizmor-action if repository is private
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
with:
advanced-security: false
persona: pedantic