gh-actions/cache/restore: Fix permissions (#2430)
#7896
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| release: | |
| types: | |
| released | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: envoy-x64-small | |
| if: github.repository_owner == 'envoyproxy' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pants | |
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
| with: | |
| key: ${{ runner.os }}-${{ hashFiles('pants*toml') }} | |
| path: ~/.cache/pants/setup | |
| - name: Install pants | |
| run: | | |
| ./get-pants.sh | |
| export PATH=$PATH:~/.local/bin | |
| - name: Run pants test | |
| run: "pants --colors test ::" | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: coverage | |
| path: dist/coverage/python/htmlcov/ | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pants | |
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
| with: | |
| key: ${{ runner.os }}-${{ hashFiles('pants*toml') }} | |
| path: ~/.cache/pants/setup | |
| - name: Install pants | |
| run: | | |
| ./get-pants.sh | |
| export PATH=$PATH:~/.local/bin | |
| - name: Run pants lint | |
| run: "pants --colors lint ::" | |
| lint-envoy: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - run: pip install envoy.code.check>=0.5.14 | |
| - run: | | |
| envoy.code.check . -c glint shellcheck yamllint -x ".*/dist/.*" | |
| typecheck: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pants | |
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
| with: | |
| key: ${{ runner.os }}-${{ hashFiles('pants*toml') }} | |
| path: ~/.cache/pants/setup | |
| - name: Install pants | |
| run: | | |
| ./get-pants.sh | |
| export PATH=$PATH:~/.local/bin | |
| - name: Run pants (type) check | |
| run: "pants --colors check ::" | |
| docs: | |
| runs-on: ubuntu-22.04 | |
| # TODO: reenable once plugin is fixed | |
| if: false | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pants | |
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
| with: | |
| key: ${{ runner.os }}-${{ hashFiles('pants*toml') }} | |
| path: ~/.cache/pants/setup | |
| - name: Install pants | |
| run: | | |
| ./get-pants.sh | |
| export PATH=$PATH:~/.local/bin | |
| - name: Run pants README | |
| run: "pants --colors readme --check=README.md ::" | |
| package: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - test | |
| - lint | |
| - typecheck | |
| # - docs | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pants | |
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
| with: | |
| key: ${{ runner.os }}-${{ hashFiles('pants*toml') }} | |
| path: ~/.cache/pants/setup | |
| - name: Install pants | |
| run: | | |
| ./get-pants.sh | |
| export PATH=$PATH:~/.local/bin | |
| - name: Run pants package | |
| run: "pants --colors package ::" | |
| - name: Archive created packages | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: packages | |
| path: dist | |
| publish: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - package | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Download all workflow run artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Find packages to publish | |
| run: | | |
| echo "PUBLISH_PACKAGES=true" >> $GITHUB_ENV | |
| mkdir dist-out | |
| find packages/ -maxdepth 1 -type f ! -path "*dev*" | xargs -I{} cp {} dist-out/ | |
| [ "$(ls -A dist-out)" ] || echo "PUBLISH_PACKAGES=false" >> $GITHUB_ENV | |
| - name: Publish to PyPi | |
| if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags') && env.PUBLISH_PACKAGES == 'true' | |
| uses: pypa/gh-action-pypi-publish@61da13deb5f5124fb1536194f82ed3d9bbc7e8f3 # release/v1 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_TOKEN }} | |
| packages_dir: dist-out/ |