Fix #3755 — fix directory traversal vulnerability in nikola auto
(#…
#466
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Nikola CI | |
on: | |
# Run on all pushes to master (including merge of PR) | |
push: | |
branches: master | |
# Run on all changes in pull requests | |
pull_request: | |
# Run every Saturday at 17:10 UTC to ensure stability (dependency changes not breaking things) | |
schedule: | |
- cron: '10 17 * * 6' | |
jobs: | |
nikola: | |
name: Nikola tests (Python ${{ matrix.python }} on ${{ matrix.image }}) | |
strategy: | |
fail-fast: false | |
matrix: | |
python: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
image: | |
- ubuntu-latest | |
include: | |
- python: '3.12' | |
image: macos-latest | |
- python: '3.12' | |
image: windows-latest | |
runs-on: '${{ matrix.image }}' | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '${{ matrix.python }}' | |
- name: Upgrade packaging stack | |
run: | | |
python -m pip install --upgrade-strategy eager -U pip setuptools wheel | |
- name: Install test requirements | |
run: | | |
python -m pip install --upgrade-strategy eager -Ur requirements-tests.txt | |
- name: Install Nikola | |
run: | | |
python -m pip install . | |
- name: Run tests | |
run: | | |
py.test tests/ | |
- name: Run nikola | |
run: | | |
nikola | |
- name: Run nikola help | |
run: | | |
nikola help | |
baseline: | |
name: Baseline testing (Python ${{ matrix.python }} on ${{ matrix.image }}) | |
strategy: | |
fail-fast: false | |
matrix: | |
python: ['3.12'] | |
image: | |
- ubuntu-latest | |
runs-on: '${{ matrix.image }}' | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '${{ matrix.python }}' | |
- name: Upgrade packaging stack | |
run: | | |
python -m pip install --upgrade-strategy eager -U pip setuptools wheel | |
- name: Install extra requirements | |
run: | | |
python -m pip install --upgrade-strategy eager -Ur requirements-extras.txt freezegun | |
- name: Install Nikola | |
run: | | |
python -m pip install . | |
- name: Compare to baseline | |
run: | | |
scripts/baseline.sh check | |
flake8: | |
name: Linting (flake8, pydocstyle) | |
strategy: | |
matrix: | |
python: | |
- '3.12' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '${{ matrix.python }}' | |
- name: Upgrade packaging stack | |
run: | | |
python -m pip install --upgrade-strategy eager -U pip setuptools wheel | |
- name: Install requirements | |
run: | | |
python -m pip install flake8 pydocstyle | |
- name: Run flake8 | |
run: | | |
flake8 nikola/ tests/ | |
- name: Run pydocstyle | |
run: | | |
pydocstyle --count --match-dir='(?!^\\.)(?!data).*' nikola/ | |
basereq: | |
name: Build demo site with base requirements | |
strategy: | |
matrix: | |
python: | |
- '3.11' | |
- '3.12' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '${{ matrix.python }}' | |
- name: Upgrade packaging stack | |
run: | | |
python -m pip install --upgrade-strategy eager -U pip setuptools wheel | |
- name: Install requirements | |
run: | | |
python -m pip install --upgrade-strategy eager -Ur requirements.txt | |
- name: Install Nikola | |
run: | | |
python -m pip install . | |
- name: Run help | |
run: | | |
nikola help | |
working-directory: / | |
- name: Run init | |
run: | | |
nikola init -qd nsite | |
working-directory: /tmp/ | |
- name: Run build | |
run: | | |
nikola build | |
working-directory: /tmp/nsite |