From 4161153b29b810035ff524b03097038b87f82b75 Mon Sep 17 00:00:00 2001
From: GalaxySnail <me@glxys.nl>
Date: Fri, 13 Sep 2024 06:04:36 +0800
Subject: [PATCH] Upgrade GitHub Actions to node20 runtime (#131)

Closes #130 by @GalaxySnail

* Upgrade GitHub Actions, upgrade runtime to node20

[1] https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/
[2] https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
[3] https://github.blog/news-insights/product-news/get-started-with-v4-of-github-actions-artifacts/
[4] https://github.com/actions/upload-artifact/blob/main/docs/MIGRATION.md

* Actions: upload hidden files

[1] https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/
[2] https://github.com/actions/upload-artifact/issues/602

* Drop python 3.7 support on macOS

macos-latest is currently an alias for macOS 14 Arm64, and python 3.7 is
already EOL, so drop it on macOS.

[1] https://github.com/actions/runner-images/issues/9741
[2] https://github.com/actions/runner-images#available-images

* Skip cert check on python 3.5

ref: https://github.com/actions/setup-python/issues/866

* Actions: run monthly

* Upgrade .python-version-default to 3.12

* Add python 3.13 to CI matrix
---
 .github/workflows/ci.yml     | 43 ++++++++++++++++++++++++++++--------
 .github/workflows/codeql.yml |  2 +-
 .python-version-default      |  2 +-
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6b58483..9c9a0b9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,8 @@ on:
     tags: ["*"]
   pull_request:
     branches: [master]
+  schedule:
+    - cron: "30 16 1 * *"
   workflow_dispatch:
 
 env:
@@ -33,6 +35,7 @@ jobs:
           - "3.10"
           - "3.11"
           - "3.12"
+          - "3.13"
           - "pypy-2.7"
           - "pypy-3.7"
           - "pypy-3.8"
@@ -48,13 +51,26 @@ jobs:
           - os: ubuntu-20.04
             container: python:2.7-buster
             python-version: "2.7"
+        exclude:
+          - os: macos-latest
+            python-version: "3.7"
+          - os: macos-latest
+            python-version: "pypy-3.7"
 
     runs-on: ${{ matrix.os }}
     container: ${{ matrix.container }}
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+
+      - name: Ignore certificate verification on python 3.5
+        shell: bash
+        run: |
+          # INSECURE!! But it should be OK for CI tests.
+          echo 'PIP_TRUSTED_HOST=pypi.python.org pypi.org files.pythonhosted.org' >>$GITHUB_ENV
+        if: 'matrix.python-version == 3.5'
+
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           allow-prereleases: true
@@ -117,10 +133,11 @@ jobs:
           fi
 
       - name: Upload coverage data
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage-data
+          name: coverage-data.${{ matrix.os }}-${{ matrix.python-version }}
           path: .coverage.*
+          include-hidden-files: true
           if-no-files-found: ignore
 
   coverage:
@@ -129,14 +146,22 @@ jobs:
     needs: tests
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version-file: .python-version-default
           cache: pip
 
+      - name: Merge coverage data artifacts
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: coverage-data
+          pattern: coverage-data.*
+          include-hidden-files: true
+          delete-merged: true
+
       - name: Download coverage data
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coverage-data
 
@@ -152,7 +177,7 @@ jobs:
           python -Im coverage report --format=markdown >> $GITHUB_STEP_SUMMARY
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         env:
           CODECOV_TOKEN: ${{secrets.CODECOV_TOKEN}}
 
@@ -162,7 +187,7 @@ jobs:
           python -Im coverage report --fail-under=100
 
       - name: Upload HTML report if check failed.
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: html-report
           path: htmlcov
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 370b430..19e407a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -6,7 +6,7 @@ on:
   pull_request:
     branches: [ "master" ]
   schedule:
-    - cron: "36 4 * * 2"
+    - cron: "36 4 1 * *"
 
 jobs:
   analyze:
diff --git a/.python-version-default b/.python-version-default
index 2c07333..e4fba21 100644
--- a/.python-version-default
+++ b/.python-version-default
@@ -1 +1 @@
-3.11
+3.12