chore(ci): address zizmor findings #4418
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| merge_group: | |
| push: | |
| branches-ignore: | |
| - gh-readonly-queue/** # Temporary merge queue-related GH-made branches | |
| pull_request: | |
| types: | |
| - opened # default | |
| - synchronize # default | |
| - reopened # default | |
| - ready_for_review # used in PRs created from GitHub Actions workflows | |
| workflow_call: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| build: | |
| name: ${{ matrix.noxenv }} | |
| if: ${{ github.repository_owner == 'pypa' || github.event_name != 'schedule' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| noxenv: | |
| - build | |
| - linkcheck | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 | |
| with: | |
| python-version: "3.11" | |
| cache: 'pip' | |
| cache-dependency-path: 'requirements.txt' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade nox virtualenv | |
| - name: Nox ${{ matrix.noxenv }} | |
| run: | | |
| python -m nox -s ${{ matrix.noxenv }} | |
| check: | |
| # This job does nothing and is only used for the branch protection | |
| # or multi-stage CI jobs, like making sure that all tests pass before | |
| # a publishing job is started. | |
| if: always() | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |