chore: remove Python from the repository tooling #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| permissions: read-all | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - devs/** | |
| concurrency: | |
| # yamllint disable-line rule:line-length | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| linters: | |
| timeout-minutes: 5 | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| - name: Check workflow files | |
| uses: docker://rhysd/actionlint:1.7.12@sha256:b1934ee5f1c509618f2508e6eb47ee0d3520686341fec936f3b79331f9315667 | |
| with: | |
| args: -color | |
| # yamllint and semgrep run from their published images (no host Python), | |
| # matching the actionlint step above. Renovate manages the tags + digests. | |
| - name: Lint YAML 🔍 | |
| uses: docker://cytopia/yamllint:1@sha256:596fb19eb71e55ba5b2fa56d8c18a615ec82adc8d3bf2d73918cb78c8f3240fb | |
| with: | |
| args: . | |
| - name: Security scan 🔒 | |
| uses: docker://semgrep/semgrep:1.167.0@sha256:06938c1f365d3f67b8cedd8bc117607ae64253f88a0e768e9da9408548927dd6 | |
| with: | |
| # Set the entrypoint explicitly: this image has no ENTRYPOINT, and | |
| # pinning it keeps the step correct if a digest bump reintroduces one. | |
| entrypoint: semgrep | |
| args: --config=auto --error | |
| autodoc: | |
| timeout-minutes: 5 | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| - name: Regenerate documentation | |
| run: ./generate-doc.sh | |
| - name: Verify Changed files | |
| run: | | |
| if ! git diff --exit-code -- README.md; then | |
| echo "::error::Action documentation is out of date. Run \`./generate-doc.sh\`" | |
| exit 1 | |
| fi | |
| test-install: | |
| timeout-minutes: 5 | |
| # One runner per target triple install.sh supports, so every detection + | |
| # extraction path is exercised: linux+macos on both x86_64 and aarch64. | |
| # (Windows is added once install.sh ships a Windows path.) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-24.04 # x86_64-unknown-linux-gnu | |
| - ubuntu-24.04-arm # aarch64-unknown-linux-gnu | |
| - macos-15-intel # x86_64-apple-darwin | |
| - macos-15 # aarch64-apple-darwin | |
| runs-on: ${{ matrix.os }} | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| - name: Install pinned mergify-cli | |
| id: pinned | |
| uses: ./ | |
| with: | |
| mergify_cli_version: 2026.6.16.1 | |
| - name: Assert pinned install | |
| env: | |
| VERSION: ${{ steps.pinned.outputs.mergify_cli_version }} | |
| run: | | |
| # Compare against the literal requested version (not the action's own | |
| # readback), so a regression that installs the wrong version fails CI. | |
| test "$VERSION" = "2026.6.16.1" | |
| test "$(mergify --version | awk '{print $NF}')" = "2026.6.16.1" | |
| - name: Install latest mergify-cli | |
| id: latest | |
| uses: ./ | |
| with: | |
| mergify_cli_version: latest | |
| - name: Assert latest install | |
| env: | |
| VERSION: ${{ steps.latest.outputs.mergify_cli_version }} | |
| run: | | |
| test -n "$VERSION" | |
| test "$(mergify --version | awk '{print $NF}')" = "$VERSION" | |
| all-greens: | |
| if: ${{ !cancelled() }} | |
| needs: | |
| - linters | |
| - autodoc | |
| - test-install | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Verify all jobs succeeded | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |