Skip to content
CI

Disable permissions-check and online-test jobs (#186) #734

Sign in to view logs

Disable permissions-check and online-test jobs (#186)

Disable permissions-check and online-test jobs (#186) #734

Workflow file for this run

.github/workflows/ci.yml at 04ee608
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [ "main" ]
pull_request_target:
branches: [ "main" ]
workflow_dispatch: # manual run
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
pull-requests: read
contents: read
id-token: write
actions: read
jobs:
# permissions-check:
# runs-on: ubuntu-latest
# steps:
# # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot)
# # PRs from forks we check the permissions of the user that triggered the workflow (github.triggering_actor)
# # This means that if a user without write access opens a PR from a fork, they cannot run this workflow
# # Users with write access can still run this workflow on a PR from a fork
# # For PRs from the same repo, we allow the workflow to run as normal
# - name: Get User Permission
# if: ${{ github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]' }}
# id: checkAccess
# uses: actions-cool/check-user-permission@v2
# with:
# require: write
# username: ${{ github.triggering_actor }}
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Check User Permission
# if: ${{ (github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]') && steps.checkAccess.outputs.require-result == 'false' }}
# run: |
# echo "${{ github.triggering_actor }} does not have permissions on this repo."
# echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
# echo "Job originally triggered by ${{ github.actor }}"
# exit 1
check:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ['3.12', '3.13', '3.14']
exclude:
- os: windows-latest
python-version: '3.13'
- os: windows-latest
python-version: '3.14'
runs-on: ${{ matrix.os }}
name: ${{ matrix.os }} check (py ${{ matrix.python-version }})
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v7
- name: Run Check (Linux)
if: runner.os == 'Linux'
shell: bash
run: |
make check
- name: Run Check (Windows)
if: runner.os == 'Windows'
run: |
./make.bat check
format:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ['3.12', '3.13', '3.14']
exclude:
- os: windows-latest
python-version: '3.13'
- os: windows-latest
python-version: '3.14'
runs-on: ${{ matrix.os }}
name: ${{ matrix.os }} format (py ${{ matrix.python-version }})
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v7
- name: Run Format (Linux)
if: runner.os == 'Linux'
shell: bash
run: |
make format
- name: Run Format (Windows)
if: runner.os == 'Windows'
run: |
./make.bat format
offline-test:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ['3.12', '3.13']
exclude:
- os: windows-latest
python-version: '3.13'
runs-on: ${{ matrix.os }}
name: ${{ matrix.os }} (py ${{ matrix.python-version }})
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v7
- name: Run Test (Linux)
if: runner.os == 'Linux'
shell: bash
run: |
make test
- name: Run Test (Windows)
if: runner.os == 'Windows'
run: |
./make.bat test
# online-test:
# needs: permissions-check
# environment:
# name: build-pipeline
# strategy:
# fail-fast: false
# matrix:
# os: [ubuntu-latest]
# python-version: ['3.14']
# runs-on: ${{ matrix.os }}
# name: ${{ matrix.os }} (py ${{ matrix.python-version }})
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ github.event.pull_request.head.sha || github.ref }}
# - name: Set up Python
# uses: actions/setup-python@v5
# with:
# python-version: ${{ matrix.python-version }}
# - name: Install uv
# uses: astral-sh/setup-uv@v7
# - name: Install Dependencies (Linux)
# if: runner.os == 'Linux'
# shell: bash
# run: |
# make sync
# - name: Install Dependencies (Windows)
# if: runner.os == 'Windows'
# run: |
# make sync
# - name: Login to Azure
# uses: azure/login@v2.2.0
# with:
# client-id: ${{ secrets.AZURE_CLIENTID }}
# tenant-id: ${{ secrets.AZURE_TENANTID }}
# subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }}
# - name: Get Keys
# run: |
# uv run python tools/get_keys.py --vault build-pipeline-kv
# - name: Run Test
# shell: bash
# run: |
# uv run pytest
# - name: Clean up Keys
# run: |
# node -e "try{require('fs').unlinkSync('./.env');}catch(e){}"