Merge branch 'master' of https://github.com/EnricoMi/publish-unit-tes…

…t-result-action into update-dependencies

.github/actions/test/action.yml

@@ -21,12 +21,12 @@ runs:
 
     - name: Setup Python
       if: inputs.python-version != 'installed'
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ inputs.python-version }}
 
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Detect OS
       id: os
@@ -48,8 +48,9 @@ runs:
       shell: bash
 
     - name: Cache PIP Packages
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       id: cache
+      if: github.event_name != 'schedule'
       with:
         path: ${{ steps.os.outputs.pip-cache }}
         key: ${{ inputs.os }}-pip-test-${{ inputs.python-version }}-${{ hashFiles('**/requirements.txt', '**/constraints.txt') }}-${{ steps.os.outputs.date }}
@@ -61,15 +62,32 @@ runs:
     - name: Install Python dependencies
       run: |
         python3 -V
+
+        # inspect pip cache
         python3 -m pip freeze | sort
         python3 -m pip cache info || true
         python3 -m pip cache list || true
-        python3 -m pip install --upgrade --force pip wheel
-        python3 -m pip install --force -r python/requirements.txt
+
+        # remove cached built whl files
+        rm -rf "$(python3 -m pip cache info | grep "Locally built wheels location: " | cut -d ":" -f 2- | cut -d " " -f 2-)"
+        python3 -m pip cache list || true
+
+        # install dependencies
+        python_minor_version="$(python3 -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')"
+        python3 -m pip install --force -r python/requirements-$python_minor_version.txt
         python3 -m pip install --force -r python/test/requirements.txt -c python/test/constraints.txt
+
+        # inspect pip cache
         python3 -m pip freeze | sort
         python3 -m pip cache info || true
         python3 -m pip cache list || true
+
+        # assert no whl files have been built
+        if [ python3 -m pip cache info ] && [ "$(python3 -m pip cache info | grep "Number of locally built wheels:")" != "Number of locally built wheels: 0" ]
+        then
+          echo "Dependency whl files have been built"
+          exit 1
+        fi
       shell: bash
 
     - name: Update expectation files
@@ -84,14 +102,14 @@ runs:
           # we only upload the changed files if we can find zip
           if which zip
           then
-            (git diff --name-only && git ls-files -o  --exclude-standard) | xargs -d "\n" zip changed-expectations.zip
+            (git diff --name-only && git ls-files -o  --exclude-standard) | xargs zip changed-expectations.zip
             exit 1
           fi
         fi
       shell: bash
     - name: Upload changed expectation files
       if: steps.changes.outcome == 'failure'
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: Changed expectations
         path: changed-expectations.zip
@@ -127,7 +145,7 @@ runs:
 
     - name: Upload Test Results
       if: always()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: Test Results (python-${{ inputs.python-version }}, ${{ inputs.os }})
         path: |

.github/upgrade-pip-packages.sh

@@ -2,12 +2,13 @@
 set -euo pipefail
 
 base="$(dirname "$0")"
+python_minor_version="$(python3 -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')"
 
-pip install --upgrade --force pip==22.0.0
-pip install --upgrade --upgrade-strategy eager -r "$base/../python/requirements-direct.txt"
+pip install --upgrade --force pip==24.0.0
+pip install --upgrade --upgrade-strategy eager -r "$base/../python/requirements.txt"
 
 pip install pipdeptree
-pipdeptree --packages="$(sed -e "s/;.*//" -e "s/=.*//g" "$base/../python/requirements-direct.txt" | paste -s -d ,)" --freeze > "$base/../python/requirements.txt"
+pipdeptree --packages="$(sed -e "s/;.*//" -e "s/=.*//g" "$base/../python/requirements.txt" | paste -s -d ,)" --freeze > "$base/../python/requirements-$python_minor_version.txt"
 
-git diff "$base/../python/requirements.txt"
+git diff "$base/../python/requirements-$python_minor_version.txt"
 

.github/workflows/badges.yml

@@ -0,0 +1,91 @@
+name: Badges
+
+on:
+  schedule:
+    - cron: '24 03 * * 3'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  downloads:
+    name: Docker pulls
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get package downloads
+        id: downloads
+        uses: ./misc/action/package-downloads
+        with:
+          url: ${{ github.server_url }}
+          repo: ${{ github.repository }}
+          package: publish-unit-test-result-action
+
+      - name: Create badge
+        uses: emibcn/badge-action@4209421db54c8764d8932070ffd0f81715a629bf
+        with:
+          label: Docker pulls
+          status: ${{ steps.downloads.outputs.total_downloads }} (${{ steps.downloads.outputs.recent_downloads_per_day }}/d)
+          color: blue
+          path: downloads.svg
+
+      - name: Create JSON
+        run: |
+          echo '{"subject": "Docker pulls", "status": "${{ steps.downloads.outputs.total_downloads }} (${{ steps.downloads.outputs.recent_downloads_per_day }}/d)", "color": "blue"}' > downloads.json
+
+      - name: Upload badge to Gist
+        uses: andymckay/append-gist-action@1fbfbbce708a39bd45846f0955ed5521f2099c6d
+        with:
+          token: ${{ secrets.GIST_TOKEN }}
+          gistURL: https://gist.githubusercontent.com/EnricoMi/612cb538c14731f1a8fefe504f519395
+          file: downloads.svg
+
+      - name: Upload JSON to Gist
+        uses: andymckay/append-gist-action@1fbfbbce708a39bd45846f0955ed5521f2099c6d
+        with:
+          token: ${{ secrets.GIST_TOKEN }}
+          gistURL: https://gist.githubusercontent.com/EnricoMi/612cb538c14731f1a8fefe504f519395
+          file: downloads.json
+
+  workflows:
+    name: Dependent workflows
+    runs-on: ubuntu-latest
+    permissions:
+      packages: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Fetch workflows
+        id: workflows
+        uses: ./misc/action/fetch-workflows
+
+      - name: Create badge
+        uses: emibcn/badge-action@808173dd03e2f30c980d03ee49e181626088eee8
+        with:
+          label: GitHub Workflows
+          status: ${{ steps.workflows.outputs.total_workflows }}
+          color: blue
+          path: workflows.svg
+
+      - name: Create JSON
+        run: |
+          echo '{"subject": "GitHub Workflows", "status": "${{ steps.workflows.outputs.total_workflows }}", "color": "blue"}' > workflows.json
+
+      - name: Upload badge to Gist
+        uses: andymckay/append-gist-action@6e8d64427fe47cbacf4ab6b890411f1d67c07f3e
+        with:
+          token: ${{ secrets.GIST_TOKEN }}
+          gistURL: https://gist.githubusercontent.com/EnricoMi/612cb538c14731f1a8fefe504f519395
+          file: workflows.svg
+
+      - name: Upload JSON to Gist
+        uses: andymckay/append-gist-action@6e8d64427fe47cbacf4ab6b890411f1d67c07f3e
+        with:
+          token: ${{ secrets.GIST_TOKEN }}
+          gistURL: https://gist.githubusercontent.com/EnricoMi/612cb538c14731f1a8fefe504f519395
+          file: workflows.json

.github/workflows/ci-cd.yml

@@ -9,7 +9,7 @@ on:
       - '*'
   pull_request:
   schedule:
-    - cron: '0 16 * * *'
+    - cron: '10 9 * * *'
   workflow_dispatch:
 permissions: {}
 
@@ -19,34 +19,52 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - name: Check requirements.txt against requirements-direct.txt
+        uses: actions/checkout@v4
+      - name: Check requirements.txt
         run: |
-          (diff -w python/requirements-direct.txt python/requirements.txt || true) | (! grep -e "^<")
+          (diff -w <(grep -v "python_version >  '3.7'" python/requirements.txt | sed -e "s/;.*//") python/requirements-3.7.txt || true) | (! grep -e "^<")
+          (diff -w <(grep -v "python_version <= '3.7'" python/requirements.txt | sed -e "s/;.*//") python/requirements-post-3.7.txt || true) | (! grep -e "^<")
         shell: bash
       - name: Check for dependency updates
         continue-on-error: true
-        run:
-          .github/upgrade-pip-packages.sh
+        run: |
+          pip install tox
+          tox
+          git diff --exit-code
         shell: bash
 
   test-mac:
     name: "Test macOS"
     uses: "./.github/workflows/test-os.yml"
     with:
-      os: '["macos-11", "macos-12", "macos-13"]'
+      os: '["macos-11", "macos-12", "macos-13", "macos-14"]'
+      python-version: '["3.10", "3.11", "3.12", "installed"]'
+      include: >
+        [
+          {"os": "macos-11", "python-version": "3.7"},
+          {"os": "macos-11", "python-version": "3.8"},
+          {"os": "macos-11", "python-version": "3.9"},
+          {"os": "macos-12", "python-version": "3.8"},
+          {"os": "macos-12", "python-version": "3.9"},
+          {"os": "macos-13", "python-version": "3.8"},
+          {"os": "macos-13", "python-version": "3.9"},
+        ]
 
   test-lnx:
     name: "Test Ubuntu"
     uses: "./.github/workflows/test-os.yml"
     with:
       os: '["ubuntu-20.04", "ubuntu-22.04"]'
+      python-version: '["3.8", "3.9", "3.10", "3.11", "3.12", "installed"]'
+      include: '[{"os": "ubuntu-20.04", "python-version": "3.7"}]'
 
   test-win:
     name: "Test Windows"
     uses: "./.github/workflows/test-os.yml"
     with:
       os: '["windows-2019", "windows-2022"]'
+      python-version: '["3.8", "3.9", "3.10", "3.11", "3.12", "installed"]'
+      include: '[{"os": "windows-2019", "python-version": "3.7"}]'
 
   publish:
     name: "Publish"
@@ -75,10 +93,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Extract action image and version
-        # we deploy from a specific commit on main (the one that mentions a new version the first time)
+        # we deploy from a specific commit on master (the one that mentions a new version the first time)
         # so we need to tell docker/metadata-action to extract docker tags from that version
         id: action
         run: |
@@ -93,12 +111,10 @@ jobs:
         env:
           DOCKER_CLI_EXPERIMENTAL: enabled
         run: |
-          exists='false'
           if docker manifest inspect '${{ steps.action.outputs.image }}'
           then
-            exists='true'
+            echo "exists=true" >>$GITHUB_OUTPUT
           fi
-          echo "exists=$exists" >>$GITHUB_OUTPUT
         shell: bash
 
   deploy:
@@ -131,73 +147,41 @@ jobs:
             type=semver,pattern={{version}},value=${{ needs.config-deploy.outputs.image-version }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Check Conditions
-        id: check_conditions
-        run: |
-          should_push_value='false'
-          if [[ '${{ github.event_name }}' == 'push' ]]; then
-            if [[ ${{ startsWith(github.ref, 'refs/heads/main') }} && '${{ needs.config-deploy.outputs.image-exists }}' != 'true' ]]; then
-              should_push_value='true'
-            fi
-          fi
-          echo "should_push=$should_push_value" >> "$GITHUB_OUTPUT"
-
-
       - name: Build and push Docker image
-        uses: docker/build-push-action@v4
-        id: build
+        uses: docker/build-push-action@v5
         with:
           tags: ${{ steps.docker-meta.outputs.tags }}
           labels: ${{ steps.docker-meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64
           pull: true
-          # deploy image actions from commits pushed to main and
+          # deploy image actions from commits pushed to master and
           # deploy Dockerfile actions from pushed version tags (no major versions)
-          push: ${{ steps.check_conditions.outputs.should_push }}
-      - name: Output image
-        id: image
-        env:
-          IMAGE_REGISTRY: ghcr.io
-          IMAGE_NAME: ${{ github.repository }}
-        run: |
-          # NOTE: Set the image as an output because the `env` context is not
-          # available to the inputs of a reusable workflow call.
-          image_name="${IMAGE_REGISTRY}/${IMAGE_NAME}"
-          echo "image=$image_name" >> "$GITHUB_OUTPUT"
-  
-  provenance:
-    needs: [deploy]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations.
-    if: ${{ needs.deploy.outputs.should_push == 'true' }}
-    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
-    with:
-      image: ${{ needs.deploy.outputs.image }}
-      digest: ${{ needs.deploy.outputs.digest }}
-      registry-username: ${{ github.actor }}
-    secrets:
-      registry-password: ${{ secrets.GITHUB_TOKEN }}        
-
+          push: |
+            ${{
+              github.event_name == 'push' && (
+                needs.config-deploy.outputs.image != 'Dockerfile' && startsWith(github.ref, 'refs/heads/master') && needs.config-deploy.outputs.image-exists != 'true' ||
+                needs.config-deploy.outputs.image == 'Dockerfile' && startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '.')
+              )
+            }}
+
   event_file:
     name: "Event File"
     runs-on: ubuntu-latest
     steps:
       - name: Upload
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Event File
           path: ${{ github.event_path }}