Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,12 @@ on:
tags:
- '*'
merge_group:

permissions:
contents: read

jobs:
Docs:
uses: tskit-dev/.github/.github/workflows/docs.yml@v17
uses: tskit-dev/.github/.github/workflows/docs.yml@v18
with:
additional-apt-packages: libgsl-dev
5 changes: 4 additions & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ on:
pull_request:
merge_group:

permissions:
contents: read

jobs:
Lint:
uses: tskit-dev/.github/.github/workflows/lint.yml@v17
uses: tskit-dev/.github/.github/workflows/lint.yml@v18
26 changes: 17 additions & 9 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,36 @@ on:
branches: [main, test]
merge_group:

permissions:
contents: read

jobs:

packaging:
name: Python packaging
uses: tskit-dev/.github/.github/workflows/python-packaging.yml@v17
uses: tskit-dev/.github/.github/workflows/python-packaging.yml@v18
with:
additional-apt-packages: libgsl-dev
cli-test-cmd: msp --help

test-c:
name: C tests
uses: tskit-dev/.github/.github/workflows/c-tests.yml@v17
uses: tskit-dev/.github/.github/workflows/c-tests.yml@v18
with:
additional-apt-packages: libgsl-dev
library-directory: lib
secrets: inherit
# Trusted first-party tskit-dev reusable workflow; needs secrets (e.g.
# CODECOV_TOKEN) passed through.
secrets: inherit # zizmor: ignore[secrets-inherit]

test-python-c:
name: Python-C tests
uses: tskit-dev/.github/.github/workflows/python-c-tests.yml@v17
uses: tskit-dev/.github/.github/workflows/python-c-tests.yml@v18
with:
additional-apt-packages: libgsl-dev
secrets: inherit
# Trusted first-party tskit-dev reusable workflow; needs secrets (e.g.
# CODECOV_TOKEN) passed through.
secrets: inherit # zizmor: ignore[secrets-inherit]

test-python:
name: Python
Expand All @@ -44,14 +51,15 @@ jobs:

steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.13.0
uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1
with:
access_token: ${{ github.token }}

- name: Checkout
uses: actions/checkout@v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
submodules: true
persist-credentials: false

- name: Fix windows symlinks
# This is horrible, but the "git config core.symlinks true" didn't work.
Expand Down Expand Up @@ -81,7 +89,7 @@ jobs:
run: sudo apt-get update && sudo apt-get install -y libgsl-dev

- name: Install uv and set the python version
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
python-version: ${{ matrix.python }}
version: "0.10.0"
Expand All @@ -102,7 +110,7 @@ jobs:
--cov-report=xml --cov-branch -n2

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v7.0.0
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/wheels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@ on:
release:
types: [published]

permissions:
contents: read

jobs:
build-wheels:
uses: tskit-dev/.github/.github/workflows/build-wheels.yml@v17
uses: tskit-dev/.github/.github/workflows/build-wheels.yml@v18
# To override os-list:
# with:
# python-version: "3.12"
Expand All @@ -22,7 +25,7 @@ jobs:
id-token: write
steps:
- name: Download artifacts
uses: actions/download-artifact@v7.0.0
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: build-*
path: dist
Expand All @@ -33,11 +36,11 @@ jobs:

- name: Publish distribution to Test PyPI
if: github.event_name == 'push' && github.ref_name == 'test-publish'
uses: pypa/gh-action-pypi-publish@v1.13.0
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
repository-url: https://test.pypi.org/legacy/
verbose: true

- name: Publish distribution to Production PyPI
if: github.event_name == 'release'
uses: pypa/gh-action-pypi-publish@v1.13.0
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
9 changes: 9 additions & 0 deletions .github/zizmor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# zizmor configuration for tskit-dev repos.
# Third-party actions must be hash-pinned; first-party tskit-dev reusable
# workflows are trusted and may stay pinned to a version tag (e.g. @v17).
rules:
unpinned-uses:
config:
policies:
tskit-dev/*: ref-pin
"*": hash-pin
14 changes: 14 additions & 0 deletions prek.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ files = { glob = [
"docs/**",
"lib/*.[c,h]",
"lib/tests/*.[c,h]",
".github/workflows/**",
]}

exclude = { glob = ["lib/avl.*", "lib/subprojects/**"]}
Expand Down Expand Up @@ -65,3 +66,16 @@ hooks = [
verbose = true,
},
]

[[repos]]
repo = "local"
hooks = [
{
id = "zizmor",
name = "zizmor",
language = "system",
entry = "uv run --only-group=lint zizmor",
files = "^\\.github/workflows/.*\\.ya?ml$",
pass_filenames = true,
},
]
1 change: 1 addition & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ lint = [
"clang-format==21.1.8",
"ruff==0.15.1",
"prek==0.3.3",
"zizmor==1.26.1",
]

wheels = [
Expand Down
22 changes: 22 additions & 0 deletions uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading