Fix CI: resolve all zizmor security audit findings #399
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| env: | |
| COLUMNS: 200 | |
| # Many color libraries just need this variable to be set to any value. | |
| # Set it to 3 to support 8-bit color graphics (256 colors per channel) | |
| # for libraries that care about the value set. | |
| FORCE_COLOR: 3 | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| copier-template-tester: | |
| name: copier-template-tester (uv ${{ matrix.uv-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| uv-version: ["0.7.3", "latest"] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@94527f2e458b27549849d47d273a16bec83a01e9 # v7 | |
| with: | |
| version: ${{ matrix.uv-version }} | |
| - name: Use correct Python version in older uv version | |
| if: ${{ matrix.uv-version == '0.7.3' }} | |
| run: sed -i 's/14/13/g' ctt.toml copier.yml .python-version | |
| - name: Configure Git | |
| env: | |
| GH_ACTOR: ${{ github.actor }} | |
| run: | | |
| git config --global user.email "${GH_ACTOR}@users.noreply.github.com" | |
| git config --global user.name "${GH_ACTOR}" | |
| - name: Cache pre-commit | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml', 'project_name/.pre-commit-config.yaml.jinja') }} | |
| restore-keys: | | |
| pre-commit-${{ runner.os }}- | |
| - name: Run copier-template-tester | |
| run: uv run ctt |