Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit990ea33

Browse files
[3.13] Add zizmor to pre-commit and fix most findings (#127749) (#127786)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>(cherry picked from commitae31df3)
1 parent8bf5b89 commit990ea33

18 files changed

+89
-29
lines changed

‎.github/workflows/build.yml‎

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ jobs:
4747
if:needs.check_source.outputs.run_tests == 'true'
4848
steps:
4949
-uses:actions/checkout@v4
50+
with:
51+
persist-credentials:false
5052
-uses:actions/setup-python@v5
5153
-name:Install dependencies
5254
run:|
@@ -101,6 +103,7 @@ jobs:
101103
-uses:actions/checkout@v4
102104
with:
103105
fetch-depth:1
106+
persist-credentials:false
104107
-name:Runner image version
105108
run:echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
106109
-name:Check Autoconf and aclocal versions
@@ -137,6 +140,8 @@ jobs:
137140
if:needs.check_source.outputs.run_tests == 'true'
138141
steps:
139142
-uses:actions/checkout@v4
143+
with:
144+
persist-credentials:false
140145
-uses:actions/setup-python@v5
141146
with:
142147
python-version:'3.x'
@@ -301,6 +306,8 @@ jobs:
301306
LD_LIBRARY_PATH:${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib
302307
steps:
303308
-uses:actions/checkout@v4
309+
with:
310+
persist-credentials:false
304311
-name:Runner image version
305312
run:echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
306313
-name:Restore config.cache
@@ -361,6 +368,8 @@ jobs:
361368
PYTHONSTRICTEXTENSIONBUILD:1
362369
steps:
363370
-uses:actions/checkout@v4
371+
with:
372+
persist-credentials:false
364373
-name:Register gcc problem matcher
365374
run:echo "::add-matcher::.github/problem-matchers/gcc.json"
366375
-name:Install Dependencies
@@ -443,7 +452,7 @@ jobs:
443452
#
444453
# (GH-104097) test_sysconfig is skipped because it has tests that are
445454
# failing when executed from inside a virtual environment.
446-
${{ env.VENV_PYTHON }} -m test \
455+
"${VENV_PYTHON}" -m test \
447456
-W \
448457
-o \
449458
-j4 \
@@ -478,6 +487,8 @@ jobs:
478487
ASAN_OPTIONS:detect_leaks=0:allocator_may_return_null=1:handle_segv=0
479488
steps:
480489
-uses:actions/checkout@v4
490+
with:
491+
persist-credentials:false
481492
-name:Runner image version
482493
run:echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
483494
-name:Restore config.cache

‎.github/workflows/documentation-links.yml‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,16 +10,16 @@ on:
1010
-'Doc/**'
1111
-'.github/workflows/doc.yml'
1212

13-
permissions:
14-
pull-requests:write
15-
1613
concurrency:
1714
group:${{ github.workflow }}-${{ github.head_ref || github.run_id }}
1815
cancel-in-progress:true
1916

2017
jobs:
2118
documentation-links:
2219
runs-on:ubuntu-latest
20+
permissions:
21+
pull-requests:write
22+
2323
steps:
2424
-uses:readthedocs/actions/preview@v1
2525
with:

‎.github/workflows/jit.yml‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ jobs:
3232
timeout-minutes:90
3333
steps:
3434
-uses:actions/checkout@v4
35+
with:
36+
persist-credentials:false
3537
-name:Build tier two interpreter
3638
run:|
3739
./configure --enable-experimental-jit=interpreter --with-pydebug
@@ -103,6 +105,8 @@ jobs:
103105
CC:${{ matrix.compiler }}
104106
steps:
105107
-uses:actions/checkout@v4
108+
with:
109+
persist-credentials:false
106110
-uses:actions/setup-python@v5
107111
with:
108112
python-version:'3.11'
@@ -169,6 +173,8 @@ jobs:
169173
runs-on:ubuntu-latest
170174
steps:
171175
-uses:actions/checkout@v4
176+
with:
177+
persist-credentials:false
172178
-uses:actions/setup-python@v5
173179
with:
174180
python-version:'3.11'

‎.github/workflows/lint.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ jobs:
2020

2121
steps:
2222
-uses:actions/checkout@v4
23+
with:
24+
persist-credentials:false
2325
-uses:actions/setup-python@v5
2426
with:
2527
python-version:"3.x"

‎.github/workflows/mypy.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ jobs:
5151
timeout-minutes:10
5252
steps:
5353
-uses:actions/checkout@v4
54+
with:
55+
persist-credentials:false
5456
-uses:actions/setup-python@v5
5557
with:
5658
python-version:"3.13"

‎.github/workflows/require-pr-label.yml‎

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,14 @@ on:
44
pull_request:
55
types:[opened, reopened, labeled, unlabeled, synchronize]
66

7-
permissions:
8-
issues:write
9-
pull-requests:write
10-
117
jobs:
128
label:
139
name:DO-NOT-MERGE / unresolved review
1410
if:github.repository_owner == 'python'
1511
runs-on:ubuntu-latest
12+
permissions:
13+
issues:write
14+
pull-requests:write
1615
timeout-minutes:10
1716

1817
steps:

‎.github/workflows/reusable-change-detection.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@ jobs:
6161
-run:>-
6262
echo '${{ github.event_name }}'
6363
-uses:actions/checkout@v4
64+
with:
65+
persist-credentials:false
6466
-name:Check for source changes
6567
id:check
6668
run:|

‎.github/workflows/reusable-docs.yml‎

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,14 @@ jobs:
2222
env:
2323
branch_base:'origin/${{ github.event.pull_request.base.ref }}'
2424
branch_pr:'origin/${{ github.event.pull_request.head.ref }}'
25+
commits:${{ github.event.pull_request.commits }}
2526
refspec_base:'+${{ github.event.pull_request.base.sha }}:remotes/origin/${{ github.event.pull_request.base.ref }}'
2627
refspec_pr:'+${{ github.event.pull_request.head.sha }}:remotes/origin/${{ github.event.pull_request.head.ref }}'
2728
steps:
2829
-name:'Check out latest PR branch commit'
2930
uses:actions/checkout@v4
3031
with:
32+
persist-credentials:false
3133
ref:>-
3234
${{
3335
github.event_name == 'pull_request'
@@ -39,15 +41,15 @@ jobs:
3941
if:github.event_name == 'pull_request'
4042
run:|
4143
# Fetch enough history to find a common ancestor commit (aka merge-base):
42-
git fetch origin${{ env.refspec_pr }} --depth=$((${{ github.event.pull_request.commits }} + 1 )) \
44+
git fetch origin"${refspec_pr}" --depth=$(( commits + 1 )) \
4345
--no-tags --prune --no-recurse-submodules
4446
4547
# This should get the oldest commit in the local fetched history (which may not be the commit the PR branched from):
46-
COMMON_ANCESTOR=$( git rev-list --first-parent --max-parents=0 --max-count=1${{ env.branch_pr }} )
48+
COMMON_ANCESTOR=$( git rev-list --first-parent --max-parents=0 --max-count=1"${branch_pr}" )
4749
DATE=$( git log --date=iso8601 --format=%cd "${COMMON_ANCESTOR}" )
4850
4951
# Get all commits since that commit date from the base branch (eg: master or main):
50-
git fetch origin${{ env.refspec_base }} --shallow-since="${DATE}" \
52+
git fetch origin"${refspec_base}" --shallow-since="${DATE}" \
5153
--no-tags --prune --no-recurse-submodules
5254
-name:'Set up Python'
5355
uses:actions/setup-python@v5
@@ -69,7 +71,7 @@ jobs:
6971
if:github.event_name == 'pull_request'
7072
run:|
7173
python Doc/tools/check-warnings.py \
72-
--annotate-diff'${{ env.branch_base }}' '${{ env.branch_pr }}' \
74+
--annotate-diff"${branch_base}" "${branch_pr}" \
7375
--fail-if-regression \
7476
--fail-if-improved \
7577
--fail-if-new-news-nit
@@ -81,6 +83,8 @@ jobs:
8183
timeout-minutes:60
8284
steps:
8385
-uses:actions/checkout@v4
86+
with:
87+
persist-credentials:false
8488
-name:'Set up Python'
8589
uses:actions/setup-python@v5
8690
with:
@@ -99,6 +103,8 @@ jobs:
99103
timeout-minutes:60
100104
steps:
101105
-uses:actions/checkout@v4
106+
with:
107+
persist-credentials:false
102108
-uses:actions/cache@v4
103109
with:
104110
path:~/.cache/pip

‎.github/workflows/reusable-macos.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ jobs:
2929
runs-on:${{ inputs.os }}
3030
steps:
3131
-uses:actions/checkout@v4
32+
with:
33+
persist-credentials:false
3234
-name:Runner image version
3335
run:echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
3436
-name:Restore config.cache

‎.github/workflows/reusable-tsan.yml‎

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,13 @@ jobs:
2323
name:'Thread sanitizer'
2424
runs-on:ubuntu-24.04
2525
timeout-minutes:60
26+
env:
27+
OPTIONS:${{ inputs.options }}
28+
SUPPRESSIONS_PATH:${{ inputs.suppressions_path }}
2629
steps:
2730
-uses:actions/checkout@v4
31+
with:
32+
persist-credentials:false
2833
-name:Runner image version
2934
run:echo "IMAGE_VERSION=${ImageVersion}" >> $GITHUB_ENV
3035
-name:Restore config.cache
@@ -47,7 +52,7 @@ jobs:
4752
sudo sysctl -w vm.mmap_rnd_bits=28
4853
-name:TSAN Option Setup
4954
run:|
50-
echo "TSAN_OPTIONS=log_path=${GITHUB_WORKSPACE}/tsan_log suppressions=${GITHUB_WORKSPACE}/${{ inputs.suppressions_path }} handle_segv=0" >> $GITHUB_ENV
55+
echo "TSAN_OPTIONS=log_path=${GITHUB_WORKSPACE}/tsan_log suppressions=${GITHUB_WORKSPACE}/${SUPPRESSIONS_PATH} handle_segv=0" >> $GITHUB_ENV
5156
echo "CC=clang" >> $GITHUB_ENV
5257
echo "CXX=clang++" >> $GITHUB_ENV
5358
-name:Add ccache to PATH
@@ -59,7 +64,7 @@ jobs:
5964
save:${{ github.event_name == 'push' }}
6065
max-size:"200M"
6166
-name:Configure CPython
62-
run:${{ inputs.options }}
67+
run:"${OPTIONS}"
6368
-name:Build CPython
6469
run:make -j4
6570
-name:Display build info

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp