ci/cd: remove workflows for the time being; add dependabot

This commit is contained in:
Mark Joshwel 2024-06-18 18:54:41 +08:00
parent 5737d22237
commit 822eee5b11
3 changed files with 9 additions and 102 deletions

View file

@ -1,7 +1,14 @@
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
directory: "/src/surplus"
schedule:
interval: "weekly"
- package-ecosystem: "pip"
directory: "/src/spow-telegram-bridge"
schedule:
interval: "daily"
- package-ecosystem: gomod
directory: "/src/spow-whatsapp-bridge"
schedule:
interval: "daily"

View file

@ -1,75 +0,0 @@
name: continous deployment
on:
workflow_dispatch:
push:
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: checkout
uses: actions/checkout@v4.1.2
with:
ref: ${{ github.ref }}
- name: get branch name
id: get-branch-name
uses: tj-actions/branch-names@v8
- name: install devbox
uses: jetpack-io/devbox-install-action@v0.8.0
- name: run releaser.py
run: devbox run python releaser.py
env:
SURPLUS_BUILD_BRANCH: ${{ steps.get-branch-name.outputs.base_ref_branch }}
- name: build project
id: build
run: devbox run hatch build
- name: duplicate non-versioned wheel
run: cp dist/surplus-*.whl dist/surplus-latest-py3-none-any.whl
- name: generate provenance subjects
id: hash
run: |
cd dist
HASHES=$(sha256sum * | base64 -w0)
echo "hashes=$HASHES" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@v3
with:
name: wheels
path: dist/
release:
if: startsWith(github.ref, 'refs/tags/v')
needs: [build]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: release
uses: softprops/action-gh-release@v2.0.4
with:
files: |
dist/*.whl
provenance:
needs: [build]
permissions:
actions: read
id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: true

View file

@ -1,25 +0,0 @@
name: continuous integration
on:
workflow_dispatch:
push:
paths:
- "*.py"
- "**.py"
- "*.lock"
- "pyproject.toml"
jobs:
analyse:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4.1.2
with:
ref: ${{ github.ref }}
- name: install devbox
uses: jetpack-io/devbox-install-action@v0.8.0
- name: run checks
run: devbox run hatch run check