From 7c5c5e0dd16c702add48232caeed000709f70c92 Mon Sep 17 00:00:00 2001 From: bashonly <88596187+bashonly@users.noreply.github.com> Date: Sat, 16 May 2026 18:00:59 -0500 Subject: [PATCH] CI/CD cleanup (#62) --- .github/workflows/ci.yml | 115 +++++++++++++++++++++++++++------- .github/workflows/release.yml | 13 ++++ 2 files changed, 107 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5daa8b4..c83b770 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,15 +1,10 @@ name: CI on: push: - branches: - - '**' - paths-ignore: - - 'README.md' - - 'LICENSE' + branches: ['main'] + # This workflow contains required checks and needs to run for EVERY pull_request pull_request: - paths-ignore: - - 'README.md' - - 'LICENSE' + branches: ['**'] permissions: {} @@ -20,7 +15,8 @@ concurrency: env: ACTIONLINT_VERSION: "1.7.12" ACTIONLINT_SHA256SUM: 8aca8db96f1b94770f1b0d72b6dddcb1ebb8123cb3712530b08cc387b349a3d8 - ACTIONLINT_REPO: https://github.com/rhysd/actionlint + ACTIONLINT_REPO: rhysd/actionlint + GH_TELEMETRY: "false" jobs: actionlint: @@ -32,23 +28,28 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version: "3.14" + - name: Install requirements env: + GH_TOKEN: ${{ github.token }} ACTIONLINT_TARBALL: ${{ format('actionlint_{0}_linux_amd64.tar.gz', env.ACTIONLINT_VERSION) }} shell: bash run: | sudo apt -y install shellcheck - python -m pip install -U pyflakes - curl -LO "${ACTIONLINT_REPO}/releases/download/v${ACTIONLINT_VERSION}/${ACTIONLINT_TARBALL}" + gh release download \ + --repo "${ACTIONLINT_REPO}" \ + --pattern "${ACTIONLINT_TARBALL}" \ + "v${ACTIONLINT_VERSION}" + gh attestation verify \ + --repo "${ACTIONLINT_REPO}" \ + "${ACTIONLINT_TARBALL}" printf '%s %s' "${ACTIONLINT_SHA256SUM}" "${ACTIONLINT_TARBALL}" | sha256sum -c - tar xvzf "${ACTIONLINT_TARBALL}" actionlint - chmod +x actionlint + sudo install -D --mode=755 actionlint /usr/bin/ + - name: Run actionlint run: | - ./actionlint -color + actionlint -color zizmor: name: Audit workflows @@ -60,12 +61,12 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Run zizmor uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 with: advanced-security: false persona: pedantic - version: v1.23.1 ruff_format: name: Ruff format check @@ -76,6 +77,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1 with: args: "check --output-format github" @@ -89,6 +91,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1 with: args: "format --check --diff" @@ -102,13 +105,16 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Deno v2.x (latest) uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: deno-version: v2.x + - name: Install Deno requirements run: | deno install --frozen + - name: Run Prettier check run: | deno task fmt:check @@ -122,13 +128,16 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Deno v2.x (latest) uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: deno-version: v2.x + - name: Install Deno requirements run: | deno install --frozen + - name: Run ESLint check run: | deno task lint @@ -149,25 +158,30 @@ jobs: # required for hatch-vcs versioning fetch-depth: 0 persist-credentials: false + - name: Install Deno v2.x (latest) uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: deno-version: v2.x + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} + - name: Build project shell: bash run: | # `pip install -e` omits the force-included JS, so use `build` instead python -m pip install -U build python -m build + - name: Unpack wheel (Linux) if: matrix.runner == 'ubuntu-latest' shell: bash run: | unzip -u dist/yt_dlp_ejs-*.whl "yt_dlp_ejs/*" + - name: Unpack wheel (Windows) if: matrix.runner == 'windows-latest' shell: pwsh @@ -175,6 +189,7 @@ jobs: $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true Expand-Archive -Path dist/yt_dlp_ejs-*.whl -DestinationPath ./ -Force + - name: Run Python tests timeout-minutes: 5 shell: bash @@ -190,22 +205,27 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Deno v2.x (latest) uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: deno-version: v2.x + - name: Install Deno requirements run: | deno install --frozen + - name: Build control bundle run: | deno task bundle + - name: Generate bundle hashes shell: bash run: | pushd dist sha256sum -- yt.solver.*.js | tee SHA2-256SUMS popd + - name: Upload bundle hashes uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -213,6 +233,7 @@ jobs: path: | dist/SHA2-256SUMS compression-level: 0 + - name: Cache player JS files uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 env: @@ -221,6 +242,7 @@ jobs: path: | src/yt/solver/test/players key: test-player-js-${{ hashFiles('src/yt/solver/test/tests.ts') }} + - name: Download player JS files timeout-minutes: 15 run: | @@ -231,6 +253,7 @@ jobs: --allow-net=www.youtube.com \ --allow-sys=uid \ src/yt/solver/test/download.ts + - name: Upload player JS artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -251,20 +274,25 @@ jobs: # required for hatch-vcs versioning fetch-depth: 0 persist-credentials: false + - name: Install pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: version: 10 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # minimum supported version python-version: "3.10" + - name: Install Python requirements run: | python -m pip install -U build + - name: Test pnpm build run: | python -m build + - name: Verify artifact contents shell: bash run: | @@ -272,17 +300,21 @@ jobs: unzip -l dist/yt_dlp_ejs-*.whl | tee .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/core\.min\.js' .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/lib\.min\.js' .wheel_contents + - name: Install pnpm requirements run: | pnpm install --frozen-lockfile + - name: Bundle with pnpm run: | pnpm run bundle + - name: Download bundle hashes uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist name: bundle-hashes + - name: Verify bundle hashes run: | cd dist @@ -297,10 +329,12 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # minimum supported version python-version: "3.10" + - name: Verify lockfile run: | python ./check.py @@ -317,21 +351,26 @@ jobs: # required for hatch-vcs versioning fetch-depth: 0 persist-credentials: false + - name: Install Deno uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: # minimum supported version deno-version: "2.0.0" + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # minimum supported version python-version: "3.10" + - name: Install Python requirements run: | python -m pip install -U build + - name: Test Deno build run: | python -m build + - name: Verify artifact contents shell: bash run: | @@ -339,17 +378,21 @@ jobs: unzip -l dist/yt_dlp_ejs-*.whl | tee .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/core\.min\.js' .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/lib\.min\.js' .wheel_contents + - name: Install Deno requirements run: | deno install --frozen + - name: Bundle with Deno run: | deno task bundle + - name: Download bundle hashes uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist name: bundle-hashes + - name: Verify bundle hashes run: | cd dist @@ -365,19 +408,23 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Deno uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: # minimum supported version deno-version: "2.0.0" + - name: Install Deno requirements run: | deno install --frozen + - name: Download player JS artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: src/yt/solver/test/players name: player-js + - name: Run Deno tests run: | xargs -n 1 -P 10 deno test \ @@ -398,22 +445,27 @@ jobs: # required for hatch-vcs versioning fetch-depth: 0 persist-credentials: false + - name: Install Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: # minimum supported version bun-version: "1.0.31" no-cache: true + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # minimum supported version python-version: "3.10" + - name: Install Python requirements run: | python -m pip install -U build + - name: Test Bun build run: | python -m build + - name: Verify artifact contents shell: bash run: | @@ -421,17 +473,21 @@ jobs: unzip -l dist/yt_dlp_ejs-*.whl | tee .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/core\.min\.js' .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/lib\.min\.js' .wheel_contents + - name: Install Bun requirements run: | bun install --frozen-lockfile + - name: Bundle with Bun run: | bun --bun run bundle + - name: Download bundle hashes uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist name: bundle-hashes + - name: Verify bundle hashes run: | cd dist @@ -447,20 +503,24 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: # XXX: We support 1.0.31, but test suite requires 1.2.11+ bun-version: "1.2.11" no-cache: true + - name: Install Bun requirements run: | bun install --frozen-lockfile + - name: Download player JS artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: src/yt/solver/test/players name: player-js + - name: Run Bun tests run: | bun test @@ -477,21 +537,26 @@ jobs: # required for hatch-vcs versioning fetch-depth: 0 persist-credentials: false + - name: Install Node uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: # minimum supported version node-version: "20.0" + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # minimum supported version python-version: "3.10" + - name: Install Python requirements run: | python -m pip install -U build + - name: Test Node build run: | python -m build + - name: Verify artifact contents shell: bash run: | @@ -499,17 +564,21 @@ jobs: unzip -l dist/yt_dlp_ejs-*.whl | tee .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/core\.min\.js' .wheel_contents grep -q 'yt_dlp_ejs/yt/solver/lib\.min\.js' .wheel_contents + - name: Install Node requirements run: | npm ci + - name: Bundle with Node run: | npm run bundle + - name: Download bundle hashes uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist name: bundle-hashes + - name: Verify bundle hashes run: | cd dist @@ -525,24 +594,29 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - name: Install Node uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: # XXX: We support 20.0, but test suite requires 22.18+ node-version: "22.18" + - name: Install Node requirements run: | npm ci + - name: Download player JS artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: src/yt/solver/test/players name: player-js + - name: Run Node tests run: | node --test all_passed: + # Required check; do not change name name: all_passed needs: - actionlint @@ -560,8 +634,7 @@ jobs: - bun_tests - node_build - node_tests - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - - name: All checks passed - run: | - echo "All checks passed!" + - run: | + true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9b5adca..9807704 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,9 @@ on: permissions: {} +env: + GH_TELEMETRY: "false" + jobs: build: name: Build artifacts @@ -17,19 +20,24 @@ jobs: with: fetch-depth: 0 # Needed for hatch-vcs versioning persist-credentials: false + - uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 with: deno-version: 3fbb1daddbc9333cddf0d8c0735811717dd70f7a # v2.6.3 cache: false + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.10" + - name: Install Python requirements run: | python -m pip install -U build + - name: Build Python artifacts run: | python -m build + - name: Upload Python artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -38,10 +46,12 @@ jobs: dist/yt_dlp_ejs-*.whl dist/yt_dlp_ejs-*.tar.gz compression-level: 0 + - name: Build JavaScript artifacts run: | deno install --frozen deno task bundle + - name: Upload JavaScript artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -62,6 +72,7 @@ jobs: with: path: dist name: artifacts-py + - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: @@ -78,11 +89,13 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist pattern: artifacts-* merge-multiple: true + - name: Create GitHub Release env: TAG: ${{ github.ref_name }}