[cleanup] Misc (#16452)

* Include `pin*` extras in lockfile
* Fix and clean up `devscripts/update_requirements.py`
* Improve release channel documentation
* Remove false statement from `--prefer-insecure` documentation
* Assorted code cleanup
* Set `GH_TELEMETRY=false` in CI/CD whenever `gh` is used
* Add comments about required checks in CI workflows
* Run `test-workflows.yml` for every PR so its checks can be required
* Verify actionlint attestation in CI
* Remove zizmor version to reduce workflow maintenance burden
  (zizmor-action handles pinning on its end)

Authored by: bashonly
This commit is contained in:
bashonly
2026-05-03 17:19:08 -05:00
committed by GitHub
parent 27973bae5e
commit 35684c1171
18 changed files with 158 additions and 108 deletions

View File

@@ -1,6 +1,7 @@
name: Challenge Tests
on:
push:
branches: ['master']
paths:
- .github/workflows/challenge-tests.yml
- test/test_jsc/*.py
@@ -9,6 +10,7 @@ on:
- yt_dlp/extractor/youtube/pot/**.py
- yt_dlp/utils/_jsruntime.py
pull_request:
branches: ['**']
paths:
- .github/workflows/challenge-tests.yml
- test/test_jsc/*.py
@@ -25,7 +27,7 @@ concurrency:
jobs:
tests:
name: Challenge Tests
name: Challenge tests
if: ${{ !contains(github.event.head_commit.message, ':ci skip') }}
permissions:
contents: read

View File

@@ -1,6 +1,7 @@
name: Core Tests
on:
push:
branches: ['master']
paths:
- pyproject.toml
- .github/**
@@ -13,6 +14,7 @@ on:
- yt_dlp/extractor/common.py
- yt_dlp/extractor/extractors.py
pull_request:
branches: ['**']
paths:
- pyproject.toml
- .github/**
@@ -33,7 +35,7 @@ concurrency:
jobs:
tests:
name: Core Tests
name: Core tests
if: ${{ !contains(github.event.head_commit.message, ':ci skip') }}
permissions:
contents: read

View File

@@ -5,9 +5,12 @@ on:
permissions: {}
env:
GH_TELEMETRY: "false"
jobs:
lockdown:
name: Issue Lockdown
name: Issue lockdown
if: vars.ISSUE_LOCKDOWN
permissions:
issues: write # Needed to lock issues
@@ -19,4 +22,4 @@ jobs:
ISSUE_NUMBER: ${{ github.event.issue.number }}
REPOSITORY: ${{ github.repository }}
run: |
gh issue lock "${ISSUE_NUMBER}" -R "${REPOSITORY}"
gh issue lock -R "${REPOSITORY}" "${ISSUE_NUMBER}"

View File

@@ -1,5 +1,10 @@
name: Quick Test
on: [push, pull_request]
on:
push:
branches: ['master']
# This workflow contains required checks and needs to run for EVERY pull_request
pull_request:
branches: ['**']
permissions: {}
@@ -9,7 +14,8 @@ concurrency:
jobs:
tests:
name: Core Test
# Required check; do not change name
name: Core test
if: ${{ !contains(github.event.head_commit.message, ':ci skip all') }}
permissions:
contents: read
@@ -31,7 +37,9 @@ jobs:
run: |
python3 -m yt_dlp -v || true
python3 ./devscripts/run_tests.py --pytest-args '--reruns 2 --reruns-delay 3.0' core
check:
# Required check; do not change name
name: Code check
if: ${{ !contains(github.event.head_commit.message, ':ci skip all') }}
permissions:
@@ -43,7 +51,7 @@ jobs:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.10'
python-version: '3.14'
- name: Install dev dependencies
run: python ./devscripts/install_deps.py --omit-default --include-group static-analysis
- name: Make lazy extractors

View File

@@ -19,7 +19,7 @@ permissions: {}
jobs:
release:
name: Publish Github release
name: Publish GitHub release
if: vars.BUILD_MASTER
permissions:
contents: write # May be needed to publish release

View File

@@ -70,7 +70,7 @@ jobs:
run: echo "${HEAD}" | tee .nightly_commit_hash
release:
name: Publish Github release
name: Publish GitHub release
needs: [check_nightly]
if: needs.check_nightly.outputs.commit
permissions:

View File

@@ -65,6 +65,9 @@ on:
permissions: {}
env:
GH_TELEMETRY: "false"
jobs:
prepare:
name: Prepare
@@ -226,7 +229,7 @@ jobs:
verbose: true
publish:
name: Publish Github release
name: Publish GitHub release
needs: [prepare, build]
permissions:
contents: write # Needed by gh to publish release to Github

View File

@@ -1,23 +1,10 @@
name: Test and lint workflows
on:
push:
branches: [master]
paths:
- .github/*.yml
- .github/workflows/*
- bundle/docker/linux/*.sh
- devscripts/setup_variables.py
- devscripts/setup_variables_tests.py
- devscripts/utils.py
branches: ['master']
# This workflow contains required checks and needs to run for EVERY pull_request
pull_request:
branches: [master]
paths:
- .github/*.yml
- .github/workflows/*
- bundle/docker/linux/*.sh
- devscripts/setup_variables.py
- devscripts/setup_variables_tests.py
- devscripts/utils.py
branches: ['**']
permissions: {}
@@ -28,10 +15,12 @@ concurrency:
env:
ACTIONLINT_VERSION: "1.7.11"
ACTIONLINT_SHA256SUM: 900919a84f2229bac68ca9cd4103ea297abc35e9689ebb842c6e34a3d1b01b0a
ACTIONLINT_REPO: https://github.com/rhysd/actionlint
ACTIONLINT_REPO: rhysd/actionlint
GH_TELEMETRY: "false"
jobs:
check:
# Required check; do not change name
name: Check workflows
permissions:
contents: read
@@ -45,19 +34,26 @@ jobs:
python-version: "3.13" # Keep this in sync with release.yml's prepare job
- name: Install requirements
env:
GH_TOKEN: ${{ github.token }}
ACTIONLINT_TARBALL: ${{ format('actionlint_{0}_linux_amd64.tar.gz', env.ACTIONLINT_VERSION) }}
shell: bash
run: |
python -m devscripts.install_deps --omit-default --include-group test
sudo apt -y install shellcheck
python -m pip install -U pyflakes
curl -LO "${ACTIONLINT_REPO}/releases/download/v${ACTIONLINT_VERSION}/${ACTIONLINT_TARBALL}"
gh release download \
--repo "${ACTIONLINT_REPO}" \
--pattern "${ACTIONLINT_TARBALL}" \
"v${ACTIONLINT_VERSION}"
gh attestation verify \
--repo "${ACTIONLINT_REPO}" \
"${ACTIONLINT_TARBALL}"
printf '%s %s' "${ACTIONLINT_SHA256SUM}" "${ACTIONLINT_TARBALL}" | sha256sum -c -
tar xvzf "${ACTIONLINT_TARBALL}" actionlint
chmod +x actionlint
sudo install -D --mode=755 actionlint /usr/bin/
- name: Run actionlint
run: |
./actionlint -color
actionlint -color
- name: Check Docker shell scripts
run: |
shellcheck bundle/docker/linux/*.sh
@@ -66,6 +62,7 @@ jobs:
pytest -Werror --tb=short --color=yes devscripts/setup_variables_tests.py
zizmor:
# Required check; do not change name
name: Run zizmor
permissions:
contents: read
@@ -80,4 +77,3 @@ jobs:
with:
advanced-security: false
persona: pedantic
version: v1.23.1