diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 6b6d442..521c3a9 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -52,7 +52,7 @@ on: pull_request: # weekly build on the master branch just to see what CPAN is doing schedule: - - cron: "19 19 * * 6" + - cron: "46 0 * * 2" jobs: perl: environment: automated_testing diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 0b3f47a..83fee1f 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,10 +1,25 @@ # brian's standard GitHub Actions macOS config for Perl 5 modules -# version 20220902.001 +# version 20250101.001 # https://github.com/briandfoy/github_workflows # https://github.com/features/actions # This file is licensed under the Artistic License 2.0 +# +# This uses the AUTOMATED_TESTING environment that you can set up +# in your repo settings. Or not. It still works if it isn't defined. +# In that environment, add whatever environment variables or secrets +# that you want. +--- name: macos +# https://github.com/actions/checkout/issues/1590 +env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + +# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id }} + cancel-in-progress: true + on: push: branches: @@ -32,10 +47,13 @@ on: - 'Changes' - 'LICENSE' - 'README.pod' - pull_request: + - 'README.md' + - 'SECURITY.md' + pull_request: jobs: perl: + environment: automated_testing runs-on: macOS-latest steps: - uses: actions/checkout@v3 @@ -44,7 +62,7 @@ jobs: - name: Set up Perl run: | brew install perl - ls -d /usr/local/Cellar/perl/*/bin | head -1 >> $GITHUB_PATH + ls -d /opt/homebrew/Cellar/perl/*/bin | head -1 >> $GITHUB_PATH perl -v | perl -0777 -ne 'm/(v5\.\d+)/ && print "PERL_VERSION=$1"' >> $GITHUB_ENV - name: Perl version check run: perl -V @@ -67,7 +85,7 @@ jobs: # but that's not a big deal. - name: Install dependencies run: | - cpan -M https://www.cpan.org -T . + cpan -M https://www.cpan.org -T . ${{ vars.EXTRA_CPAN_MODULES }} - name: Run tests run: | perl Makefile.PL @@ -102,7 +120,7 @@ jobs: - name: Run coverage tests if: env.PERL_VERSION != 'v5.8' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | cpan -M https://www.cpan.org -T Devel::Cover Devel::Cover::Report::Coveralls perl Makefile.PL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dfbc0b8..e430e10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,5 @@ # brian's standard GitHub Actions release config for Perl 5 modules -# version 20230604.001 +# version 20241118.001 # https://github.com/briandfoy/github_workflows # https://github.com/features/actions # This file is licensed under the Artistic License 2.0 @@ -12,10 +12,17 @@ # This requires that you configure a repository secret named # RELEASE_ACTION_TOKEN with a GitHub Personal Access Token # that has "read and write" permissions on Repository/Contents +--- name: release +# https://github.com/actions/checkout/issues/1590 +env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + permissions: contents: write + id-token: write + attestations: write on: push: @@ -40,11 +47,11 @@ jobs: environment: release runs-on: ${{ matrix.os }} strategy: - matrix: - os: - - ubuntu-20.04 - perl-version: - - 'latest' + matrix: + os: + - ubuntu-20.04 + perl-version: + - 'latest' container: image: perl:${{ matrix.perl-version }} steps: @@ -73,7 +80,7 @@ jobs: # but that's not a big deal. - name: Install dependencies run: | - cpanm --notest --installdeps --with-suggests --with-recommends . + cpanm --notest --installdeps --with-suggests --with-recommends . ${{ vars.EXTRA_CPAN_MODULES }} # This makes the distribution and tests it, but assumes by the time we # got here, everything else was already tested. - name: Create distro @@ -87,15 +94,28 @@ jobs: id: version - name: Changes extract run: | - perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; print; last' Changes > Changes-latest + perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; s/^\h+([*-])/$1/gm; s/^-/ -/gm; print; last' Changes > Changes-latest cat Changes-latest id: extract +# https://cli.github.com/manual/gh_attestation_verify +# DISTRO_FILE is the .tar.gz in the release +# GITHUB_ACCOUNT is the github name of the releaser +# gh auth login +# gh attestation verify DISTRO_FILE --owner GITHUB_ACCOUNT + - name: Generate artifact attestation + id: attestation + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ env.ASSET_NAME }} - name: upload uses: softprops/action-gh-release@v1 with: - body_path: Changes-latest - draft: false - prerelease: false - name: ${{ steps.version.outputs.name }} - files: "*.tar.gz" - token: ${{ secrets.RELEASE_ACTION_TOKEN }} + body_path: Changes-latest + draft: false + prerelease: false + name: ${{ steps.version.outputs.name }} + files: | + ${{ env.ASSET_NAME }} + ${{ steps.attestation.outputs.bundle-path }} + ${{ vars.EXTRA_RELEASE_PATHS }} + token: ${{ secrets.RELEASE_ACTION_TOKEN }} diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index d048dc9..37b5b2d 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,10 +1,25 @@ # brian's standard GitHub Actions Windows config for Perl 5 modules -# version 20220902.001 +# version 20250101.001 # https://github.com/briandfoy/github_workflows # https://github.com/features/actions # This file is licensed under the Artistic License 2.0 +# +# This uses the AUTOMATED_TESTING environment that you can set up +# in your repo settings. Or not. It still works if it isn't defined. +# In that environment, add whatever environment variables or secrets +# that you want. +--- name: windows +# https://github.com/actions/checkout/issues/1590 +env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + +# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id }} + cancel-in-progress: true + on: push: branches: @@ -32,17 +47,20 @@ on: - 'Changes' - 'LICENSE' - 'README.pod' - pull_request: + - 'README.md' + - 'SECURITY.md' + pull_request: jobs: perl: + environment: automated_testing runs-on: ${{ matrix.os }} # store any secrets in an environment named "testing" strategy: - matrix: - os: - - windows-2019 - - windows-2022 + matrix: + os: + - windows-2019 + - windows-2022 steps: - run: git config --global core.autocrlf false - uses: actions/checkout@v3 @@ -60,7 +78,7 @@ jobs: - name: Install dependencies run: | cpan -M https://www.cpan.org -T . - cpan -M https://www.cpan.org -T Test::Manifest + cpan -M https://www.cpan.org -T Test::Manifest ${{ vars.EXTRA_CPAN_MODULES }} - name: Run tests run: | perl Makefile.PL @@ -78,7 +96,7 @@ jobs: # stuff in parallel. - name: Run tests in parallel env: - HARNESS_OPTIONS: j10 + HARNESS_OPTIONS: j10 run: | perl Makefile.PL make test @@ -92,10 +110,12 @@ jobs: perl Makefile.PL make disttest make clean -# And, coverage reports +# And, coverage reports. Windows Devel::Coverage can't handle threads, +# so set the env var WINDOWS_SKIP_COVERAGE to skip this part. - name: Run coverage tests + if: env.WINDOWS_SKIP_COVERAGE != 0 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | cpan -M https://www.cpan.org -T Devel::Cover Devel::Cover::Report::Coveralls perl Makefile.PL