limit codeql and fix get tag name

- chore(ci): in testsuite do not download artifacts - chore(ci): in release get tag name, not branch name. Prevent build create dev wheel - chore(ci): in codeql limit to src folder tree. Include igor.py and ci/session.py - chore(ci): in codeql remove from matrix javascript
msftcangoblowm · Feb 28, 2024 · 5b99d35 · 5b99d35
1 parent 43310dc
commit 5b99d35
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 16 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -9,6 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
+# `docs <https://docs.github.com/en/code-security/code-scanning>`_
 name: "CodeQL"
 
 on:
@@ -25,6 +26,17 @@ on:
 permissions:
   contents: read
 
+# ignores the tests/ folder
+# CodeQL compiles code. The executed code is the compiled code within __pycache__ folders.
+# In compiled code, __file__ path differs. Causing unforeseeable gotchas
+paths:
+  - src
+  - igor.py
+  - ci/*.py
+paths-ignore:
+  - 'src/**/bad_idea/**/*.yaml'
+  - 'src/**/configs/*.yaml'
+
 jobs:
   analyze:
     name: Analyze
@@ -39,7 +51,7 @@ jobs:
       matrix:
         language:
           - python
-          - javascript
+          # - javascript
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 

diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -19,7 +19,6 @@ defaults:
 
 env:
   PIP_DISABLE_PIP_VERSION_CHECK: 1
-  DEST_FOLDER: dist/
 
 permissions:
   contents: read

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,9 +17,11 @@ jobs:
     steps:
     - name: Checkout the repo
       uses: actions/checkout@v4
-    - name: Set output
+
+    - name: Get the version
       id: vars
-      run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+      run: echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+
     - name: Install py39
       uses: actions/setup-python@v5
       with:

diff --git a/.github/workflows/testsuite.yml b/.github/workflows/testsuite.yml
@@ -21,7 +21,6 @@ env:
   PIP_DISABLE_PIP_VERSION_CHECK: 1
   COVERAGE_IGOR_VERBOSE: 1
   FORCE_COLOR: 1    # Get colored test output
-  DEST_FOLDER: dist/
 
 permissions:
   contents: read
@@ -86,12 +85,6 @@ jobs:
           set -xe
           python -m pip install -r requirements/tox.pip
 
-      - name: Retrieve pre-built distribution files
-        uses: actions/download-artifact@v4
-        with:
-          name: python-distribution-files
-          path: ${{ env.DEST_FOLDER }}
-
       - name: "Run tox for ${{ matrix.python-version }}"
         run: |
           python -m tox -- -rfsEX

diff --git a/CHANGES.rst b/CHANGES.rst
@@ -15,11 +15,23 @@ Changelog
    - strictyaml has no automated tests
    - strictyaml has no typing hint stubs. ignore_missing_imports
 
+   - ci/kit.yml in sdist Set output tag will be branch name, not tag name see ci/release.yml
+
    Commit items for NEXT VERSION
    .................................
 
 .. scriv-start-here
 
+.. _changes_1-2-10:
+
+Version 1.2.10 — 2024-02-28
+---------------------------
+
+- chore(ci): in testsuite do not download artifacts
+- chore(ci): in release get tag name, not branch name. Prevent build create dev wheel
+- chore(ci): in codeql limit to src folder tree. Include igor.py and ci/session.py
+- chore(ci): in codeql remove from matrix javascript
+
 .. _changes_1-2-9:
 
 Version 1.2.9 — 2024-02-28

diff --git a/docs/conf.py b/docs/conf.py
@@ -60,9 +60,9 @@
 # @@@ editable
 copyright = "2023–2024, Dave Faulkmore"
 # The short X.Y.Z version.
-version = "1.2.9"
+version = "1.2.10"
 # The full version, including alpha/beta/rc tags.
-release = "1.2.9"
+release = "1.2.10"
 # The date of release, in "monthname day, year" format.
 release_date = "February 28, 2024"
 # @@@ end

diff --git a/howto.txt b/howto.txt
@@ -81,7 +81,7 @@
     - commit and publish home page (if any)
 - Kits:
     - Wait for kits to finish:
-        - https://github.com/msftcangoblowm/asz/.github/workflows/kit.yml
+        - https://github.com/msftcangoblowm/logging-strict/.github/workflows/kit.yml
     - Download and check built kits from GitHub Actions:
         $ make clean download_kits check_kits
         - there should be 52
@@ -111,9 +111,9 @@
         - keep just the latest version of each x.y release, make the rest active but hidden.
             - pre-releases should be hidden
     - IF NOT PRE-RELEASE:
-        - @ https://readthedocs.org/dashboard/asz/advanced/
+        - @ https://readthedocs.org/dashboard/logging-strict/advanced/
             - change the default and latest versions to the new version
-        - @ https://readthedocs.org/projects/coverage/builds/
+        - @ https://readthedocs.org/projects/logging-strict/builds/
             - manually build "latest"
             - wait for the new tag build to finish successfully.
 - Once CI passes, merge the bump-version branch to master and push it