mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
53521bfda0
This changes very little but it does mean any jobs added in future have to be explicit about the permissions they need. This also makes OSSF scorecard happier. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
on:
|
|
schedule:
|
|
- cron: "0 13 * * *"
|
|
workflow_dispatch:
|
|
|
|
name: Specification version check
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
# Get the version of the TUF specification the project states it supports
|
|
get-supported-tuf-version:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.get-version.outputs.version }}
|
|
steps:
|
|
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
|
|
- uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
|
|
with:
|
|
python-version: "3.x"
|
|
- id: get-version
|
|
run: |
|
|
python3 -m pip install --upgrade pip
|
|
python3 -m pip install -e .
|
|
script="from tuf.api.metadata import SPECIFICATION_VERSION; \
|
|
print(f\"v{'.'.join(SPECIFICATION_VERSION)}\")"
|
|
ver=$(python3 -c "$script")
|
|
echo "version=$ver" >> $GITHUB_OUTPUT
|
|
# Get the latest TUF specification release and open an issue (if needed)
|
|
specification-bump-check:
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
needs: get-supported-tuf-version
|
|
uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master
|
|
with:
|
|
tuf-version: ${{needs.get-supported-tuf-version.outputs.version}}
|