From 277c1db86252393fed35a2e8fca96413266761a0 Mon Sep 17 00:00:00 2001
From: brian d foy <briandfoy@pobox.com>
Date: Thu, 2 Jan 2025 15:04:29 -0500
Subject: [PATCH] Update workflows
---
.github/workflows/linux.yml | 77 ++++++++++++++++++++++++++---------
.github/workflows/macos.yml | 26 +++++++++---
.github/workflows/release.yml | 48 +++++++++++++++-------
.github/workflows/windows.yml | 38 ++++++++++++-----
4 files changed, 141 insertions(+), 48 deletions(-)
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 8ed6d5d..5f3d7a7 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -1,10 +1,25 @@
# brian's standard GitHub Actions Ubuntu config for Perl 5 modules
-# version 20230718.001
+# version 20241126.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
+#
+# This uses the AUTOMATED_TESTING environment that you can set up
+# in your repo settings. Or not. It still works if it isn't defined.
+# In that environment, add whatever environment variables or secrets
+# that you want.
+---
name: ubuntu
+# https://github.com/actions/checkout/issues/1590
+env:
+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
+# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id }}
+ cancel-in-progress: true
+
on:
push:
branches:
@@ -32,23 +47,27 @@ on:
- 'Changes'
- 'LICENSE'
- 'README.pod'
- pull_request:
-
+ pull_request:
+ # weekly build on the master branch just to see what CPAN is doing
+ schedule:
+ - cron: "37 3 * * 0"
jobs:
perl:
+ environment: automated_testing
runs-on: ${{ matrix.os }}
strategy:
- matrix:
- os:
- - ubuntu-22.04
- perl-version:
- - '5.26'
- - '5.28'
- - '5.30'
- - '5.32'
- - '5.34'
- - '5.36'
- - 'latest'
+ matrix:
+ os:
+ - ubuntu-22.04
+ perl-version:
+ - '5.26-buster'
+ - '5.28-buster'
+ - '5.30-bullseye'
+ - '5.32-bullseye'
+ - '5.34-bullseye'
+ - '5.36-bookworm'
+ - '5.38-bookworm'
+ - 'latest'
container:
image: perl:${{ matrix.perl-version }}
steps:
@@ -64,6 +83,26 @@ jobs:
- name: Setup environment
run: |
echo "PERL_LWP_SSL_VERIFY_HOSTNAME=0" >> $GITHUB_ENV
+# HTML::Tagset bumped its minimum version to v5.10 for no good reason
+# but this is a prereq to LWP, which runs on v5.8. To get around this,
+# download the tarball and fix it for v5.8. Install it before we try
+# to install things that depend on it. More recent versions will
+# install it normally.
+# 1. remove the META files which have references to v5.10 and ignore
+# the warnings
+# 2. fix Makefile.PL to remove two references to v5.10
+# https://github.com/libwww-perl/HTML-Tagset/pull/14
+ - name: fix html-tagset for v5.8
+ if: env.PERL_VERSION == 'v5.8'
+ run: |
+ curl -L -O https://cpan.metacpan.org/authors/id/P/PE/PETDANCE/HTML-Tagset-3.24.tar.gz
+ tar -xzf HTML-Tagset-3.24.tar.gz
+ cd HTML-Tagset-3.24
+ rm META.*
+ mv Makefile.PL Makefile.PL.orig
+ perl -n -e 'next if /(^use 5)|(MIN_PERL)/; print' Makefile.PL.orig > Makefile.PL
+ cpan -T .
+ cd ..
# I had some problems with openssl on Ubuntu, so I punted by installing
# cpanm first, which is easy. I can install IO::Socket::SSL with that,
# then switch back to cpan. I didn't explore this further, but what you
@@ -72,17 +111,17 @@ jobs:
- name: Install cpanm and multiple modules
run: |
curl -L https://cpanmin.us | perl - App::cpanminus
- cpanm --notest IO::Socket::SSL App::Cpan HTTP::Tiny ExtUtils::MakeMaker Test::Manifest Test::More
+ cpanm --notest IO::Socket::SSL LWP::Protocol::https App::Cpan HTTP::Tiny ExtUtils::MakeMaker Test::Manifest Test::More
# Install the dependencies, again not testing them. This installs the
# module in the current directory, so we end up installing the module,
# but that's not a big deal.
- name: Install dependencies
run: |
- cpanm --notest --installdeps --with-suggests --with-recommends .
+ cpanm --notest --installdeps --with-suggests --with-recommends . ${{ vars.EXTRA_CPAN_MODULES }}
- name: Show cpanm failures
- if: ${{ failure() }}
+ if: ${{ failure() }}
run: |
- cat /home/runner/.cpanm/work/*/build.log
+ cat /github/home/.cpanm/work/*/build.log
- name: Run tests
run: |
perl Makefile.PL
@@ -118,7 +157,7 @@ jobs:
- name: Run coverage tests
if: env.PERL_VERSION != 'v5.8' && env.PERL_VERSION != 'v5.10'
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cpanm --notest Devel::Cover Devel::Cover::Report::Coveralls
perl Makefile.PL
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 0b3f47a..c0a7bc5 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -1,10 +1,25 @@
# brian's standard GitHub Actions macOS config for Perl 5 modules
-# version 20220902.001
+# version 20241126.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
+#
+# This uses the AUTOMATED_TESTING environment that you can set up
+# in your repo settings. Or not. It still works if it isn't defined.
+# In that environment, add whatever environment variables or secrets
+# that you want.
+---
name: macos
+# https://github.com/actions/checkout/issues/1590
+env:
+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
+# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id }}
+ cancel-in-progress: true
+
on:
push:
branches:
@@ -32,10 +47,11 @@ on:
- 'Changes'
- 'LICENSE'
- 'README.pod'
- pull_request:
+ pull_request:
jobs:
perl:
+ environment: automated_testing
runs-on: macOS-latest
steps:
- uses: actions/checkout@v3
@@ -44,7 +60,7 @@ jobs:
- name: Set up Perl
run: |
brew install perl
- ls -d /usr/local/Cellar/perl/*/bin | head -1 >> $GITHUB_PATH
+ ls -d /opt/homebrew/Cellar/perl/*/bin | head -1 >> $GITHUB_PATH
perl -v | perl -0777 -ne 'm/(v5\.\d+)/ && print "PERL_VERSION=$1"' >> $GITHUB_ENV
- name: Perl version check
run: perl -V
@@ -67,7 +83,7 @@ jobs:
# but that's not a big deal.
- name: Install dependencies
run: |
- cpan -M https://www.cpan.org -T .
+ cpan -M https://www.cpan.org -T . ${{ vars.EXTRA_CPAN_MODULES }}
- name: Run tests
run: |
perl Makefile.PL
@@ -102,7 +118,7 @@ jobs:
- name: Run coverage tests
if: env.PERL_VERSION != 'v5.8'
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cpan -M https://www.cpan.org -T Devel::Cover Devel::Cover::Report::Coveralls
perl Makefile.PL
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dfbc0b8..e430e10 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,5 +1,5 @@
# brian's standard GitHub Actions release config for Perl 5 modules
-# version 20230604.001
+# version 20241118.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
@@ -12,10 +12,17 @@
# This requires that you configure a repository secret named
# RELEASE_ACTION_TOKEN with a GitHub Personal Access Token
# that has "read and write" permissions on Repository/Contents
+---
name: release
+# https://github.com/actions/checkout/issues/1590
+env:
+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
permissions:
contents: write
+ id-token: write
+ attestations: write
on:
push:
@@ -40,11 +47,11 @@ jobs:
environment: release
runs-on: ${{ matrix.os }}
strategy:
- matrix:
- os:
- - ubuntu-20.04
- perl-version:
- - 'latest'
+ matrix:
+ os:
+ - ubuntu-20.04
+ perl-version:
+ - 'latest'
container:
image: perl:${{ matrix.perl-version }}
steps:
@@ -73,7 +80,7 @@ jobs:
# but that's not a big deal.
- name: Install dependencies
run: |
- cpanm --notest --installdeps --with-suggests --with-recommends .
+ cpanm --notest --installdeps --with-suggests --with-recommends . ${{ vars.EXTRA_CPAN_MODULES }}
# This makes the distribution and tests it, but assumes by the time we
# got here, everything else was already tested.
- name: Create distro
@@ -87,15 +94,28 @@ jobs:
id: version
- name: Changes extract
run: |
- perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; print; last' Changes > Changes-latest
+ perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; s/^\h+([*-])/$1/gm; s/^-/ -/gm; print; last' Changes > Changes-latest
cat Changes-latest
id: extract
+# https://cli.github.com/manual/gh_attestation_verify
+# DISTRO_FILE is the .tar.gz in the release
+# GITHUB_ACCOUNT is the github name of the releaser
+# gh auth login
+# gh attestation verify DISTRO_FILE --owner GITHUB_ACCOUNT
+ - name: Generate artifact attestation
+ id: attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-path: ${{ env.ASSET_NAME }}
- name: upload
uses: softprops/action-gh-release@v1
with:
- body_path: Changes-latest
- draft: false
- prerelease: false
- name: ${{ steps.version.outputs.name }}
- files: "*.tar.gz"
- token: ${{ secrets.RELEASE_ACTION_TOKEN }}
+ body_path: Changes-latest
+ draft: false
+ prerelease: false
+ name: ${{ steps.version.outputs.name }}
+ files: |
+ ${{ env.ASSET_NAME }}
+ ${{ steps.attestation.outputs.bundle-path }}
+ ${{ vars.EXTRA_RELEASE_PATHS }}
+ token: ${{ secrets.RELEASE_ACTION_TOKEN }}
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index d048dc9..f3c79cb 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -1,10 +1,25 @@
# brian's standard GitHub Actions Windows config for Perl 5 modules
-# version 20220902.001
+# version 20241126.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
+#
+# This uses the AUTOMATED_TESTING environment that you can set up
+# in your repo settings. Or not. It still works if it isn't defined.
+# In that environment, add whatever environment variables or secrets
+# that you want.
+---
name: windows
+# https://github.com/actions/checkout/issues/1590
+env:
+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
+# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-concurrency
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id }}
+ cancel-in-progress: true
+
on:
push:
branches:
@@ -32,17 +47,18 @@ on:
- 'Changes'
- 'LICENSE'
- 'README.pod'
- pull_request:
+ pull_request:
jobs:
perl:
+ environment: automated_testing
runs-on: ${{ matrix.os }}
# store any secrets in an environment named "testing"
strategy:
- matrix:
- os:
- - windows-2019
- - windows-2022
+ matrix:
+ os:
+ - windows-2019
+ - windows-2022
steps:
- run: git config --global core.autocrlf false
- uses: actions/checkout@v3
@@ -60,7 +76,7 @@ jobs:
- name: Install dependencies
run: |
cpan -M https://www.cpan.org -T .
- cpan -M https://www.cpan.org -T Test::Manifest
+ cpan -M https://www.cpan.org -T Test::Manifest ${{ vars.EXTRA_CPAN_MODULES }}
- name: Run tests
run: |
perl Makefile.PL
@@ -78,7 +94,7 @@ jobs:
# stuff in parallel.
- name: Run tests in parallel
env:
- HARNESS_OPTIONS: j10
+ HARNESS_OPTIONS: j10
run: |
perl Makefile.PL
make test
@@ -92,10 +108,12 @@ jobs:
perl Makefile.PL
make disttest
make clean
-# And, coverage reports
+# And, coverage reports. Windows Devel::Coverage can't handle threads,
+# so set the env var WINDOWS_SKIP_COVERAGE to skip this part.
- name: Run coverage tests
+ if: env.WINDOWS_SKIP_COVERAGE != 0
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cpan -M https://www.cpan.org -T Devel::Cover Devel::Cover::Report::Coveralls
perl Makefile.PL