Skip to content

zlib: add patch for CVE 2023-45853 #1480

zlib: add patch for CVE 2023-45853

zlib: add patch for CVE 2023-45853 #1480

Workflow file for this run

on:
push:
branches: [main]
pull_request:
release:
types: [published]
env:
python_version: '3.12'
name: CI
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 10
if: "!contains(github.event.head_commit.message, 'skip ci')"
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: ${{ env.python_version }}
- name: Lint with Pre-commit
uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0
- name: Check Poetry lock file integrity
run: |
python -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
poetry check
test:
needs: lint
name: Test with Python ${{ matrix.python-version }}
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
runs-on: windows-latest
timeout-minutes: 60
if: "!contains(github.event.head_commit.message, 'skip ci')"
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- name: Use Python Dependency Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~\AppData\Local\pip\Cache
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-
- name: Install Poetry
run: |
python -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
- name: Install Python Dependencies
run: poetry install
- name: Install dependencies
run: |
pip install tox tox-gh-actions
# Temporarily move the preinstalled git, it causes errors related to cygwin.
- name: Move git binary
run: |
Move-Item "C:\Program Files\Git\usr\bin" "C:\Program Files\Git\usr\notbin"
Move-Item "C:\Program Files\Git\bin" "C:\Program Files\Git\notbin"
- name: Test with tox
run: tox
- name: Restore git binary
run: |
Move-Item "C:\Program Files\Git\usr\notbin" "C:\Program Files\Git\usr\bin"
Move-Item "C:\Program Files\Git\notbin" "C:\Program Files\Git\bin"
build:
needs: lint
name: Build GTK${{ matrix.gtk-version }} Binaries
runs-on: windows-latest
timeout-minutes: 75
if: "!contains(github.event.head_commit.message, 'skip ci')"
strategy:
matrix:
gtk-version: ['3', '4']
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: ${{ env.python_version }}
- name: Use Python Dependency Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~\AppData\Local\pip\Cache
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-
- name: Install Poetry
run: |
python -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
- name: Install Python Dependencies
run: poetry install
# Temporarily move the preinstalled git, it causes errors related to cygwin.
- name: Move git binary
run: |
Move-Item "C:\Program Files\Git\usr\bin" "C:\Program Files\Git\usr\notbin"
Move-Item "C:\Program Files\Git\bin" "C:\Program Files\Git\notbin"
- name: Build GTK3
if: matrix.gtk-version == '3'
run: >
poetry run gvsbuild build --ninja-opts -j2 gtk3 gtksourceview4 graphene
glib-networking
- name: Build GTK4
if: matrix.gtk-version == '4'
run: > # Use -j2 option to prevent out of memory errors with GitHub Action runners
poetry run gvsbuild build --ninja-opts -j2 --enable-gi cairo gtk4 libadwaita
gtksourceview5 gobject-introspection adwaita-icon-theme hicolor-icon-theme
- name: Restore git binary
run: |
Move-Item "C:\Program Files\Git\usr\notbin" "C:\Program Files\Git\usr\bin"
Move-Item "C:\Program Files\Git\notbin" "C:\Program Files\Git\bin"
- name: Create Source Dist and Wheel
run: poetry build
- name: Upload gvsbuild-${{ github.event.release.tag_name }}.tar.gz
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: github.event_name == 'release' && matrix.gtk-version == '4'
with:
name: gvsbuild-${{ github.event.release.tag_name }}.tar.gz
path: dist/gvsbuild-${{ github.event.release.tag_name }}.tar.gz
- name: Upload gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: github.event_name == 'release' && matrix.gtk-version == '4'
with:
name: gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl
path: dist/gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl
publish-to-pypi:
name: Publish to PyPI (release only)
needs: build
runs-on: ubuntu-22.04
permissions:
id-token: write
if: ${{ github.event_name == 'release' }}
steps:
- name: Download tar.gz
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: gvsbuild-${{ github.event.release.tag_name }}.tar.gz
path: dist
- name: Download wheel
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: gvsbuild-${{ github.event.release.tag_name }}-py3-none-any.whl
path: dist
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1