Skip to content

Update GitHub Actions Workflows to Latest Versions#4

Closed
barkleesanders wants to merge 1 commit into
mainfrom
fix-workflow
Closed

Update GitHub Actions Workflows to Latest Versions#4
barkleesanders wants to merge 1 commit into
mainfrom
fix-workflow

Conversation

@barkleesanders
Copy link
Copy Markdown
Contributor

@barkleesanders barkleesanders commented May 13, 2025

  1. Updated CodeQL Action to v3

    • Both security jobs now use the latest version of CodeQL Action
    • Improved security scanning capabilities
    • Removed deprecated v2 actions

  2. Standardized Action Versions

    • checkout@v4
    • setup-python@v5
    • upload-artifact@v4
    • All actions now use explicit versions for stability

  3. Improved Security Configuration

    • Added proper security-events permissions
    • Maintained separate security job for better isolation
    • Updated Python-specific security scanning

  4. Python Development Environment

    • Updated to Python 3.11
    • Improved test coverage configuration
    • Added proper linting with ruff
    • Separated build and test steps

Security Implications

  • Uses the latest version of CodeQL Action for improved security scanning
  • Maintains proper permission isolation between jobs
  • Follows GitHub's best practices for workflow security

Testing

  • Workflows will run automatically on push and pull requests
  • Security scanning will be performed on all Python code
  • Test coverage will be generated and uploaded as artifact
  • Linting will be performed with ruff

Related Issues

  • Fixes deprecation warnings for CodeQL Action v2
  • Improves security compliance
  • Updates to latest best practices for GitHub Actions

Review Checklist

  • Verify CodeQL Action v3 configuration
  • Check security event permissions
  • Review Python version and dependencies
  • Confirm workflow triggers are correct
  • Test workflow on a PR

Additional Notes

The workflows have been updated to use the latest stable versions of all actions while maintaining compatibility with existing workflows. Security scanning has been improved with the latest CodeQL Action version."

@barkleesanders barkleesanders self-assigned this May 13, 2025
@OpenSourceIronman
Copy link
Copy Markdown
Contributor

OpenSourceIronman commented May 13, 2025

Updating to Python 3.11 mid cycle is a bad idea that could break entire code base. The Raspberry Pi CM4 that will run DMuffler code in production is Python 3.8 (I believe). I can give you cloud access to a Raspberry Pi 500 if you sign up from account at https://www.raspberrypi.com/software/connect/

@OpenSourceIronman
Copy link
Copy Markdown
Contributor

OpenSourceIronman commented May 13, 2025

CleanShot 2025-05-13 at 16 38 23

CleanShot 2025-05-13 at 16 38 43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OpenSourceIronman OpenSourceIronman Awaiting requested review from OpenSourceIronman

Assignees

@barkleesanders barkleesanders

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@barkleesanders @OpenSourceIronman