CM-24003 - Integrate Cimon (#121)

MarshalX · web-flow · commit 9587f87bd164 · 2023-06-11T20:39:10.000+02:00
diff --git a/.github/workflows/build_executable.yml b/.github/workflows/build_executable.yml
@@ -19,6 +19,13 @@ jobs:
         shell: bash
 
     steps:
+      - name: Run Cimon
+        if: matrix.os == 'ubuntu-20.04'
+        uses: cycodelabs/cimon-action@v0
+        with:
+          client-id: ${{ secrets.CIMON_CLIENT_ID }}
+          secret: ${{ secrets.CIMON_SECRET }}
+
       - name: Checkout repository
         uses: actions/checkout@v3
         with:
diff --git a/.github/workflows/pre_release.yml b/.github/workflows/pre_release.yml
@@ -14,41 +14,51 @@ jobs:
       id-token: write
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: Set up Python 3.7
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.7'
-
-    - name: Install Poetry
-      run: curl -sSL https://install.python-poetry.org | python - -y
-
-    - name: Update PATH
-      run: echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-    - name: Install Poetry Plugin
-      run: poetry self add "poetry-dynamic-versioning[plugin]"
-
-    - name: Check Pre-Release Version
-      id: check-version
-      run: |
-        echo "::debug::Package version: $(poetry version --short)"
-        [[ "$(poetry version --short)" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || echo prerelease=true >> $GITHUB_OUTPUT
-
-    - name: Exit if not Pre-Release Version
-      if: steps.check-version.outputs.prerelease != 'true'
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        gh run cancel ${{ github.run_id }}
-        gh run watch ${{ github.run_id }}
-
-    - name: Build package
-      run: poetry build
-
-    - name: Publish a Python distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      - name: Run Cimon
+        uses: cycodelabs/cimon-action@v0
+        with:
+          client-id: ${{ secrets.CIMON_CLIENT_ID }}
+          secret: ${{ secrets.CIMON_SECRET }}
+          prevent: true
+          fail-on-error: true
+          allowed-hosts: >
+            files.pythonhosted.org
+            install.python-poetry.org
+            pypi.org
+            upload.pypi.org
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python 3.7
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.7'
+
+      - name: Setup Poetry
+        uses: snok/install-poetry@v1
+
+      - name: Install Poetry Plugin
+        run: poetry self add "poetry-dynamic-versioning[plugin]"
+
+      - name: Check Pre-Release Version
+        id: check-version
+        run: |
+          echo "::debug::Package version: $(poetry version --short)"
+          [[ "$(poetry version --short)" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || echo prerelease=true >> $GITHUB_OUTPUT
+
+      - name: Exit if not Pre-Release Version
+        if: steps.check-version.outputs.prerelease != 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh run cancel ${{ github.run_id }}
+          gh run watch ${{ github.run_id }}
+
+      - name: Build package
+        run: poetry build
+
+      - name: Publish a Python distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,7 +2,7 @@ name: Build and Publish release
 
 on:
   release:
-    types: [created]
+    types: [ created ]
 
 jobs:
   release:
@@ -13,6 +13,19 @@ jobs:
       id-token: write
 
     steps:
+      - name: Run Cimon
+        uses: cycodelabs/cimon-action@v0
+        with:
+          client-id: ${{ secrets.CIMON_CLIENT_ID }}
+          secret: ${{ secrets.CIMON_SECRET }}
+          prevent: true
+          fail-on-error: true
+          allowed-hosts: >
+            files.pythonhosted.org
+            install.python-poetry.org
+            pypi.org
+            upload.pypi.org
+
       - name: Checkout repository
         uses: actions/checkout@v3
         with:
@@ -23,11 +36,8 @@ jobs:
         with:
           python-version: '3.7'
 
-      - name: Install Poetry
-        run: curl -sSL https://install.python-poetry.org | python - -y
-
-      - name: Update PATH
-        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Setup Poetry
+        uses: snok/install-poetry@v1
 
       - name: Install Poetry Plugin
         run: poetry self add "poetry-dynamic-versioning[plugin]"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -10,6 +10,18 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Run Cimon
+        uses: cycodelabs/cimon-action@v0
+        with:
+          client-id: ${{ secrets.CIMON_CLIENT_ID }}
+          secret: ${{ secrets.CIMON_SECRET }}
+          prevent: true
+          fail-on-error: true
+          allowed-hosts: >
+            files.pythonhosted.org
+            install.python-poetry.org
+            pypi.org
+
       - name: Checkout repository
         uses: actions/checkout@v3
 
diff --git a/.github/workflows/tests_full.yml b/.github/workflows/tests_full.yml
@@ -22,6 +22,19 @@ jobs:
         shell: bash
 
     steps:
+      - name: Run Cimon
+        if: matrix.os == 'ubuntu-latest'
+        uses: cycodelabs/cimon-action@v0
+        with:
+          client-id: ${{ secrets.CIMON_CLIENT_ID }}
+          secret: ${{ secrets.CIMON_SECRET }}
+          prevent: true
+          fail-on-error: true
+          allowed-hosts: >
+            files.pythonhosted.org
+            install.python-poetry.org
+            pypi.org
+
       - name: Checkout repository
         uses: actions/checkout@v3
 
