Skip to content

Add flatpak-spawn permission for Kando #1505

Add flatpak-spawn permission for Kando

Add flatpak-spawn permission for Kando #1505

Workflow file for this run

name: CI
on:
push:
branches: master
pull_request:
branches: master
workflow_dispatch:
jobs:
changes:
runs-on: ubuntu-latest
timeout-minutes: 60
if: always()
permissions:
pull-requests: read
outputs:
src: ${{ steps.filter.outputs.src }}
src-extra: ${{ steps.filter.outputs.src-extra }}
docker: ${{ steps.filter.outputs.docker }}
exceptions: ${{ steps.filter.outputs.exceptions }}
steps:
- uses: actions/checkout@v4
- name: Setup path filters
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
exceptions:
- 'flatpak_builder_lint/staticfiles/exceptions.json'
src:
- '.github/**'
- 'docker/**'
- 'flatpak_builder_lint/!(staticfiles)/**'
- 'tests/**'
- 'utils/**'
- 'poetry.lock'
- 'pyproject.toml'
src-extra:
- 'flatpak_builder_lint/staticfiles/flatpak-manifest.schema.json'
- 'flatpak_builder_lint/staticfiles/*.py'
docker:
- '.github/**'
- 'docker/**'
- 'flatpak_builder_lint/!(staticfiles)/**'
- 'poetry.lock'
- 'pyproject.toml'
check:
runs-on: ubuntu-latest
timeout-minutes: 60
if: always()
needs: changes
steps:
- name: Check
run: |
if ${{
needs.changes.outputs.exceptions == 'false' &&
needs.changes.outputs.src == 'false' &&
needs.changes.outputs.src-extra == 'false' &&
needs.changes.outputs.docker == 'false'
}}; then
echo "No filter matched. This file is not covered by CI" && exit 1
else
echo "Found matching file"
fi
exceptions:
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- changes
- check
if: ${{ needs.changes.outputs.exceptions == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Validate exceptions.json
run: python3 utils/validator.py
ci:
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- changes
- check
if: ${{ needs.changes.outputs.src == 'true' || needs.changes.outputs.src-extra == 'true' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up dependencies
run: |
sudo add-apt-repository ppa:flatpak/stable
sudo apt-get update
sudo apt-get install -y jq flatpak flatpak-builder curl dbus-daemon libgirepository1.0-dev gir1.2-ostree-1.0 gzip xmlstarlet
- name: Setup Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 -
sudo ln -s /github/home/.local/bin/poetry /usr/bin/poetry
- uses: actions/cache@v4
with:
path: ~/.cache/pypoetry
key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }}
- name: Install python dependencies
run: |
poetry install
- name: Check code formatting
run: poetry run ruff format --check .
- name: Lint
run: poetry run ruff check --output-format=github .
- name: Check python types
run: poetry run mypy .
- name: Allow file:// clones with git>=2.38.1
run: |
git config --global protocol.file.allow always
- name: Set up flathub remote
run: |
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak remote-add --user --if-not-exists flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
- name: Build and test org.flatpak.Builder
run: |
git clone --depth=1 --branch master --recursive --single-branch https://github.com/flathub/org.flatpak.Builder.git build/org.flatpak.Builder
cd build && python3 ../docker/rewrite-manifest.py && cd org.flatpak.Builder
rm -v flatpak-builder-lint-deps.json && cp -v ../../docker/flatpak-builder-lint-deps.json .
flatpak-builder --verbose --user --force-clean --repo=repo \
--install-deps-from=flathub --default-branch=localtest --ccache \
--install builddir org.flatpak.Builder.json
flatpak run org.flatpak.Builder//localtest --version
- name: Sanity check on a baseapp
run: |
git clone --depth=1 --recursive --single-branch https://github.com/flathub/com.system76.Cosmic.BaseApp.git com.system76.Cosmic.BaseApp
cd com.system76.Cosmic.BaseApp
git submodule update --init --recursive
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions manifest com.system76.Cosmic.BaseApp.json
dbus-run-session flatpak run org.flatpak.Builder --verbose --user --force-clean --repo=repo \
--install-deps-from=flathub --ccache builddir com.system76.Cosmic.BaseApp.json
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions builddir builddir
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions repo repo
- name: Sanity check on an extension
run: |
git clone --depth=1 --recursive --single-branch https://github.com/flathub/org.freedesktop.LinuxAudio.Plugins.SoSynthLV2.git org.freedesktop.LinuxAudio.Plugins.SoSynthLV2
cd org.freedesktop.LinuxAudio.Plugins.SoSynthLV2
git submodule update --init --recursive
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions manifest org.freedesktop.LinuxAudio.Plugins.SoSynthLV2.json
dbus-run-session flatpak run org.flatpak.Builder --verbose --user --force-clean --repo=repo \
--install-deps-from=flathub --ccache builddir org.freedesktop.LinuxAudio.Plugins.SoSynthLV2.json
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions builddir builddir
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions repo repo
- name: Sanity check on a console application
run: |
cd tests/repo/min_success_metadata/console-app
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions manifest org.flathub.cli.yaml
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest appstream org.flathub.cli.metainfo.xml
dbus-run-session flatpak run org.flatpak.Builder --verbose --user --force-clean --repo=repo \
--install-deps-from=flathub --ccache builddir org.flathub.cli.yaml
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions builddir builddir
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions repo repo
- name: Sanity check on a GUI application
run: |
cd tests/repo/min_success_metadata/gui-app
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions manifest org.flathub.gui.yaml
dbus-run-session flatpak run org.flatpak.Builder --verbose --user --force-clean --repo=repo \
--mirror-screenshots-url=https://dl.flathub.org/media \
--install-deps-from=flathub --ccache builddir org.flathub.gui.yaml
mkdir -p builddir/files/share/app-info/media
ostree commit --repo=repo --canonical-permissions --branch=screenshots/x86_64 builddir/files/share/app-info/media
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions builddir builddir
flatpak run --command=flatpak-builder-lint org.flatpak.Builder//localtest --exceptions repo repo
- name: Sanity check on Flatmanager chekcs
run: sh -c tests/flatmanager.sh
- name: Set up appstreamcli
run: |
echo '#!/bin/sh' > /usr/local/bin/appstreamcli
echo "exec dbus-run-session flatpak run --branch=localtest --command=appstreamcli org.flatpak.Builder \${@}" >> /usr/local/bin/appstreamcli
chmod +x /usr/local/bin/appstreamcli
appstreamcli --version
- name: Run test suite
run: poetry run pytest -v tests
docker-call:
permissions:
packages: write
needs:
- changes
- check
- ci
if: ${{ needs.changes.outputs.docker == 'true' && github.event_name != 'pull_request' && github.repository == 'flathub-infra/flatpak-builder-lint' && github.ref == 'refs/heads/master' }}
uses: ./.github/workflows/docker.yml
secrets: inherit