-
Notifications
You must be signed in to change notification settings - Fork 10
154 lines (145 loc) · 5.31 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: build
on:
push:
branches:
- main
paths-ignore:
- '*.md'
pull_request:
branches:
- main
release:
types: [published]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
python-version: '3.13'
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-24.04
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
pypi.org:443
github.com:443
api.github.com:443
*.githubusercontent.com:443
ghcr.io
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.python-version }}
- name: Lint with Pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
- name: Check REUSE compliance
run: pip install reuse && python -m reuse lint
- name: Check Poetry lock file integrity
run: |
python${{ env.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
poetry check
build:
needs: lint
runs-on: ubuntu-24.04
permissions:
contents: write
strategy:
max-parallel: 4
matrix:
python-version: ['3.9', '3.10', '3.11', '3.12', '3.13']
name: build (python ${{ matrix.python-version }})
outputs:
targz: generic-${{ steps.meta.outputs.version }}.tar.gz
wheel: generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.codeclimate.com:443
codeclimate.com:443
*.cloudfront.net:443
files.pythonhosted.org:443
pypi.org:443
github.com:443
*.githubusercontent.com:443
ghcr.io
keys.openpgp.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- name: Install Poetry
run: |
python${{ matrix.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
- name: Collect Project Data
id: meta
run: .github/scripts/metadata.sh
- name: Install dependencies
run: poetry install --no-interaction
- name: Test
run: poetry run pytest --cov=generic
- name: Code Climate Coverage Action
uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0
env:
CC_TEST_REPORTER_ID: f9441442730130d385df69241a779ac3b663756ed21881179826e3fab7e01924
with:
coverageCommand: poetry run coverage xml
- name: Create Source Dist and Wheel
if: ${{ matrix.python-version == env.python-version }}
run: poetry build
- name: Upload generic-${{ steps.meta.outputs.version }}.tar.gz
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: generic-${{ steps.meta.outputs.version }}.tar.gz
path: dist/generic-${{ steps.meta.outputs.version }}.tar.gz
- name: Upload generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
path: dist/generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
publish-to-pypi:
name: Publish to PyPI (release only)
needs: build
runs-on: ubuntu-24.04
permissions:
id-token: write
if: ${{ github.event_name == 'release' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Download tar.gz
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.targz }}
path: dist
- name: Download wheel
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.wheel }}
path: dist
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # release/v1