-
Notifications
You must be signed in to change notification settings - Fork 20
153 lines (144 loc) · 5.61 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: build
on:
push:
release:
types: [created, published]
env:
python-version: '3.13'
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-24.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
pypi.org:443
github.com:443
*.githubusercontent.com:443
ghcr.io
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.python-version }}
- name: Lint with pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
- name: Check REUSE compliance
run: pip install reuse && python -m reuse lint
- name: Check Poetry lock file integrity
run: |
python${{ env.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
poetry check
build:
needs: lint
runs-on: ubuntu-24.04
permissions:
contents: write
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11', '3.12', '3.13']
name: build python ${{ matrix.python-version }}
outputs:
targz: gaphas-${{ steps.meta.outputs.version }}.tar.gz
wheel: gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
api.codeclimate.com:443
codeclimate.com:443
d3iz1jjs17r6kg.cloudfront.net:443
files.pythonhosted.org:443
pypi.org:443
github.com:443
*.githubusercontent.com:443
ghcr.io
gitlab.gnome.org:443
keys.openpgp.org:443
motd.ubuntu.com:443
esm.ubuntu.com:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- name: Use Python Dependency Cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.cache/pip
key: ${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
- name: Install Ubuntu Dependencies
run: |
sudo apt-get update -qq
sudo apt-get install -qq --no-install-recommends gir1.2-gtk-4.0 libgirepository1.0-dev libcairo2-dev
- name: Install Poetry
run: |
python${{ matrix.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
- name: Collect Project Data
id: meta
run: .github/scripts/metadata.sh
- name: Install dependencies
run: poetry install --no-interaction
- name: Test
run: xvfb-run poetry run pytest --cov=gaphas
- name: Code Climate Coverage Action
uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0
env:
CC_TEST_REPORTER_ID: 195e9f83022747c8eefa3ec9510dd730081ef111acd99c98ea0efed7f632ff8a
with:
coverageCommand: poetry run coverage xml
- name: Create Source Dist and Wheel
if: ${{ matrix.python-version == env.python-version }}
run: poetry build
- name: Upload gaphas-${{ steps.meta.outputs.version }}.tar.gz
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: gaphas-${{ steps.meta.outputs.version }}.tar.gz
path: dist/gaphas-${{ steps.meta.outputs.version }}.tar.gz
- name: Upload gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
path: dist/gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
publish-to-pypi:
name: Publish to PyPI (release only)
needs: build
runs-on: ubuntu-24.04
permissions:
id-token: write
if: ${{ github.event_name == 'release' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
upload.pypi.org:443
*.githubusercontent.com:443
ghcr.io
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.targz }}
path: dist
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.wheel }}
path: dist
- uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # release/v1