fix: techinical review #409
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| tags: | |
| - "*" | |
| branches: | |
| - main | |
| env: | |
| DOCUMENTATION_CNAME: 'chemkin.docs.pyansys.com' | |
| MAIN_PYTHON_VERSION: '3.10' | |
| PACKAGE_NAME: 'ansys-chemkin-core' | |
| PACKAGE_NAMESPACE: 'ansys.chemkin.core' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Apply the principle of least privilege to state at job level the right | |
| # permissions. More information about workflow permissions in the page | |
| # https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions | |
| permissions: {} | |
| jobs: | |
| labeler: | |
| name: "Labels" | |
| permissions: | |
| contents: read # Read access to modified files in pull-request | |
| pull-requests: write # Write access to add or remove new tags | |
| runs-on: ubuntu-latest | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'ci:skip') && | |
| github.event.type != 'labeled' | |
| steps: | |
| - name: "Checkout repository" | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| clean: true | |
| persist-credentials: false | |
| - name: "Update labels" | |
| uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Label pull-request" | |
| uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| vulnerabilities: | |
| name: "Vulnerabilities" | |
| runs-on: ubuntu-latest | |
| needs: labeler | |
| permissions: | |
| contents: read # Read the dependencies and source code of the library | |
| steps: | |
| - uses: ansys/actions/check-vulnerabilities@eb7d0fc873deeee6d4740774675ce1741cb6f154 # v10.2.2 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| python-package-name: ${{ env.PACKAGE_NAME }} | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| dev-mode: true | |
| actions-style: | |
| name: "Actions style checks" | |
| runs-on: ubuntu-latest | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'ci:skip') && | |
| !contains(github.event.pull_request.labels.*.name, 'style:skip') | |
| needs: vulnerabilities | |
| permissions: | |
| contents: read # Read the workflow files in the project | |
| steps: | |
| - uses: ansys/actions/check-actions-security@eb7d0fc873deeee6d4740774675ce1741cb6f154 # v10.2.2 | |
| with: | |
| generate-summary: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| auditing-level: 'high' | |
| trust-ansys-actions: true | |
| code-style: | |
| name: "Code style checks" | |
| runs-on: ubuntu-latest | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'ci:skip') && | |
| !contains(github.event.pull_request.labels.*.name, 'style:skip') | |
| needs: actions-style | |
| permissions: | |
| contents: read # Read the source code of the project | |
| steps: | |
| - uses: ansys/actions/code-style@eb7d0fc873deeee6d4740774675ce1741cb6f154 # v10.2.2 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| doc-style: | |
| name: "Doc style checks" | |
| runs-on: ubuntu-latest | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'ci:skip') && | |
| !contains(github.event.pull_request.labels.*.name, 'style:skip') | |
| needs: actions-style | |
| steps: | |
| - name: "Checkout project" | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| clean: true | |
| persist-credentials: false | |
| wheelhouse: | |
| name: "Wheelhouse for ${{ matrix.os }} and ${{ matrix.python-version }}" | |
| runs-on: ${{ matrix.os }} | |
| needs: code-style | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest] | |
| python-version: ['3.10', '3.11', '3.12'] | |
| should-release: | |
| - ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags') }} | |
| steps: | |
| - uses: ansys/actions/build-wheelhouse@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| library-namespace: ${{ env.PACKAGE_NAMESPACE }} | |
| operating-system: ${{ matrix.os }} | |
| python-version: ${{ matrix.python-version }} | |
| tests: | |
| name: "Test ${{ matrix.python-version }} with ubuntu" | |
| needs: wheelhouse | |
| runs-on: ubuntu-latest | |
| container: | |
| image: 'ghcr.io/ansys/chemkin@sha256:c2d953423a76c438575064ac0a3e1897554aef68bf08b0abb34be21ed3c5b4d1' | |
| credentials: | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| options: --cpus 1 --user root | |
| strategy: | |
| matrix: | |
| python-version: ['3.10', '3.11', '3.12'] | |
| permissions: | |
| contents: read # Read the source code of the project | |
| steps: | |
| - name: Run pytest | |
| uses: ansys/actions/tests-pytest@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| env: | |
| ANSYSLMD_LICENSE_FILE: ${{ format('1055@{0}', secrets.LICENSE_SERVER) }} | |
| POETRY_VIRTUALENVS_CREATE: 'false' | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| requires-xvfb: false | |
| use-python-cache: false | |
| - name: 'Upload coverage to CodeCov' | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| doc-build: | |
| name: "Doc build" | |
| runs-on: ubuntu-latest | |
| needs: doc-style | |
| steps: | |
| - uses: ansys/actions/doc-build@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| env: | |
| ANSYSLMD_LICENSE_FILE: "1055@{{ secrets.LICENSE_SERVER }}" | |
| with: | |
| add-pdf-html-docs-as-assets: true | |
| dependencies: 'libjpeg-dev pandoc' | |
| group-dependencies-name: 'doc' | |
| sphinxopts: '-j auto' | |
| build-library: | |
| name: "Build library" | |
| needs: [doc-build, tests] | |
| runs-on: windows-latest | |
| permissions: | |
| attestations: write # Write attestations for the uploaded artifacts | |
| contents: read # Read the source code of the project | |
| id-token: write # Write access to a temporary token for signing attestations | |
| steps: | |
| - uses: ansys/actions/build-library@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| attest-provenance: true | |
| doc-deploy-dev: | |
| name: "Deploy development documentation" | |
| if: github.ref == 'refs/heads/main' | |
| needs: build-library | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Write to the gh-pages branch of the repository | |
| steps: | |
| - uses: ansys/actions/doc-deploy-dev@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} | |
| release: | |
| name: Release | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| needs: build-library | |
| environment: release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Required for OIDC authentication with PyPI | |
| contents: write # Required for OIDC authentication with PyPI | |
| attestations: write # Write attestation for uploaded distribution artifacts | |
| steps: | |
| - name: "Download the library artifacts from build-library step" | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: ${{ env.PACKAGE_NAME }}-artifacts | |
| path: ${{ env.PACKAGE_NAME }}-artifacts | |
| - name: "Upload artifacts to PyPI using trusted publisher" | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| repository-url: "https://upload.pypi.org/legacy/" | |
| print-hash: true | |
| packages-dir: ${{ env.PACKAGE_NAME }}-artifacts | |
| skip-existing: false | |
| - name: "Release to GitHub" | |
| uses: ansys/actions/release-github@eb7d0fc873deeee6d4740774675ce1741cb6f154 # v10.2.2 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| changelog-release-notes: true | |
| only-code: true | |
| add-artifact-attestation-notes: true | |
| generate_release_notes: false | |
| doc-deploy-stable: | |
| name: "Deploy stable documentation" | |
| # Deploy release documentation when creating a new tag | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: windows-latest | |
| needs: release | |
| permissions: | |
| contents: write # Write to the gh-pages branch of the repository | |
| steps: | |
| - name: "Deploy the stable documentation" | |
| uses: ansys/actions/doc-deploy-stable@41f86da4c9ead510db9135e428e33df9cc6f92e1 # v10.2.3 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |