diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 535866e..be659df 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,13 +11,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: + persist-credentials: false ref: ${{ github.event.pull_request.head.sha }} - name: Setup Python uses: actions/setup-python@v5 with: - python-version: '3.13' - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' + python-version: "3.13" + cache: "pip" + cache-dependency-path: "requirements/*.txt" - name: Run tox id: matrix run: | @@ -38,16 +39,49 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: + persist-credentials: false ref: ${{ github.event.pull_request.head.sha }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' + cache: "pip" + cache-dependency-path: "requirements/*.txt" - name: Run tests - env: - PYTHON_VERSION: ${{ matrix.python }} run: | pip install $(grep -E "^(tox|tox-uv)==" requirements/local.txt) tox -e ${{ matrix.tox_env }} + - name: Upload coverage data + uses: actions/upload-artifact@v4 + with: + name: coverage-data-${{ matrix.tox_env }} + include-hidden-files: true + path: .coverage.* + if-no-files-found: ignore + + coverage: + name: Coverage + runs-on: ubuntu-24.04 + needs: test + if: always() + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + ref: ${{ github.event.pull_request.head.sha }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: "requirements/*.txt" + - uses: actions/download-artifact@v4 + with: + pattern: coverage-data-* + merge-multiple: true + - name: Run coverage + run: | + pip install $(grep -E "^(tox|tox-uv)==" requirements/local.txt) + tox -e coverage + tox -qq exec -e coverage -- coverage report --format=markdown >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..2890aab --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,92 @@ +name: Publish + +on: + push: + tags: + - "*" + +jobs: + build: + name: Build packages + runs-on: ubuntu-24.04 + environment: publish + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + - name: Build packages + run: | + pip install -r requirements/testing.txt + make package + - name: Upload packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + if-no-files-found: error + + publish-to-pypi: + name: Publish package on PyPI + needs: + - build + runs-on: ubuntu-24.04 + environment: + name: pypi + url: https://pypi.org/project/${{ github.event.repository.name }}/${{ github.ref_name }}/ + permissions: + id-token: write + + steps: + - name: Download packages + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + + github-release: + name: Publish package on GitHub Releases + needs: + - build + runs-on: ubuntu-24.04 + environment: + name: github-releases + url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }} + permissions: + contents: write + id-token: write + + steps: + - name: Download packages + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Sign packages + uses: sigstore/gh-action-sigstore-python@v3.0.0 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + - name: Create GitHub Release + env: + GH_TOKEN: ${{ github.token }} + run: >- + gh release create + "$GITHUB_REF_NAME" + --repo "$GITHUB_REPOSITORY" + --title "${GITHUB_REPOSITORY#*/} $GITHUB_REF_NAME" + - name: Upload artifact signatures to GitHub Release + env: + GH_TOKEN: ${{ github.token }} + run: >- + gh release upload + "$GITHUB_REF_NAME" dist/** + --repo "$GITHUB_REPOSITORY"