Skip to content

Bump the github-action-updates group with 2 updates (#850) #2086

Bump the github-action-updates group with 2 updates (#850)

Bump the github-action-updates group with 2 updates (#850) #2086

Workflow file for this run

name: build
on:
push:
release:
types: [created, published]
env:
python-version: '3.12'
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.python-version }}
- name: Lint with pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
- name: Check REUSE compliance
run: pip install reuse && python -m reuse lint
- name: Check Poetry lock file integrity
run: |
python${{ env.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
poetry check
build:
needs: lint
runs-on: ubuntu-22.04
permissions:
contents: write
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11', '3.12']
name: build python ${{ matrix.python-version }}
outputs:
targz: gaphas-${{ steps.meta.outputs.version }}.tar.gz
wheel: gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
api.codeclimate.com:443
codeclimate.com:443
d3iz1jjs17r6kg.cloudfront.net:443
files.pythonhosted.org:443
github.com:443
gitlab.gnome.org:443
keys.openpgp.org:443
motd.ubuntu.com:443
esm.ubuntu.com:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
pypi.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- name: Use Python Dependency Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
- name: Install Ubuntu Dependencies
run: |
sudo apt update -qq
sudo apt install -qq --no-install-recommends gir1.2-gtk-4.0 libgirepository1.0-dev
- name: Install Poetry
run: |
python${{ matrix.python-version }} -m pip install --constraint=.github/constraints.txt poetry
poetry config virtualenvs.in-project true
- name: Collect Project Data
id: meta
run: .github/scripts/metadata.sh
- name: Install dependencies
run: poetry install --no-interaction
- name: Test
run: xvfb-run poetry run pytest --cov=gaphas
- name: Code Climate Coverage Action
uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0
env:
CC_TEST_REPORTER_ID: 195e9f83022747c8eefa3ec9510dd730081ef111acd99c98ea0efed7f632ff8a
with:
coverageCommand: poetry run coverage xml
- name: Create Source Dist and Wheel
if: ${{ matrix.python-version == env.python-version }}
run: poetry build
- name: Upload gaphas-${{ steps.meta.outputs.version }}.tar.gz
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: gaphas-${{ steps.meta.outputs.version }}.tar.gz
path: dist/gaphas-${{ steps.meta.outputs.version }}.tar.gz
- name: Upload gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
if: ${{ matrix.python-version == env.python-version }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
path: dist/gaphas-${{ steps.meta.outputs.version }}-py3-none-any.whl
publish-to-pypi:
name: Publish to PyPI (release only)
needs: build
runs-on: ubuntu-22.04
permissions:
id-token: write
if: ${{ github.event_name == 'release' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
upload.pypi.org:443
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.targz }}
path: dist
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.wheel }}
path: dist
- uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1