Skip to content

Merge pull request #144 from nipreps/dependabot/github_actions/astral… #544

Merge pull request #144 from nipreps/dependabot/github_actions/astral…

Merge pull request #144 from nipreps/dependabot/github_actions/astral… #544

name: Build-Test-Deploy
on:
push:
branches:
- main
- maint/*
tags:
- '*'
pull_request:
branches:
- main
- maint/*
schedule:
# 8am EST / 9am EDT Mondays
- cron: '0 13 * * 1'
workflow_dispatch:
defaults:
run:
shell: bash
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
env:
# Force tox and pytest to use color
FORCE_COLOR: true
TEMPLATEFLOW_HOME: /tmp/templateflow
jobs:
build:
name: Build & verify package
runs-on: ubuntu-latest
permissions:
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hynek/build-and-inspect-python-package@v2
with:
attest-build-provenance-github: ${{ github.event_name != 'pull_request' }}
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
#os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
os: ['ubuntu-latest']
python-version: ['3.9', '3.10', '3.11', '3.12', '3.13']
dependencies: [latest] # , pre]
architecture: ['x64']
include:
# Test minimum dependencies on oldest supported Python
- os: ubuntu-latest
python-version: "3.9"
dependencies: min
exclude:
# Do not test pre-releases for versions out of SPEC0
- os: ubuntu-latest
python-version: "3.9"
dependencies: pre
- os: ubuntu-latest
python-version: "3.10"
dependencies: pre
# If we reenable Windows/Mac tests, add the following exclusions:
# 32-bit is a Windows-only consideration
# Only run 2 newest Python on Windows/Mac
# Skip 32-bit Windows with Python 3.10+ (see #42)
env:
DEPENDS: ${{ matrix.dependencies }}
steps:
- uses: actions/checkout@v4
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
architecture: ${{ matrix.architecture }}
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- uses: actions/cache@v4
with:
path: /var/lib/apt
key: apt-cache-v0
restore-keys: |
apt-cache-v0
- name: Install tex
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends dvipng texlive texlive-latex-extra cm-super
- name: Restore cached templateflow
id: tf-cache-restore
uses: actions/cache@v4
with:
path: /tmp/templateflow
key: templateflow-v2
# Fall back to and build on v1
# If the cache need to be cleared, remove this when bumping key version
restore-keys: |
templateflow-v1
- name: Pre-fetch templates
run: |
uv pip install --system templateflow
python -c "from templateflow.api import get; get('Fischer344', desc=None, suffix='T2w')"
python -c "from templateflow.api import get; get('MNI152NLin6Asym', resolution=2, desc='LR', suffix='T1w')"
if: steps.tf-restore-cache.outputs.cache-hit != 'true'
- name: Install tox
run: |
uv tool install tox --with=tox-uv --with=tox-gh-actions
- name: Show tox config
run: tox c
- name: Run tox
run: tox -v --exit-and-dump-after 1200
- uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
if: ${{ always() }}
publish:
name: Publish released package to pypi.org
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs: [build, test]
permissions:
attestations: write
id-token: write
steps:
- name: Download packages built by build-and-inspect-python-package
uses: actions/download-artifact@v4
with:
name: Packages
path: dist
- name: Upload package to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# Remove once OIDC is set up
with:
password: ${{ secrets.PYPI_API_TOKEN }}