Merge pull request #144 from nipreps/dependabot/github_actions/astral… #544
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build-Test-Deploy | |
on: | |
push: | |
branches: | |
- main | |
- maint/* | |
tags: | |
- '*' | |
pull_request: | |
branches: | |
- main | |
- maint/* | |
schedule: | |
# 8am EST / 9am EDT Mondays | |
- cron: '0 13 * * 1' | |
workflow_dispatch: | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
env: | |
# Force tox and pytest to use color | |
FORCE_COLOR: true | |
TEMPLATEFLOW_HOME: /tmp/templateflow | |
jobs: | |
build: | |
name: Build & verify package | |
runs-on: ubuntu-latest | |
permissions: | |
attestations: write | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hynek/build-and-inspect-python-package@v2 | |
with: | |
attest-build-provenance-github: ${{ github.event_name != 'pull_request' }} | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
#os: ['ubuntu-latest', 'windows-latest', 'macos-latest'] | |
os: ['ubuntu-latest'] | |
python-version: ['3.9', '3.10', '3.11', '3.12', '3.13'] | |
dependencies: [latest] # , pre] | |
architecture: ['x64'] | |
include: | |
# Test minimum dependencies on oldest supported Python | |
- os: ubuntu-latest | |
python-version: "3.9" | |
dependencies: min | |
exclude: | |
# Do not test pre-releases for versions out of SPEC0 | |
- os: ubuntu-latest | |
python-version: "3.9" | |
dependencies: pre | |
- os: ubuntu-latest | |
python-version: "3.10" | |
dependencies: pre | |
# If we reenable Windows/Mac tests, add the following exclusions: | |
# 32-bit is a Windows-only consideration | |
# Only run 2 newest Python on Windows/Mac | |
# Skip 32-bit Windows with Python 3.10+ (see #42) | |
env: | |
DEPENDS: ${{ matrix.dependencies }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install the latest version of uv | |
uses: astral-sh/setup-uv@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
architecture: ${{ matrix.architecture }} | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- uses: actions/cache@v4 | |
with: | |
path: /var/lib/apt | |
key: apt-cache-v0 | |
restore-keys: | | |
apt-cache-v0 | |
- name: Install tex | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y --no-install-recommends dvipng texlive texlive-latex-extra cm-super | |
- name: Restore cached templateflow | |
id: tf-cache-restore | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/templateflow | |
key: templateflow-v2 | |
# Fall back to and build on v1 | |
# If the cache need to be cleared, remove this when bumping key version | |
restore-keys: | | |
templateflow-v1 | |
- name: Pre-fetch templates | |
run: | | |
uv pip install --system templateflow | |
python -c "from templateflow.api import get; get('Fischer344', desc=None, suffix='T2w')" | |
python -c "from templateflow.api import get; get('MNI152NLin6Asym', resolution=2, desc='LR', suffix='T1w')" | |
if: steps.tf-restore-cache.outputs.cache-hit != 'true' | |
- name: Install tox | |
run: | | |
uv tool install tox --with=tox-uv --with=tox-gh-actions | |
- name: Show tox config | |
run: tox c | |
- name: Run tox | |
run: tox -v --exit-and-dump-after 1200 | |
- uses: codecov/codecov-action@v5 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
if: ${{ always() }} | |
publish: | |
name: Publish released package to pypi.org | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: [build, test] | |
permissions: | |
attestations: write | |
id-token: write | |
steps: | |
- name: Download packages built by build-and-inspect-python-package | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- name: Upload package to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# Remove once OIDC is set up | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} |