build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 #317
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries | |
name: "Publish" | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
tests: | |
name: Run tests | |
strategy: | |
matrix: | |
python-version: ["3.10", "3.11"] | |
os: ["ubuntu-latest"] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
# Installing via `pipx` is 'fully supported', so no need for | |
# https://github.com/snok/install-poetry, which is a bit slower. See also | |
# https://python-poetry.org/docs/master/#installing-with-pipx | |
- name: Install Poetry | |
run: pipx install poetry | |
# Counterintuitively, the Python setup step itself is setup *after* installing | |
# `poetry`, else the `poetry` command isn't found and the setup step fails. See | |
# also: | |
# https://github.com/marketplace/actions/setup-python#caching-packages-dependencies | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: poetry | |
- name: Set up Python environment | |
# `poetry env use` instructs all `poetry` runs to go through the correct (NOT | |
# the default aka system) Python environment, see also: | |
# https://github.com/actions/setup-python/issues/374#issuecomment-1088938718 | |
# As long as we then call all actions via `poetry run ...`, we're fine. | |
run: | | |
poetry env use ${{ matrix.python-version }} | |
poetry install | |
- name: Run linting | |
run: make lint | |
- name: Check code formatting | |
run: make formatcheck | |
- name: Run type checks | |
run: make typecheck | |
- name: Run tests | |
run: make test | |
env: | |
# Unit tests actually run against the GH API for 'real integration testing', | |
# and providing a token will increase the otherwise too-low rate limit. | |
# The `GITHUB_TOKEN` failed (https://github.com/alexpovel/ancv/actions/runs/4093416643/jobs/7063406195): | |
# | |
# body = b'{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/reference/gists#list-gists-for-a-user"}' | |
# | |
# So use a personal token. | |
GH_TOKEN: ${{ secrets.GH_PERMISSIONLESS_FGAT }} | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
# Docs say a token isn't required for public GitHub repositories using GH | |
# Actions, but it didn't work and failed with: | |
# | |
# [2022-08-08T19:50:41.725Z] ['error'] There was an error running the | |
# uploader: Error uploading to https://codecov.io: Error: There was an error | |
# fetching the storage URL during POST: 404 - {'detail': | |
# ErrorDetail(string='Unable to locate build via Github Actions API. Please | |
# upload with the Codecov repository upload token to resolve issue.', | |
# code='not_found')} | |
# | |
# See also: https://github.com/alexpovel/ancv/runs/7733256776?check_suite_focus=true#step:7:37 | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: coverage.xml | |
release-please: | |
name: Execute release chores | |
runs-on: ubuntu-latest | |
needs: tests | |
outputs: | |
created: ${{ steps.release.outputs.release_created }} | |
tag_name: ${{ steps.release.outputs.tag_name }} | |
steps: | |
- uses: google-github-actions/release-please-action@v3 | |
id: release | |
with: | |
release-type: python | |
package-name: ancv | |
publish: | |
name: Publish to PyPI | |
runs-on: ubuntu-latest | |
needs: release-please | |
if: ${{ needs.release-please.outputs.created }} | |
# https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ | |
environment: pypi | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Poetry | |
run: pipx install poetry | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
cache: poetry | |
- name: Set up Python environment | |
run: | | |
poetry env use 3.10 | |
poetry install | |
- name: Build package | |
run: poetry build | |
- name: Publish package | |
uses: pypa/[email protected] | |
build-and-push-image: | |
name: Build Docker image and push to GitHub Container Registry | |
runs-on: ubuntu-latest | |
needs: release-please | |
if: ${{ needs.release-please.outputs.created }} | |
environment: container-registry | |
permissions: | |
contents: read | |
packages: write | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{version}} | |
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}}.{{minor}} | |
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}},enable=${{ !startsWith(needs.release-please.outputs.tag_name, 'v0.') }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |