Skip to content

ci: check github-actions dependencies (#237) #291

ci: check github-actions dependencies (#237)

ci: check github-actions dependencies (#237) #291

Workflow file for this run

name: CI
on:
push:
branches:
- main
- alpha
- beta
pull_request:
branches:
- main
- alpha
- beta
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
CI_MATURIN_VERSION: "1.7.6"
jobs:
# Should run on every push and PR
test:
name: Test
runs-on: ubuntu-22.04
env:
UV_NO_SYNC: 1
steps:
- uses: actions/checkout@v4
- name: Cargo build
run: cargo build --workspace --verbose --locked
- name: Cargo test
run: cargo test --workspace --verbose
- name: Cargo fmt
run: cargo fmt --all --check
- name: Cargo clippy
run: cargo clippy --workspace --all-targets -- -D warnings
- name: Install uv
uses: astral-sh/setup-uv@v4
- name: Sync project
run: uv sync --locked --no-dev --group ci
- name: Pytest
run: uv run pytest
- name: Ruff format
run: uv run ruff format --check
- name: Ruff lint
run: uv run ruff check --output-format=github
- name: Basedpyright
run: uv run basedpyright
- name: Stubtest
run: uv run task stubtest
- name: Pytest with lowest direct dependencies
run: |
uv sync --no-dev --group test --resolution lowest-direct
uv run pytest
- name: Check cargo dependencies
uses: EmbarkStudios/cargo-deny-action@v2
# Should run on every push and PR, but only run semantic-release on push
release:
name: Run semantic-release
runs-on: ubuntu-22.04
needs: test
permissions:
contents: write
issues: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Semantic Release
uses: docker://ghcr.io/codfish/semantic-release-action@sha256:71048986f7e28f024cbad0ef106a7ef20b9b0d322f3a8aa51d89f1c424e75061 # v3.3.0
# Only run on push events
if: github.event_name == 'push'
id: semantic-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
plugins: |
[
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/github",
]
outputs:
version: ${{ steps.semantic-release.outputs.release-version || format('0.0.0-dev+{0}', github.sha) }}
published: ${{ steps.semantic-release.outputs.new-release-published || 'false' }}
build:
runs-on: ${{ matrix.os.runner }}
needs: release
strategy:
matrix:
os:
- runner: ubuntu-22.04
name: linux
- runner: windows-2022
name: windows
- runner: macos-14
name: macos
target: [x86_64, aarch64]
command: [build]
include:
- args: --release --out dist --find-interpreter
sccache: true
- command: sdist
os:
runner: ubuntu-22.04
args: --out dist
sccache: false
steps:
- uses: actions/checkout@v4
- name: Replace version in Cargo.toml
shell: pwsh
run: (Get-Content -Path Cargo.toml) -replace '^version = "0.0.0-dev"$', 'version = "${{ needs.release.outputs.version }}"' | Set-Content -Path Cargo.toml
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
maturin-version: ${{ env.CI_MATURIN_VERSION }}
command: ${{ matrix.command }}
target: ${{ matrix.target }}
args: ${{ matrix.args }}
sccache: ${{ matrix.sccache }}
manylinux: auto
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-${{ matrix.command == 'sdist' && 'sdist' || format('{0}-{1}', matrix.os.name, matrix.target) }}
path: dist
# For branch protection rules
check:
if: always()
needs:
- build
runs-on: ubuntu-22.04
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
# Should run only on push
publish:
name: Publish to PyPI
needs:
- check
- release
if: needs.release.outputs.published == 'true' && github.event_name == 'push'
runs-on: ubuntu-22.04
environment: pypi
permissions:
id-token: write
attestations: write
steps:
- uses: actions/download-artifact@v4
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: "wheels-*/*"
- name: Publish to PyPI
uses: PyO3/maturin-action@v1
with:
command: upload
args: --non-interactive --skip-existing wheels-*/*