ci: check github-actions dependencies (#237) #291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- alpha | |
- beta | |
pull_request: | |
branches: | |
- main | |
- alpha | |
- beta | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} | |
permissions: | |
contents: read | |
env: | |
CARGO_TERM_COLOR: always | |
CI_MATURIN_VERSION: "1.7.6" | |
jobs: | |
# Should run on every push and PR | |
test: | |
name: Test | |
runs-on: ubuntu-22.04 | |
env: | |
UV_NO_SYNC: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cargo build | |
run: cargo build --workspace --verbose --locked | |
- name: Cargo test | |
run: cargo test --workspace --verbose | |
- name: Cargo fmt | |
run: cargo fmt --all --check | |
- name: Cargo clippy | |
run: cargo clippy --workspace --all-targets -- -D warnings | |
- name: Install uv | |
uses: astral-sh/setup-uv@v4 | |
- name: Sync project | |
run: uv sync --locked --no-dev --group ci | |
- name: Pytest | |
run: uv run pytest | |
- name: Ruff format | |
run: uv run ruff format --check | |
- name: Ruff lint | |
run: uv run ruff check --output-format=github | |
- name: Basedpyright | |
run: uv run basedpyright | |
- name: Stubtest | |
run: uv run task stubtest | |
- name: Pytest with lowest direct dependencies | |
run: | | |
uv sync --no-dev --group test --resolution lowest-direct | |
uv run pytest | |
- name: Check cargo dependencies | |
uses: EmbarkStudios/cargo-deny-action@v2 | |
# Should run on every push and PR, but only run semantic-release on push | |
release: | |
name: Run semantic-release | |
runs-on: ubuntu-22.04 | |
needs: test | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Semantic Release | |
uses: docker://ghcr.io/codfish/semantic-release-action@sha256:71048986f7e28f024cbad0ef106a7ef20b9b0d322f3a8aa51d89f1c424e75061 # v3.3.0 | |
# Only run on push events | |
if: github.event_name == 'push' | |
id: semantic-release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
plugins: | | |
[ | |
"@semantic-release/commit-analyzer", | |
"@semantic-release/release-notes-generator", | |
"@semantic-release/github", | |
] | |
outputs: | |
version: ${{ steps.semantic-release.outputs.release-version || format('0.0.0-dev+{0}', github.sha) }} | |
published: ${{ steps.semantic-release.outputs.new-release-published || 'false' }} | |
build: | |
runs-on: ${{ matrix.os.runner }} | |
needs: release | |
strategy: | |
matrix: | |
os: | |
- runner: ubuntu-22.04 | |
name: linux | |
- runner: windows-2022 | |
name: windows | |
- runner: macos-14 | |
name: macos | |
target: [x86_64, aarch64] | |
command: [build] | |
include: | |
- args: --release --out dist --find-interpreter | |
sccache: true | |
- command: sdist | |
os: | |
runner: ubuntu-22.04 | |
args: --out dist | |
sccache: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Replace version in Cargo.toml | |
shell: pwsh | |
run: (Get-Content -Path Cargo.toml) -replace '^version = "0.0.0-dev"$', 'version = "${{ needs.release.outputs.version }}"' | Set-Content -Path Cargo.toml | |
- name: Build wheels | |
uses: PyO3/maturin-action@v1 | |
with: | |
maturin-version: ${{ env.CI_MATURIN_VERSION }} | |
command: ${{ matrix.command }} | |
target: ${{ matrix.target }} | |
args: ${{ matrix.args }} | |
sccache: ${{ matrix.sccache }} | |
manylinux: auto | |
- name: Upload wheels | |
uses: actions/upload-artifact@v4 | |
with: | |
name: wheels-${{ matrix.command == 'sdist' && 'sdist' || format('{0}-{1}', matrix.os.name, matrix.target) }} | |
path: dist | |
# For branch protection rules | |
check: | |
if: always() | |
needs: | |
- build | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
# Should run only on push | |
publish: | |
name: Publish to PyPI | |
needs: | |
- check | |
- release | |
if: needs.release.outputs.published == 'true' && github.event_name == 'push' | |
runs-on: ubuntu-22.04 | |
environment: pypi | |
permissions: | |
id-token: write | |
attestations: write | |
steps: | |
- uses: actions/download-artifact@v4 | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: "wheels-*/*" | |
- name: Publish to PyPI | |
uses: PyO3/maturin-action@v1 | |
with: | |
command: upload | |
args: --non-interactive --skip-existing wheels-*/* |