|
1 | 1 | name: CI workflow for python projects |
2 | 2 |
|
3 | 3 | # Run the CI test workflow of jobs which includes: |
4 | | -# - `check`: Run static code checks (using `mypy`, `ruff`, etc.). |
5 | | -# - `test`: Run tests (and code checks) using `tox`. |
| 4 | +# - `test`: Run tests (including code checks) using `tox`. |
6 | 5 | # - `build`: Build the python package. |
7 | 6 | # - `publish-test`: Publish the package to test.pypi.org. |
8 | 7 | # - `publish`: Publish the package to pypi.org (runs `publish-test`). |
9 | 8 | # - `release`: Create a GitHub release. |
10 | 9 |
|
11 | | -on: |
12 | | - push: |
13 | | - branches: ["**"] # Push commits to any branch |
14 | | - tags: ["v[0-9]*"] # Publish on tags matching "v*", eg. "v1.0.0" |
15 | | - |
16 | 10 | # Configure the workflows here. Each environment variable name should be a |
17 | 11 | # wildcard matching the |
18 | 12 | # `on-<github.event_name>-<github.ref_type>-<github.ref_name>` format. For |
|
30 | 24 | python-version=["3.9", "3.10", "3.11", "3.12", "3.13"] |
31 | 25 | os=["ubuntu-latest"] |
32 | 26 | on-push-branch-*: | # Push commits to other branches |
33 | | - jobs=["test", "build", "publish-test"] |
| 27 | + jobs=["test", "build"] |
34 | 28 | python-version=["3.9", "3.13"] |
35 | 29 | os=["ubuntu-latest"] |
| 30 | + on-workflow_dispatch-*: | # Manual trigger of the workflow |
| 31 | + jobs=["test", "build"] |
| 32 | + python-version=["3.9", "3.13"] |
| 33 | + os=["ubuntu-latest"] |
| 34 | +
|
| 35 | +on: |
| 36 | + push: |
| 37 | + branches: ["**"] # Push commits to any branch |
| 38 | + tags: ["v[0-9]*"] # Publish on tags matching "v*", eg. "v1.0.0" |
| 39 | + workflow_dispatch: # Allow manual triggering of the workflow |
36 | 40 |
|
37 | 41 | jobs: |
38 | | - config: |
39 | | - # Select the workflow config based on the event trigger. |
40 | | - runs-on: ubuntu-latest |
| 42 | + config: # Select the workflow config based on the event trigger. |
| 43 | + name: Configure workflow |
41 | 44 | outputs: |
42 | 45 | jobs: ${{ steps.config.outputs.jobs }} |
43 | | - python-version: ${{ steps.config.outputs.python-version }} |
44 | 46 | os: ${{ steps.config.outputs.os }} |
| 47 | + python-version: ${{ steps.config.outputs.python-version }} |
| 48 | + runs-on: ubuntu-latest |
45 | 49 | steps: |
46 | | - - name: Select the workflow configuration |
47 | | - id: config |
48 | | - run: | # Find the matching environment variable based on the event trigger |
49 | | - tag="on-${{ github.event_name }}-${{ github.ref_type }}-${{ github.ref_name }}" |
50 | | - for key in $(echo '${{ toJson(env) }}' | jq -r 'keys_unsorted[]'); do |
51 | | - if [[ "$tag" == $key ]]; then |
52 | | - # Write value of the matching environment variable to $GITHUB_OUTPUT |
53 | | - echo '${{ toJson(env) }}' | jq -r ".[\"$key\"]" >> $GITHUB_OUTPUT |
54 | | - exit 0 # Stop after the first match |
55 | | - fi |
56 | | - done |
57 | | - echo "No matching environment variable found for '$tag'." |
| 50 | + - id: config |
| 51 | + uses: glenn20/python-ci/actions/config@dev |
| 52 | + with: |
| 53 | + config: ${{ toJson(env) }} |
58 | 54 |
|
59 | | - ci-workflow: |
| 55 | + ci-workflow: # Run the CI workflow based on the config. |
60 | 56 | name: CI workflow |
61 | 57 | needs: config |
62 | | - uses: ./.github/workflows/ci-workflow.yaml |
| 58 | + uses: glenn20/python-ci/.github/workflows/ci-workflow-tox.yaml@dev |
63 | 59 | with: |
64 | 60 | jobs: ${{ needs.config.outputs.jobs }} |
65 | 61 | os: ${{ needs.config.outputs.os }} |
66 | 62 | python-version: ${{ needs.config.outputs.python-version }} |
67 | 63 |
|
68 | 64 | # We can't use trusted publishing from a reusable workflow in another |
69 | | - # repository, so the publish workflows must be run from here, not in the |
70 | | - # ci-workflow.yaml. |
| 65 | + # repository, so the publish workflows must be run from here. |
71 | 66 | publish: |
72 | | - if: ${{ contains(needs.config.outputs.jobs, '"publish') }} |
73 | 67 | name: Publish to pypi.org |
74 | | - runs-on: ubuntu-latest |
75 | 68 | needs: [config, ci-workflow] |
| 69 | + runs-on: ubuntu-latest |
| 70 | + if: ${{ contains(needs.config.outputs.jobs, 'publish') }} |
76 | 71 | environment: |
77 | 72 | name: publish-pypi |
78 | 73 | url: ${{ steps.publish.outputs.url }} |
79 | 74 | permissions: |
80 | 75 | id-token: write # Required for trusted publishing |
81 | 76 | steps: |
82 | 77 | - id: publish |
83 | | - uses: glenn20/python-ci/publish@dev |
| 78 | + uses: glenn20/python-ci/actions/publish@v2 |
84 | 79 | with: |
85 | | - test-only: ${{ contains(needs.config.outputs.jobs, '"publish"') && 'true' || 'false' }} |
| 80 | + test-only: ${{ contains(fromJson(needs.config.outputs.jobs), 'publish') && 'false' || 'true' }} |
86 | 81 |
|
| 82 | + # We run the github release job here instead of in ci-workflow, as it requires |
| 83 | + # permissions to sign the release and to simplify the workflow dependency |
| 84 | + # graph on the github UI. |
87 | 85 | release: |
88 | | - if: ${{ contains(fromJson(needs.config.outputs.jobs), 'release') }} |
89 | | - name: Create GitHub release |
90 | 86 | needs: [config, ci-workflow] |
| 87 | + uses: glenn20/python-ci/.github/workflows/github-release.yaml@v2 |
91 | 88 | permissions: |
92 | | - id-token: write # IMPORTANT: mandatory for github release |
93 | | - contents: write # IMPORTANT: mandatory for github release |
94 | | - uses: glenn20/python-ci/.github/workflows/github-release.yaml@dev |
| 89 | + id-token: write # Required for signing the release |
| 90 | + contents: write # Required for github release |
| 91 | + if: ${{ contains(fromJson(needs.config.outputs.jobs), 'release') }} |
0 commit comments