parsons/.github/workflows/release.yml at a333ba41ff53e2e40f94c91e896daf7ec294477a · move-coop/parsons · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Build, test, & publish

on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - main
      - major-release
  release:
    types:
      - published

permissions: read-all

jobs:
  build:
    runs-on: ubuntu-latest

    env:
      CACHE_GLOBS: |
        **/pyproject.toml
        **/setup.py
        **/uv.lock

    steps:
      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
        with:
          disable-sudo: true
          egress-policy: audit

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
        with:
          python-version: 3.13
          activate-environment: true
          cache-dependency-glob: ${{ env.CACHE_GLOBS }}

      - run: >-
          uv sync
          --upgrade
          --all-extras

      - run: >-
          uv build
          --sdist

      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
        with:
          name: parsons-dist
          path: dist/

  test:
    needs: build

    strategy:
      fail-fast: false
      matrix:
        python-version:
          - '3.10'
          - '3.11'
          - '3.12'
          - '3.13'
        os:
          - ubuntu-latest
          - windows-latest
          - macos-latest

    runs-on: ${{ matrix.os }}

    steps:
      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
        with:
          disable-sudo: true
          egress-policy: audit

      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
        with:
          name: parsons-dist
          path: dist

      - name: extract requirements.txt for use in pip cache
        shell: bash
        run: |
          file=$(find ./dist -name 'parsons-*.tar.gz' | head -1)

          # Extract to a temp directory first
          mkdir -p temp_extract
          tar -xzf "$file" -C temp_extract

          # Find and move pyproject file to root
          find temp_extract -name 'pyproject.toml' -exec cp {} . \; 2>/dev/null || true

          # Clean up
          rm -rf temp_extract

      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
        with:
            python-version: ${{ matrix.python-version }}
            cache: pip

      - name: install parsons from file
        shell: bash
        run: |
          file=$(find ./dist -name 'parsons-*.tar.gz' | head -1)
          pip install "$file"

  publish:
    if: github.repository_owner == 'move-coop' && github.event_name == 'release' && github.event.action == 'published'
    needs: test

    runs-on: ubuntu-latest
    environment: release

    permissions:
      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing

    steps:
      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
        with:
          disable-sudo: true
          egress-policy: audit

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
        with:
          name: parsons-dist
          path: dist

      - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
        with:
          verify-metadata: true
          skip-existing: true
          packages-dir: dist
          verbose: true