ci(action): add truffle job #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Testing | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| jobs: | |
| ruff: | |
| name: Ruff Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Install UV | |
| uses: astral-sh/setup-uv@v4 | |
| - name: Set up Python | |
| run: uv python install | |
| - name: Install the project | |
| run: uv sync --dev | |
| - name: Ruff (linting + formating) | |
| id: ruff | |
| run: | | |
| uv run pre-commit run --all | |
| - name: Generate Badges | |
| if: success() || failure() | |
| run: | | |
| mkdir -p badges/ | |
| uv run anybadge --overwrite --label=python --value="$(cat .python-version)" --value-format='%.2f' --file=badges/python.svg --color='dodgerblue' | |
| uv run anybadge --overwrite --value="${{ steps.ruff.outcome }}" --label=ruff --file=badges/ruff.svg success=green failure=red | |
| uv run anybadge --overwrite --label=version --value="v$(uvx --from=toml-cli toml get --toml-path=pyproject.toml project.version)" --file=badges/version.svg --color='green' | |
| - name: Publish badges to GitHub Pages | |
| if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch) | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| folder: badges/ | |
| clean: false | |
| pytest: | |
| name: Pytest Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [ "3.11", "3.12", "3.13" ] | |
| fail-fast: false | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Install UV | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Set up Python | |
| run: uv python install | |
| - name: Install the project | |
| run: uv sync --dev | |
| - name: Run Pytest | |
| id: pytest | |
| run: | | |
| uv run coverage run -m pytest tests/ | |
| - name: Generate Badges | |
| if: success() || failure() | |
| run: | | |
| uv run coverage report | |
| mkdir -p badges/ | |
| uv run anybadge --overwrite --value="${{ steps.pytest.outcome }}" --label=pytest --file=badges/pytest.svg success=green failure=red | |
| uv run anybadge --overwrite --value="$(uv run coverage report --format=total)" --file=badges/coverage.svg coverage | |
| - name: Publish badges to GitHub Pages | |
| if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch) | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| folder: badges/ | |
| clean: false | |
| audit: | |
| name: Pip Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Install UV | |
| uses: astral-sh/setup-uv@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version-file: ".python-version" | |
| - name: Install the project | |
| run: uv sync --dev | |
| - name: Generate dependency tree | |
| run: uv tree | |
| - name: Generate requirements.txt | |
| run: | | |
| uv pip compile pyproject.toml -o requirements.txt | |
| - name: Pip Audit | |
| id: audit | |
| run: uvx pip-audit -r requirements.txt --fix | |
| - name: Generate Badges | |
| if: success() || failure() | |
| run: | | |
| mkdir -p badges/ | |
| uv run anybadge --overwrite --value="${{ steps.audit.outcome }}" --label=audit --file=badges/audit.svg success=green failure=red | |
| - name: Publish badges to GitHub Pages | |
| if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch) | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| folder: badges/ | |
| clean: false | |
| truffle: | |
| name: Truffle Hog | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Secret Scanning | |
| uses: trufflesecurity/trufflehog@main | |
| with: | |
| extra_args: --results=verified,unknown | |
| pypi-publish: | |
| name: Upload release to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [ ruff, pytest, audit, truffle ] | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/python-injector-framework | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Install UV | |
| uses: astral-sh/setup-uv@v4 | |
| - name: Set up Python | |
| run: uv python install | |
| - name: Install the project | |
| run: uv sync --dev | |
| - name: Build Project | |
| run: | | |
| uv build | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |