Python-Injection-Framework/.github/workflows/pipeline.yml at main · scottzach1/Python-Injection-Framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: Testing

on:
  push:
    branches:
      - main
    tags:
      - '**'
  pull_request:
    branches:
      - main

permissions:
  contents: write

jobs:
  ruff:
    name: Ruff Linting
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Install UV
        uses: astral-sh/setup-uv@v4
      - name: Set up Python
        run: uv python install
      - name: Install the project
        run: uv sync --dev
      - name: Ruff (linting + formating)
        id: ruff
        run: |
          uv run pre-commit run --all
      - name: Generate Badges
        if: success() || failure()
        run: |
          mkdir -p badges/
          uv run anybadge --overwrite --label=python --value="$(cat .python-version)" --value-format='%.2f' --file=badges/python.svg --color='dodgerblue'
          uv run anybadge --overwrite --value="${{ steps.ruff.outcome }}" --label=ruff --file=badges/ruff.svg success=green failure=red
          uv run anybadge --overwrite --label=version --value="v$(uvx --from=toml-cli toml get --toml-path=pyproject.toml project.version)" --file=badges/version.svg --color='green'
      - name: Publish badges to GitHub Pages
        if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch)
        uses: JamesIves/github-pages-deploy-action@v4
        with:
          folder: badges/
          clean: false

  pytest:
    name: Pytest Tests
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [ "3.11", "3.12", "3.13" ]
      fail-fast: false
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Install UV
        uses: astral-sh/setup-uv@v4
        with:
          python-version: ${{ matrix.python-version }}
      - name: Set up Python
        run: uv python install
      - name: Install the project
        run: uv sync --dev
      - name: Run Pytest
        id: pytest
        run: |
          uv run coverage run -m pytest tests/
      - name: Generate Badges
        if: success() || failure()
        run: |
          uv run coverage report
          mkdir -p badges/
          uv run anybadge --overwrite --value="${{ steps.pytest.outcome }}" --label=pytest --file=badges/pytest.svg success=green failure=red
          uv run anybadge --overwrite --value="$(uv run coverage report --format=total)" --file=badges/coverage.svg coverage
      - name: Publish badges to GitHub Pages
        if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch)
        uses: JamesIves/github-pages-deploy-action@v4
        with:
          folder: badges/
          clean: false

  audit:
    name: Pip Audit
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Install UV
        uses: astral-sh/setup-uv@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version-file: ".python-version"
      - name: Install the project
        run: uv sync --dev
      - name: Generate dependency tree
        run: uv tree
      - name: Generate requirements.txt
        run: |
          uv pip compile pyproject.toml -o requirements.txt
      - name: Pip Audit
        id: audit
        run: uvx pip-audit -r requirements.txt --fix
      - name: Generate Badges
        if: success() || failure()
        run: |
          mkdir -p badges/
          uv run anybadge --overwrite --value="${{ steps.audit.outcome }}" --label=audit --file=badges/audit.svg success=green failure=red
      - name: Publish badges to GitHub Pages
        if: (success() || failure()) && (github.ref_name == github.event.repository.default_branch)
        uses: JamesIves/github-pages-deploy-action@v4
        with:
          folder: badges/
          clean: false

  truffle:
    name: Truffle Hog
    runs-on: ubuntu-latest
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Secret Scanning
      uses: trufflesecurity/trufflehog@main
      with:
        extra_args: --results=verified,unknown

  pypi-publish:
    name: Upload release to PyPI
    runs-on: ubuntu-latest
    needs: [ ruff, pytest, audit, truffle ]
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
    environment:
      name: pypi
      url: https://pypi.org/p/python-injector-framework
    permissions:
      id-token: write
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Install UV
        uses: astral-sh/setup-uv@v4
      - name: Set up Python
        run: uv python install
      - name: Install the project
        run: uv sync --dev
      - name: Build Project
        run: |
          uv build
      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1