Lock file maintenance #1665
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check, Build and Deploy | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| tags: ["v*"] | |
| jobs: | |
| uv-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Check uv.lock (ensure all dependencies up to date) | |
| run: uv lock --check | |
| mypy: | |
| needs: [uv-check] | |
| runs-on: ubuntu-latest | |
| env: | |
| UV_NO_SYNC: true | |
| UV_FROZEN: true | |
| UV_PYTHON_DOWNLOADS: never | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: .python-version | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install mypy From Locked Dependencies | |
| run: uv sync --no-group dev --group type-check | |
| - name: Store Hashed Python Version | |
| id: store-hashed-python-version | |
| run: echo "hashed_python_version=$(uv run -- python -VV | sha256sum | cut -d' ' -f1)" | |
| >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ./.mypy_cache | |
| key: mypy|${{steps.store-hashed-python-version.outputs.hashed_python_version}} | |
| - name: Run mypy | |
| run: uv run -- mypy . # TODO: Add GitHub workflows output format | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| env: | |
| UV_NO_SYNC: true | |
| UV_FROZEN: true | |
| UV_PYTHON_DOWNLOADS: never | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: .python-version | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install pre-commit From Locked Dependencies | |
| run: uv sync --only-group pre-commit | |
| - name: Store Hashed Python Version | |
| id: store-hashed-python-version | |
| run: echo "hashed_python_version=$(uv run -- python -VV | sha256sum | cut -d' ' -f1)" | |
| >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit|${{steps.store-hashed-python-version.outputs.hashed_python_version}}|${{hashFiles('.pre-commit-config.yaml')}} | |
| - name: Setup pre-commit Environments | |
| run: uv run -- pre-commit install-hooks | |
| - name: Save pre-commit Checks Which Require Skipping | |
| run: | | |
| if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_name }}" == "${{ github.event.repository.default_branch }}" ]]; then | |
| echo "SKIP=check-github-workflows,ruff,uv-lock,gitlint-ci" >> $GITHUB_ENV | |
| else | |
| echo "SKIP=check-github-workflows,ruff,uv-lock" >> $GITHUB_ENV | |
| fi | |
| - name: Run pre-commit | |
| run: uv run -- pre-commit run --all-files --hook-stage manual # TODO: Add GitHub workflows output format | |
| - uses: pre-commit-ci/lite-action@v1.1.0 | |
| if: ${{!cancelled()}} | |
| pymarkdown: | |
| runs-on: ubuntu-latest | |
| env: | |
| UV_NO_SYNC: true | |
| UV_FROZEN: true | |
| UV_PYTHON_DOWNLOADS: never | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: .python-version | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install CCFT-PyMarkdown From Locked Dependencies | |
| run: uv sync --only-group lint-format | |
| - name: Run PyMarkdown scan | |
| run: uv run -- ccft-pymarkdown scan-all | |
| pytest: | |
| needs: [uv-check] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| env: | |
| UV_NO_SYNC: true | |
| UV_FROZEN: true | |
| UV_PYTHON_DOWNLOADS: never | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: .python-version | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install pytest From Locked Dependencies | |
| run: uv sync --no-group dev --group test | |
| - name: Store Hashed Python Version | |
| id: store-hashed-python-version | |
| run: echo "hashed_python_version=$(uv run -- python -VV | sha256sum | cut -d' ' -f1)" | |
| >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ./.pytest_cache | |
| key: pytest|${{steps.store-hashed-python-version.outputs.hashed_python_version}} | |
| - name: Run pytest | |
| run: uv run pytest --cov --cov-branch --cov-report=xml --junitxml=junit.xml | |
| - name: Upload test results to Codecov | |
| if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| use_oidc: true | |
| - name: Upload coverage report to Codecov | |
| uses: codecov/codecov-action@v5 | |
| if: ${{ !cancelled() }} | |
| with: | |
| use_oidc: true | |
| ruff-lint: | |
| runs-on: ubuntu-latest | |
| env: | |
| UV_NO_SYNC: true | |
| UV_FROZEN: true | |
| UV_PYTHON_DOWNLOADS: never | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: .python-version | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install ruff From Locked Dependencies | |
| run: uv sync --only-group lint-format | |
| - name: Store Hashed Python Version | |
| id: store-hashed-python-version | |
| run: echo "hashed_python_version=$(uv run -- python -VV | sha256sum | cut -d' ' -f1)" | |
| >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ./.ruff_cache | |
| key: ruff|${{steps.store-hashed-python-version.outputs.hashed_python_version}} | |
| - name: Run Ruff | |
| run: uv run -- ruff check --no-fix --output-format=github | |
| build-and-publish: | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == 'CSSUoB/TeX-Bot-Py-V2' | |
| runs-on: ubuntu-latest | |
| environment: publish | |
| needs: [mypy, pre-commit, pymarkdown, pytest, ruff-lint, uv-check] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{github.repository}} | |
| steps: | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3.5.0 | |
| with: | |
| registry: ${{env.REGISTRY}} | |
| username: ${{github.actor}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: docker-extract-metadata | |
| uses: docker/metadata-action@v5.8.0 | |
| with: | |
| images: ${{env.REGISTRY}}/${{env.IMAGE_NAME}} | |
| tags: |- | |
| type=ref,event=branch,prefix=br- | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern=v{{major}},enable=${{!startsWith(github.ref, 'refs/tags/v0.')}} | |
| - name: Build and Publish | |
| id: build-and-publish | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| tags: ${{steps.docker-extract-metadata.outputs.tags}} | |
| labels: ${{steps.docker-extract-metadata.outputs.labels}} | |
| - name: Generate Artifact Attestation | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-name: ${{env.REGISTRY}}/${{env.IMAGE_NAME}} | |
| subject-digest: ${{steps.build-and-publish.outputs.digest}} | |
| push-to-registry: true | |
| release: | |
| needs: [build-and-publish] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| if: github.ref_type == 'tag' | |
| steps: | |
| - name: Create GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: gh release create '${{ github.ref_name }}' --repo '${{github.repository}}' --verify-tag | |
| --generate-notes |