Add Security Policy #1024
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tests | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
pull_request: | |
schedule: | |
- cron: '14 7 * * 0' # run once a week on Sunday | |
workflow_dispatch: | |
jobs: | |
run-tests: | |
strategy: | |
matrix: | |
config: | |
# [Python version, tox env] | |
- ["3.8", "py38"] | |
- ["3.8", "nopytz"] | |
- ["3.9", "py39"] | |
- ["3.10", "py310"] | |
- ["pypy-3.9", "pypy3"] | |
# - ["3.10", "docs"] # disable as readthedocs builds it | |
- ["3.11", "py311"] | |
- ["3.12", "py312"] | |
- ["3.13", "py313"] | |
runs-on: ubuntu-latest | |
name: ${{ matrix.config[1] }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.config[0] }} | |
# for caching, see | |
# https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages | |
cache: 'pip' | |
cache-dependency-path: | | |
setup.* | |
tox.ini | |
requirements*.txt | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install tox coveralls coverage-python-version | |
- name: Test | |
run: tox -e ${{ matrix.config[1] }} | |
- name: Coveralls Parallel | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: run-${{ matrix.config[1] }} | |
parallel: true | |
file: coverage.xml | |
allow-empty: true | |
coverage: | |
# parallel test coverage upload | |
# see https://coveralls-python.readthedocs.io/en/latest/usage/configuration.html#github-actions-support | |
name: Submit test coverage | |
needs: run-tests | |
# always finalize coverage aftest tests ran | |
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-not-requiring-successful-dependent-jobs | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Coveralls Finished | |
uses: coverallsapp/github-action@v2 | |
with: | |
parallel-finished: true | |
format: cobertura | |
test-distribution: | |
name: Check built package | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.13" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install build twine | |
- name: Build distribution files | |
run: python -m build # same as in deploy-tag-to-pypi | |
- name: Check distribution files | |
run: twine check dist/* | |
deploy-tag-to-pypi: | |
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237 | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- run-tests | |
- test-distribution | |
runs-on: ubuntu-latest | |
# This environment stores the TWINE_USERNAME and TWINE_PASSWORD | |
# see https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment | |
environment: | |
name: PyPI | |
url: https://pypi.org/project/icalendar/ | |
# after using the environment, we need to make the secrets available | |
# see https://docs.github.com/en/actions/security-guides/encrypted-secrets#example-using-bash | |
env: | |
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} | |
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.13" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install build twine | |
- name: remove old files | |
run: rm -rf dist/* | |
- name: build distribution files | |
run: python -m build # same as in test-distribution | |
- name: deploy to pypi | |
run: | | |
# You will have to set the variables TWINE_USERNAME and TWINE_PASSWORD | |
# You can use a token specific to your project by setting the user name to | |
# __token__ and the password to the token given to you by the PyPI project. | |
# sources: | |
# - https://shambu2k.hashnode.dev/gitlab-to-pypi | |
# - http://blog.octomy.org/2020/11/deploying-python-pacakges-to-pypi-using.html?m=1 | |
if [ -z "$TWINE_USERNAME" ]; then | |
echo "WARNING: TWINE_USERNAME not set!" | |
fi | |
if [ -z "$TWINE_PASSWORD" ]; then | |
echo "WARNING: TWINE_PASSWORD not set!" | |
fi | |
twine check dist/* | |
twine upload dist/* | |
deploy-github-release: | |
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237 | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- run-tests | |
- test-distribution | |
runs-on: ubuntu-latest | |
environment: | |
name: github-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create GitHub release from tag | |
uses: ncipollo/release-action@v1 | |
with: | |
allowUpdates: true | |
body: "To view the changes, please see the [Changelog](https://icalendar.readthedocs.io/en/latest/changelog.html). This release can be installed from [PyPI](https://pypi.org/project/icalendar/#history)." | |
generateReleaseNotes: false |