-
Notifications
You must be signed in to change notification settings - Fork 1
65 lines (59 loc) · 2.1 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Check
on: [push, pull_request]
permissions:
contents: read
jobs:
check:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11", "3.12"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
docs.python.org:443
files.pythonhosted.org:443
github.com:443
install.python-poetry.org:443
pypi.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"
- run: poetry install
- run: poetry run ./check.sh
publish:
runs-on: ubuntu-latest
needs: check
environment: ${{ github.ref_type == 'tag' && 'release' || 'test' }}
if: ${{ github.event_name == 'push' }}
env:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
docs.python.org:443
files.pythonhosted.org:443
github.com:443
install.python-poetry.org:443
pypi.org:443
*.pypi.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.11"
cache: "poetry"
- run: ./publish.sh ${{ vars.PYPI_REPOSITORY }} ${{ github.ref_name != 'main' && github.ref_type != 'tag' && '--build-only' || '' }}