chemotools/.github/workflows/python-release.yml at main · paucablop/chemotools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: Publish Python 🐍 distributions 📦 to PyPI

on:
  release:
    types: [published]

permissions:
  contents: read

jobs:
  quality:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Python 3.13
        uses: actions/setup-python@v5
        with:
          python-version: "3.13"

      - name: Install uv
        uses: astral-sh/setup-uv@v6

      - name: Install Task
        uses: arduino/setup-task@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Print versions
        run: |
          python --version
          uv --version
          task --version

      - name: Install dependencies
        run: task install

      - name: Check formatting
        run: task format-check

      - name: Run linting
        run: task lint

      - name: Run type checking
        run: task type-check

      - name: Run tests with coverage
        run: task coverage

  compatibility:
    runs-on: ubuntu-latest
    needs: quality
    strategy:
      fail-fast: false
      matrix:
        include:
          - python-version: '3.10'
            session: 'tests-3.10'
          - python-version: '3.11'
            session: 'tests-3.11'
          - python-version: '3.12'
            session: 'tests-3.12'
          - python-version: '3.13'
            session: 'tests-3.13'
          - python-version: '3.14'
            session: 'tests-3.14'
          - python-version: '3.10'
            session: 'tests-min-sklearn-3.10'
          - python-version: '3.11'
            session: 'tests-min-sklearn-3.11'
          - python-version: '3.12'
            session: 'tests-min-sklearn-3.12'

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install uv
        uses: astral-sh/setup-uv@v6

      - name: Print versions
        run: |
          python --version
          uv --version

      - name: Install dependencies
        run: uv sync --all-groups

      - name: Run nox session ${{ matrix.session }}
        run: uv run nox -s ${{ matrix.session }} -- -q

  release:
    runs-on: ubuntu-latest
    needs: [quality, compatibility]
    environment: release
    permissions:
        contents: write
        id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install uv
        uses: astral-sh/setup-uv@v6

      - name: Install Task
        uses: arduino/setup-task@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Print versions
        run: |
          python --version
          uv --version
          task --version

      # 1. Install dependencies
      - name: Install dependencies
        run: task install:release

      # 2. Build package
      - name: Build package
        run: task build

      # 3. Create clean venv with package for SBOM
      - name: Create release environment
        run: task install:release:sbom

      # 4. Publish to PyPI
      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1

      # 5. Generate SBOM from runtime environment
      - name: Generate SBOM
        run: |
          uv tool install cyclonedx-bom

          CYCLONEDX_VERSION=$(uv tool run cyclonedx-py --version | head -n1)
          echo "Generating SBOM using $CYCLONEDX_VERSION"

          # Use the globally installed tool to scan the clean venv
          uv tool run cyclonedx-py environment \
            --output-format=json \
            --output-file=chemotools-${{ github.event.release.tag_name }}-sbom.json \
            .venv-release
          echo "cyclonedx-bom-version=$CYCLONEDX_VERSION" >> $GITHUB_OUTPUT
        id: sbom

      # 6. Upload SBOM as release asset
      - name: Upload SBOM to release
        uses: softprops/action-gh-release@v1
        with:
          files: chemotools-${{ github.event.release.tag_name }}-sbom.json
          append_body: true
          body: |

            ---
            **SBOM Information:**
            - File: `chemotools-${{ github.event.release.tag_name }}-sbom.json`
            - Generated with: `${{ steps.sbom.outputs.cyclonedx-bom-version }}`
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}