Skip to content
CI Workflow

CI (branch: dependabot/uv/ruff-0.15.2) #1004

Sign in to view logs

CI (branch: dependabot/uv/ruff-0.15.2)

CI (branch: dependabot/uv/ruff-0.15.2) #1004

Workflow file for this run

.github/workflows/ci.yml at 2c8ed1f
name: CI Workflow
run-name: "CI (${{ github.event_name == 'pull_request' && format('pr: #{0}', github.event.number) || format('{0}: {1}', startsWith(github.event.ref, 'refs/tags') && 'tag' || 'branch', github.ref_name) }})"
on:
push:
pull_request:
concurrency:
# Concurrency is defined in a way that concurrent builds against the main branch do not not cancel previous builds.
# However, for branches other than the main branch, and every new build against the same pull request source branch,
# all older builds against that same branch get canceled.
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ !contains(github.ref, 'refs/heads/main') }}
permissions: {}
env:
COLUMNS: 190
FORCE_COLOR: "1"
TOOLR_DEBUG_IMPORTS: "1"
jobs:
prepare-ci:
name: Prepare CI
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-run-build: ${{ steps.check-build.outputs.should-run-build }}
platform-matrix: ${{ steps.generate-build-matrix.outputs.platform-matrix }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: "3.11"
- name: Install uv
id: install-uv
uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
- name: Generate additional ToolR requirements file
run: |
uv export --frozen --no-hashes --only-group tools --output-file ${{ github.workspace }}/toolr-requirements.txt
- name: Setup ToolR
id: setup-toolr
uses: s0undt3ch/ToolR@05c0d9d5f907b1c108a02af1b9b52aa71926bc06 # v0.11.0
with:
requirements-file: ${{ github.workspace }}/toolr-requirements.txt
- name: Check if the build should run
id: check-build
run: |
toolr ci check-run-build ${{ github.event_name }} ${{ github.ref_name }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate Build Matrix
id: generate-build-matrix
if: fromJSON(steps.check-build.outputs.should-run-build)
run: |
toolr ci generate-build-matrix
pre-commit:
name: Pre-commit
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- prepare-ci
if: fromJSON(needs.prepare-ci.outputs.should-run-build)
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Prek
id: setup-pre-commit
uses: ./.github/actions/setup-pre-commit
with:
cache-seed: ci
- name: Run Prek
run: |
prek run --all-files --show-diff-on-failure
prepare-release:
name: Prepare Release
needs:
- pre-commit
uses: ./.github/workflows/prepare-release.yml
permissions:
contents: read
id-token: write
attestations: write
test-linux:
name: Test
needs:
- pre-commit
uses: ./.github/workflows/test.yml
with:
os: ubuntu-latest
display-name: Linux
permissions:
contents: read
id-token: write
test-windows:
name: Test
needs:
- pre-commit
uses: ./.github/workflows/test.yml
with:
os: windows-latest
display-name: Windows
permissions:
contents: read
id-token: write
test-macos:
name: Test
needs:
- pre-commit
uses: ./.github/workflows/test.yml
with:
os: macos-latest
display-name: macOS
permissions:
contents: read
id-token: write
build-linux:
name: Build
needs:
- prepare-ci
- test-linux
- prepare-release
uses: ./.github/workflows/build.yml
with:
display-name: Linux
release-tarball-name: ${{ needs.prepare-release.outputs.release-tarball-name }}
platform-matrix: ${{ toJSON(fromJSON(needs.prepare-ci.outputs.platform-matrix)['linux']) }}
permissions:
contents: read
id-token: write
attestations: write
build-windows:
name: Build
needs:
- prepare-ci
- test-windows
- prepare-release
uses: ./.github/workflows/build.yml
with:
display-name: Windows
release-tarball-name: ${{ needs.prepare-release.outputs.release-tarball-name }}
platform-matrix: ${{ toJSON(fromJSON(needs.prepare-ci.outputs.platform-matrix)['windows']) }}
permissions:
contents: read
id-token: write
attestations: write
build-macos:
name: Build
needs:
- prepare-ci
- test-macos
- prepare-release
uses: ./.github/workflows/build.yml
with:
display-name: macOS
release-tarball-name: ${{ needs.prepare-release.outputs.release-tarball-name }}
platform-matrix: ${{ toJSON(fromJSON(needs.prepare-ci.outputs.platform-matrix)['macos']) }}
permissions:
contents: read
id-token: write
attestations: write
docs:
name: Publish Docs
runs-on: ubuntu-latest
needs:
- pre-commit
- prepare-release
permissions:
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Virtual Environment
uses: ./.github/actions/setup-virtualenv
with:
cache-prefix: docs
python-version: "3.11"
uv-sync-args: "--group docs"
- uses: ./.github/actions/configure-git
- name: Apply Release Patch
uses: ./.github/actions/apply-release-patch
with:
release-patch-name: ${{ needs.prepare-release.outputs.release-patch-name }}
- name: Build MkDocs site
run: uv run mkdocs build
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
if: github.ref == 'refs/heads/main'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./site
publish:
name: Publish to Test PyPI
needs:
- build-linux
- build-windows
- build-macos
runs-on: ubuntu-latest
permissions:
id-token: write
attestations: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
pattern: cibw-wheel-*
path: dist
merge-multiple: true
- name: Flatten dist/ directory
run: |
ls -lah dist/
- name: Publish to Test PyPI (Trusted Publisher)
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
repository-url: https://test.pypi.org/legacy/
packages-dir: dist/
skip-existing: true
verbose: true
set-pipeline-exit-status:
permissions:
actions: read
# This step is just so we can make github require this step, to pass checks
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
needs:
- prepare-ci
- pre-commit
- prepare-release
- docs
- publish
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- uses: martialonline/workflow-status@326830cacf79872efe767e15031f58d1ea0508c4 # v4.2
id: check
- run: echo "Workflow failed"
if: steps.check.outputs.status == 'failure'
- run: echo "Workflow was cancelled"
if: steps.check.outputs.status == 'cancelled'
- run: echo "Workflow was successful"
if: steps.check.outputs.status == 'success'