diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..53f85d5e --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,91 @@ +# This workflow will build and unit test the project. +# If the workflow is running on the "main" branch, then +# semantic-release is also run to create a new release (if +# warranted by the new commits being built). + +name: Build/Test + +on: + push: + branches: ['**'] + pull_request: + branches: ['**'] + workflow_dispatch: + # Allow workflow to be triggered manually. + +jobs: + detect-secrets: + if: "!contains(github.event.head_commit.message, '[skip ci]')" + name: Detect-Secrets + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Install detect-secrets + run: | + pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets" + + - name: Run detect-secrets + run: | + detect-secrets scan --update .secrets.baseline + detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline + + build: + needs: detect-secrets + name: Build/Test (Python ${{ matrix.python-version }}) + + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ['3.9', '3.13'] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Build & Test + run: make ci + + create-release: + needs: build + name: Semantic-Release + if: "github.ref_name == 'main' && github.event_name != 'pull_request'" + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Install Publishing Tools + run: | + pip install bump-my-version + npm install + + - name: Run semantic-release + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + run: npm run semantic-release diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..5d55a5fc --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,34 @@ +# This workflow is responsible for: +# - publishing artifacts to Maven Central +# - building and publishing javadocs to the git repository. +# It is triggered when a new release is created. + +name: Publish +on: + release: + types: [created] + workflow_dispatch: + # Allow this workflow to be triggered manually + +jobs: + publish: + name: Publish Release + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Build and publish distribution + env: + TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} + run: | + make ci + make publish-release diff --git a/.secrets.baseline b/.secrets.baseline index b4137111..a06aa1c4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-10-23T05:17:26Z", + "generated_at": "2025-01-09T22:39:35Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/Makefile b/Makefile index 9212c641..9b4ac231 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ all: upgrade-pip setup test-unit lint ci: all -publish-release: build-dist publish-dist +publish-release: publish-deps build-dist publish-dist upgrade-pip: ${PYTHON} -m pip install --upgrade pip @@ -23,6 +23,10 @@ deps: dev-deps: ${PYTHON} -m pip install .[dev] +detect-secrets: + detect-secrets scan --update .secrets.baseline + detect-secrets audit .secrets.baseline + publish-deps: ${PYTHON} -m pip install .[publish]