Security improvements (#17) #133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: general | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v*.*.* | |
| pull_request: | |
| branches: | |
| - main | |
| # schedule: | |
| # - cron: "0 3 * * *" | |
| jobs: | |
| # Test (Linux) | |
| test-linux: | |
| if: github.event_name != 'schedule' || github.repository_owner == 'frictionlessdata' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Python | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Prepare environment | |
| run: pip3 install hatch | |
| - name: Test software | |
| run: hatch run +py=${{ matrix.py || matrix.python-version }} ci:test | |
| - name: Report coverage | |
| uses: codecov/codecov-action@v2 | |
| # Test (MacOS) | |
| test-macos: | |
| if: github.event_name != 'schedule' || github.repository_owner == 'frictionlessdata' | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Prepare environment | |
| run: pip3 install hatch | |
| - name: Test software | |
| # https://stackoverflow.com/questions/9678408/cant-install-psycopg2-with-pip-in-virtualenv-on-mac-os-x-10-7 | |
| run: LDFLAGS=`echo $(pg_config --ldflags)` hatch run +py=3.10 ci:test | |
| # Test (Windows) | |
| test-windows: | |
| if: github.event_name != 'schedule' || github.repository_owner == 'frictionlessdata' | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Prepare environment | |
| run: pip3 install hatch | |
| - name: Test software | |
| run: hatch run +py=3.10 ci:test | |
| # Deploy | |
| deploy: | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Prepare environment | |
| run: pip3 install hatch | |
| - name: Build docs | |
| run: hatch run docs-build | |
| - name: Publush to Github Pages | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| branch: site | |
| folder: site | |
| clean: true | |
| # Release | |
| release: | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| needs: [test-linux, test-macos, test-windows] | |
| environment: release | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| run: pip install -U build | |
| - name: Build distribution | |
| run: python -m build | |
| - name: Publish to PYPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| - name: Release to GitHub | |
| uses: softprops/action-gh-release@v1 |