diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 5821187..f9a9137 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -1,16 +1,32 @@ name: Publish to PyPi +permissions: + contents: read + on: push: tags: - "v*" jobs: - lint: - uses: prosegrinder/.github/.github/workflows/poetry-lint.yaml@main + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + mypy: + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main + + bandit: + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main test: - needs: lint + needs: + - pylint + - black + - mypy + - bandit uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main publish: diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 5ae8396..9128fce 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -1,5 +1,8 @@ name: Python Poetry CI +permissions: + contents: read + on: pull_request: @@ -8,26 +11,28 @@ concurrency: cancel-in-progress: true jobs: - lint: - uses: prosegrinder/.github/.github/workflows/poetry-lint.yaml@main + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + mypy: + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main + + bandit: + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main test: - needs: lint + needs: + - pylint + - black + - mypy + - bandit uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main cz-dry-run: needs: test - name: "Dry run Commitizen bump" - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: "${{ secrets.GITHUB_TOKEN }}" - - name: Dry-run bump and changelog - uses: commitizen-tools/commitizen-action@0.24.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - check_consistency: true - dry_run: true + uses: prosegrinder/.github/.github/workflows/poetry-cz-dry-run.yaml@main + secrets: + VERSION_BUMP_TAG_TOKEN: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}" diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index 12af964..9f121da 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -1,5 +1,8 @@ name: Bump Version and Create Release +permissions: + contents: write + on: push: branches: @@ -10,27 +13,32 @@ concurrency: cancel-in-progress: true jobs: - bump-and-release: - if: "!startsWith(github.event.head_commit.message, 'bump:')" - runs-on: ubuntu-latest - name: "Bump version and create changelog with commitizen" - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}" - - name: Create bump and changelog - id: cz - uses: commitizen-tools/commitizen-action@0.24.0 - with: - commit: true - push: true - github_token: ${{ secrets.VERSION_BUMP_TAG_TOKEN }} - changelog_increment_filename: "release-body.md" - - name: Create GitHub Release - uses: softprops/action-gh-release@v2 - with: - body_path: "release-body.md" - tag_name: v${{ steps.cz.outputs.version }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + mypy: + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main + + bandit: + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main + + test: + needs: + - pylint + - black + - mypy + - bandit + uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main + + release: + needs: test + if: ${{ !startsWith(github.event.head_commit.message, 'bump:') }} + # Don't run 'bump:' + permissions: + contents: write + uses: prosegrinder/.github/.github/workflows/poetry-release.yaml@main + secrets: + VERSION_BUMP_TAG_TOKEN: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}"