From ee8d867eb51fc48ef41a48181db8e50d32dd4434 Mon Sep 17 00:00:00 2001 From: Phil Adams Date: Thu, 9 Jan 2025 15:56:31 -0600 Subject: [PATCH] fix: enable github workflows Signed-off-by: Phil Adams --- .github/workflows/build.yaml | 91 ++++++++++++++++++++++++++++++++++ .github/workflows/publish.yaml | 34 +++++++++++++ .secrets.baseline | 12 ++--- Makefile | 6 ++- 4 files changed, 136 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/publish.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..53f85d5e --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,91 @@ +# This workflow will build and unit test the project. +# If the workflow is running on the "main" branch, then +# semantic-release is also run to create a new release (if +# warranted by the new commits being built). + +name: Build/Test + +on: + push: + branches: ['**'] + pull_request: + branches: ['**'] + workflow_dispatch: + # Allow workflow to be triggered manually. + +jobs: + detect-secrets: + if: "!contains(github.event.head_commit.message, '[skip ci]')" + name: Detect-Secrets + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Install detect-secrets + run: | + pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets" + + - name: Run detect-secrets + run: | + detect-secrets scan --update .secrets.baseline + detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline + + build: + needs: detect-secrets + name: Build/Test (Python ${{ matrix.python-version }}) + + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ['3.9', '3.13'] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Build & Test + run: make ci + + create-release: + needs: build + name: Semantic-Release + if: "github.ref_name == 'main' && github.event_name != 'pull_request'" + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Install Publishing Tools + run: | + pip install bump-my-version + npm install + + - name: Run semantic-release + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + run: npm run semantic-release diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..5d55a5fc --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,34 @@ +# This workflow is responsible for: +# - publishing artifacts to Maven Central +# - building and publishing javadocs to the git repository. +# It is triggered when a new release is created. + +name: Publish +on: + release: + types: [created] + workflow_dispatch: + # Allow this workflow to be triggered manually + +jobs: + publish: + name: Publish Release + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Build and publish distribution + env: + TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} + run: | + make ci + make publish-release diff --git a/.secrets.baseline b/.secrets.baseline index f126d107..262b3dfc 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "package-lock.json|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-10-10T16:00:10Z", + "generated_at": "2025-01-09T21:56:01Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -346,7 +346,7 @@ "hashed_secret": "4080eeeaf54faf879b9e8d99c49a8503f7e855bb", "is_secret": false, "is_verified": false, - "line_number": 17, + "line_number": 37, "type": "Secret Keyword", "verified_result": null }, @@ -354,7 +354,7 @@ "hashed_secret": "37e94c31b6a756ba2afd2fe9a9765172cd79ac47", "is_secret": false, "is_verified": false, - "line_number": 102, + "line_number": 110, "type": "Secret Keyword", "verified_result": null }, @@ -362,7 +362,7 @@ "hashed_secret": "da2f27d2c57a0e1ed2dc3a34b4ef02faf2f7a4c2", "is_secret": false, "is_verified": false, - "line_number": 123, + "line_number": 131, "type": "Hex High Entropy String", "verified_result": null } @@ -372,7 +372,7 @@ "hashed_secret": "da2f27d2c57a0e1ed2dc3a34b4ef02faf2f7a4c2", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 63, "type": "Hex High Entropy String", "verified_result": null }, @@ -380,7 +380,7 @@ "hashed_secret": "37e94c31b6a756ba2afd2fe9a9765172cd79ac47", "is_secret": false, "is_verified": false, - "line_number": 205, + "line_number": 206, "type": "Secret Keyword", "verified_result": null } diff --git a/Makefile b/Makefile index fa4bda3f..b2a3de10 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ all: upgrade-pip setup test-unit lint ci: all -publish-release: build-dist publish-dist +publish-release: publish-deps build-dist publish-dist upgrade-pip: ${PYTHON} -m pip install --upgrade pip @@ -23,6 +23,10 @@ deps: dev-deps: ${PYTHON} -m pip install .[dev] +detect-secrets: + detect-secrets scan --update .secrets.baseline + detect-secrets audit .secrets.baseline + publish-deps: ${PYTHON} -m pip install .[publish]