Switch to trusted publishing, renovate build and test env #334
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| - push | |
| - pull_request | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Lint | |
| uses: astral-sh/ruff-action@v3 | |
| with: | |
| args: "check" | |
| version-file: "example/requirements.txt" | |
| - name: Format | |
| uses: astral-sh/ruff-action@v3 | |
| with: | |
| args: "format --check" | |
| version-file: "example/requirements.txt" | |
| test: | |
| name: Test | |
| needs: | |
| - lint | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| django: | |
| - "4.2" | |
| - "5.0" | |
| - "5.1" | |
| exclude: | |
| - django: "4.2" | |
| python-version: "3.13" | |
| - django: "5.0" | |
| python-version: "3.13" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Update pip | |
| run: python -m pip install --upgrade pip | |
| - name: Install Django ${{ matrix.django }} | |
| run: pip install "Django~=${{ matrix.django }}" | |
| - name: Install package | |
| run: pip install -e . | |
| - name: Run tests | |
| run: python ./example/manage.py test | |
| build: | |
| name: Build package | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Install pypa/build | |
| run: python -m pip install build --user | |
| - name: Build a binary wheel and a source tarball | |
| run: python3 -m build | |
| - name: Store artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| publish: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/django-kafka | |
| permissions: | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - name: Download dists from artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: Publish | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| github-release: | |
| name: Sign packages and upload to GitHub releases | |
| runs-on: ubuntu-latest | |
| needs: | |
| - publish | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: Download dists from artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: Sign dists | |
| uses: sigstore/gh-action-sigstore-python@v3.0.0 | |
| with: | |
| inputs: >- | |
| ./dist/*.tar.gz | |
| ./dist/*.whl | |
| - name: Create GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: gh release create "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" --notes "" | |
| - name: Upload artifact signatures to GitHub release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: gh release upload "$GITHUB_REF_NAME" dist/** --repo "$GITHUB_REPOSITORY" |