chore(deps): bump actions/attest-build-provenance in the actions group #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test and Release | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| permissions: | |
| contents: read | |
| id-token: write # Required for OIDC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # Many color libraries just need this to be set to any value, but at least | |
| # one distinguishes color depth, where "3" -> "256-bit color". | |
| FORCE_COLOR: 3 | |
| jobs: | |
| pre-commit: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| - name: Run pre-commit | |
| run: | | |
| pip install pre-commit | |
| pre-commit install | |
| pre-commit run --all-files | |
| npm-build: | |
| runs-on: ubuntu-latest | |
| needs: [pre-commit] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set Up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| - name: Build js-lib | |
| run: | | |
| cd js-lib | |
| npm ci | |
| npm run typecheck | |
| npm run build | |
| checks: | |
| name: Check Python ${{ matrix.python-version }} on ${{ matrix.runs-on }} | |
| runs-on: ${{ matrix.runs-on }} | |
| needs: [pre-commit] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.13"] | |
| runs-on: [ubuntu-latest, windows-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| - name: Install package | |
| run: | | |
| python -m pip install . | |
| python -m pip install "pytest >=6" "pytest-asyncio" "pytest-cov >=3" | |
| - name: Test package | |
| run: >- | |
| python -m pytest -ra --cov --cov-report=xml --cov-report=term | |
| --durations=20 | |
| release: | |
| needs: [pre-commit, npm-build, checks] | |
| name: Distribution build | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/wslink | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Python Semantic Release | |
| id: release | |
| uses: python-semantic-release/python-semantic-release@v10.5.3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # for debug output | |
| # root_options: "-vv" | |
| - name: Generate artifact attestation for sdist and wheel | |
| if: steps.release.outputs.released == 'true' | |
| uses: actions/attest-build-provenance@v4.1.0 | |
| with: | |
| subject-path: "dist/*" | |
| - uses: pypa/gh-action-pypi-publish@release/v1 | |
| if: steps.release.outputs.released == 'true' | |
| - uses: actions/setup-node@v6 | |
| if: steps.release.outputs.released == 'true' | |
| with: | |
| node-version: "24" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: NPM | |
| if: steps.release.outputs.released == 'true' | |
| working-directory: js-lib | |
| run: | | |
| npm install -g npm@latest # Ensures OIDC support | |
| npm ci | |
| npm publish |