automation-templates/github/workflows/examples/python-build/python-package.yml at main · bauer-group/automation-templates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Example: Python Package CI with Multi-Platform Testing
# This example demonstrates using the reusable Python build workflow for PyPI packages

name: Python Package CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main, develop]
  workflow_dispatch:

permissions:
  contents: read
  pull-requests: read
  checks: write

jobs:
  build:
    name: Build & Test Package
    uses: ./.github/workflows/python-build.yml
    with:
      # Matrix Configuration for multi-platform testing
      enable-matrix: true
      matrix-os: '["ubuntu-latest", "windows-latest", "macos-latest"]'
      matrix-python: '["3.9", "3.10", "3.11", "3.12"]'
      matrix-fail-fast: false

      # Basic Configuration
      working-directory: "."
      project-type: "package"

      # Dependencies
      requirements-files: '["requirements.txt", "requirements-dev.txt"]'
      install-dev-requirements: true
      package-manager: "pip"
      cache-dependencies: true

      # Testing
      run-tests: true
      test-framework: "pytest"
      test-path: "tests"
      collect-coverage: true
      coverage-threshold: 90
      coverage-format: "xml,html"
      coverage-fail-under: false

      # Code Quality
      run-lint: true
      linter: "ruff"
      run-format-check: true
      formatter: "black"
      format-check-only: true
      run-import-sort: true
      run-type-check: true
      type-checker: "mypy"

      # Security
      run-security-scan: true
      security-tools: '["bandit", "safety"]'
      security-fail-on-error: false

      # Package Building
      build-package: true
      build-tools: '["build", "twine"]'
      package-check: true

      # Artifacts
      upload-artifacts: true
      artifact-name: "python-package"

    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

  # Optional: Publish to TestPyPI on develop branch
  publish-test:
    name: Publish to TestPyPI
    needs: build
    if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
    uses: ./.github/workflows/python-publish.yml
    with:
      python-version: "3.12"
      publish-to: "testpypi"
      run-tests: false # Already tested in build job
      validate-package: true
      run-security-scan: true
      create-github-release: false
      environment: "testpypi"
    secrets:
      TEST_PYPI_API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }}
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

  # Optional: Publish to PyPI on release
  publish-release:
    name: Publish to PyPI
    needs: build
    if: startsWith(github.ref, 'refs/tags/v')
    uses: ./.github/workflows/python-publish.yml
    with:
      python-version: "3.12"
      publish-to: "pypi"
      run-tests: false # Already tested in build job
      validate-package: true
      run-security-scan: true
      create-github-release: true
      release-draft: false
      release-prerelease: false
      generate-docs: true
      environment: "pypi"
    secrets:
      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}