ci: updated with correct permissions and only on tags push #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build ⚙️ | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '!**.md' | |
| - 'docs/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '!**.md' | |
| - 'docs/**' | |
| release: | |
| types: | |
| - released | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| test: | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| python-version: ['3.10'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| name: Setup Python ${{ matrix.python-version }} | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install poetry | |
| uses: abatilo/actions-poetry@v2 | |
| - name: Setup a virtual environment | |
| run: | | |
| poetry config virtualenvs.create true --local | |
| poetry config virtualenvs.in-project true --local | |
| - uses: actions/cache@v3 | |
| name: Define a cache for the virtual environment based on the dependencies lock file | |
| with: | |
| path: ./.venv | |
| key: venv-${{ hashFiles('poetry.lock') }} | |
| - name: Install the project dependencies | |
| run: poetry install | |
| - name: Lint with ruff | |
| run: poetry run ruff check src | |
| - name: Check with mypy | |
| run: poetry run mypy . | |
| - name: Run tests | |
| run: poetry run pytest -v --cov=src | |
| build-and-publish: | |
| runs-on: ubuntu-24.04 | |
| needs: test # Ensures tests pass before publishing | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set image tag | |
| id: vars | |
| run: echo "tag=ghcr.io/${{ github.repository }}:${{ github.sha }}" >> $GITHUB_OUTPUT | |
| - name: Build and tag Docker image | |
| run: docker build -t ${{ steps.vars.outputs.tag }} . | |
| - name: Push Docker image | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: docker push ${{ steps.vars.outputs.tag }} | |
| - name: Tag and push latest (on main only) | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| docker tag ${{ steps.vars.outputs.tag }} ghcr.io/${{ github.repository }}:latest | |
| docker push ghcr.io/${{ github.repository }}:latest |