Skip to content

Add Security Policy #1033

Add Security Policy

Add Security Policy #1033

Workflow file for this run

name: tests
on:
push:
branches:
- main
tags:
- v*
pull_request:
schedule:
- cron: '14 7 * * 0' # run once a week on Sunday
workflow_dispatch:
jobs:
run-tests:
strategy:
matrix:
config:
# [Python version, tox env]
- ["3.8", "py38"]
- ["3.8", "nopytz"]
- ["3.9", "py39"]
- ["3.10", "py310"]
- ["pypy-3.9", "pypy3"]
# - ["3.10", "docs"] # disable as readthedocs builds it
- ["3.11", "py311"]
- ["3.12", "py312"]
- ["3.13", "py313"]
runs-on: ubuntu-latest
name: ${{ matrix.config[1] }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.config[0] }}
# for caching, see
# https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages
cache: 'pip'
cache-dependency-path: |
setup.*
tox.ini
requirements*.txt
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox coveralls coverage-python-version
- name: Test
run: tox -e ${{ matrix.config[1] }}
- name: Coveralls Parallel
uses: coverallsapp/github-action@v2
with:
flag-name: run-${{ matrix.config[1] }}
parallel: true
file: coverage.xml
allow-empty: true
coverage:
# parallel test coverage upload
# see https://coveralls-python.readthedocs.io/en/latest/usage/configuration.html#github-actions-support
name: Submit test coverage
needs: run-tests
# always finalize coverage aftest tests ran
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-not-requiring-successful-dependent-jobs
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Coveralls Finished
uses: coverallsapp/github-action@v2
with:
parallel-finished: true
format: cobertura
test-distribution:
name: Check built package
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.13"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build distribution files
run: python -m build # same as in deploy-tag-to-pypi
- name: Check distribution files
run: twine check dist/*
deploy-tag-to-pypi:
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
if: startsWith(github.ref, 'refs/tags/v')
needs:
- run-tests
- test-distribution
runs-on: ubuntu-latest
# This environment stores the TWINE_USERNAME and TWINE_PASSWORD
# see https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
environment:
name: PyPI
url: https://pypi.org/project/icalendar/
# after using the environment, we need to make the secrets available
# see https://docs.github.com/en/actions/security-guides/encrypted-secrets#example-using-bash
env:
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.13"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: remove old files
run: rm -rf dist/*
- name: build distribution files
run: python -m build # same as in test-distribution
- name: deploy to pypi
run: |
# You will have to set the variables TWINE_USERNAME and TWINE_PASSWORD
# You can use a token specific to your project by setting the user name to
# __token__ and the password to the token given to you by the PyPI project.
# sources:
# - https://shambu2k.hashnode.dev/gitlab-to-pypi
# - http://blog.octomy.org/2020/11/deploying-python-pacakges-to-pypi-using.html?m=1
if [ -z "$TWINE_USERNAME" ]; then
echo "WARNING: TWINE_USERNAME not set!"
fi
if [ -z "$TWINE_PASSWORD" ]; then
echo "WARNING: TWINE_PASSWORD not set!"
fi
twine check dist/*
twine upload dist/*
deploy-github-release:
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
if: startsWith(github.ref, 'refs/tags/v')
needs:
- run-tests
- test-distribution
runs-on: ubuntu-latest
environment:
name: github-release
steps:
- uses: actions/checkout@v4
- name: Create GitHub release from tag
uses: ncipollo/release-action@v1
with:
allowUpdates: true
body: "To view the changes, please see the [Changelog](https://icalendar.readthedocs.io/en/latest/changelog.html). This release can be installed from [PyPI](https://pypi.org/project/icalendar/#history)."
generateReleaseNotes: false