Skip to content

Add Security Policy #319

Add Security Policy

Add Security Policy #319

Workflow file for this run

name: tests
on:
push:
branches:
- main
tags:
- v*
pull_request:
workflow_dispatch:
jobs:
run-tests:
strategy:
matrix:
config:
# [Python version, tox env, timezone]
- ["3.8", "py38", "Australia/Sydney"]
- ["3.9", "py39", "UTC"]
- ["3.10", "py310", "Asia/Singapore"]
- ["3.11", "py311", "Pacific/Bougainville"]
- ["3.12", "py312", "Europe/London"]
- ["3.13", "py313", "America/Dawson"]
runs-on: ubuntu-latest
name: ${{ matrix.config[1] }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.config[0] }}
- name: Pip cache
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.config[0] }}-${{ hashFiles('setup.*', 'tox.ini') }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.config[0] }}-
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Test
run: |
export TZ="{{ matrix.config[2] }}"
# Debug and check the default time zone
python3 -c 'import time; time.tzset(); print(time.strftime("%X %x %Z"))'
test/test_code_quality.sh
tox -e ${{ matrix.config[1] }}
deploy-tag-to-pypi:
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
if: startsWith(github.ref, 'refs/tags/v')
needs:
- run-tests
runs-on: ubuntu-latest
# This environment stores the TWINE_USERNAME and TWINE_PASSWORD
# see https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
environment:
name: PyPI
url: https://pypi.org/project/recurring-ical-events/
# after using the environment, we need to make the secrets available
# see https://docs.github.com/en/actions/security-guides/encrypted-secrets#example-using-bash
env:
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade wheel twine build
- name: Check the tag
run: |
PACKAGE_VERSION=`python setup.py --version`
TAG_NAME=v$PACKAGE_VERSION
echo "Package version $PACKAGE_VERSION with possible tag name $TAG_NAME on $GITHUB_REF_NAME"
# test that the tag represents the version
# see https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
# see https://docs.github.com/en/actions/learn-github-actions/environment-variables
if [ "$TAG_NAME" != "$GITHUB_REF_NAME" ]; then
echo "ERROR: This tag is for the wrong version. Got \"$GITHUB_REF_NAME\" expected \"$TAG_NAME\"."
exit 1
fi
- name: remove old files
run: rm -rf dist/*
- name: build distribution files
run: python setup.py bdist_wheel sdist
- name: deploy to pypi
run: |
# You will have to set the variables TWINE_USERNAME and TWINE_PASSWORD
# You can use a token specific to your project by setting the user name to
# __token__ and the password to the token given to you by the PyPI project.
# sources:
# - https://shambu2k.hashnode.dev/gitlab-to-pypi
# - http://blog.octomy.org/2020/11/deploying-python-pacakges-to-pypi-using.html?m=1
# Also, set the tags as protected to allow the secrets to be used.
# see https://docs.gitlab.com/ee/user/project/protected_tags.html
if [ -z "$TWINE_USERNAME" ]; then
echo "WARNING: TWINE_USERNAME not set!"
fi
if [ -z "$TWINE_PASSWORD" ]; then
echo "WARNING: TWINE_PASSWORD not set!"
fi
twine check dist/*
twine upload dist/*
deploy-github-release:
# only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
if: startsWith(github.ref, 'refs/tags/v')
needs:
- run-tests
- deploy-tag-to-pypi
runs-on: ubuntu-latest
environment:
name: github-release
steps:
- uses: actions/checkout@v4
- name: Create GitHub release from tag
uses: ncipollo/release-action@v1
with:
allowUpdates: true
body: "To view the changes, please see the [Changelog](https://github.com/niccokunzmann/python-recurring-ical-events?tab=readme-ov-file#changelog). This release can be installed from [PyPI](https://pypi.org/project/recurring-ical-events/#history)."
generateReleaseNotes: false