chore: npm-audit-fix #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Semantic Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install Python dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e . | |
| - name: Run tests | |
| run: | | |
| python -c "import hatch_validator; print('Package imports successfully')" | |
| release: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| outputs: | |
| released: ${{ steps.release.outputs.released }} | |
| version: ${{ steps.release.outputs.version }} | |
| tag: ${{ steps.release.outputs.tag }} | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: generate_token | |
| uses: tibdex/github-app-token@v2 | |
| with: | |
| app_id: ${{ secrets.SEMANTIC_RELEASE_APP_ID }} | |
| private_key: ${{ secrets.SEMANTIC_RELEASE_PRIVATE_KEY }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.generate_token.outputs.token }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" | |
| - name: Install Node dependencies | |
| run: npm ci | |
| - name: Verify npm audit | |
| run: npm audit signatures | |
| - name: Release | |
| id: release | |
| env: | |
| GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| GH_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| npx semantic-release | |
| - name: Build Python Package | |
| if: success() | |
| run: | | |
| python -m pip install build | |
| python -m build | |
| - name: Upload Build Artifacts | |
| if: success() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-package | |
| path: dist/ | |
| retention-days: 30 | |
| publish-pypi: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [test, release] | |
| if: success() && github.event_name == 'push' | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/project/hatch-validator/ | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download Build Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-package | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| print-hash: true | |
| verbose: true |