Merge pull request #11 from datalogics-cgreen/pdfcloud-5464-security #150
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test and Publish | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - feature-* | |
| release: | |
| types: | |
| - published | |
| jobs: | |
| tests: | |
| name: Tests (Python ${{ matrix.python-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| version: 0.9.18 | |
| python-version: ${{ matrix.python-version }} | |
| enable-cache: true | |
| cache-suffix: test-and-publish | |
| cache-dependency-glob: uv.lock | |
| - name: Run tests with nox | |
| run: uvx nox --python ${{ matrix.python-version }} --session tests -- --no-parallel | |
| env: | |
| PDFREST_API_KEY: ${{ secrets.PDFREST_API_KEY }} | |
| - name: Fetch base branch for diff-cover | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| if git rev-parse --is-shallow-repository | grep -q true; then | |
| git fetch --no-tags --prune origin ${{ github.base_ref }} --unshallow | |
| else | |
| git fetch --no-tags --prune origin ${{ github.base_ref }} | |
| fi | |
| - name: Run diff-cover (new code must be >= 90%) | |
| if: github.event_name == 'pull_request' | |
| run: > | |
| uv run diff-cover coverage/py${{ matrix.python-version }}/coverage.xml | |
| --compare-branch origin/${{ github.base_ref }} | |
| --fail-under 90 | |
| --format markdown:coverage/py${{ matrix.python-version }}/diff-cover.md | |
| - name: Check client class function coverage | |
| run: > | |
| uv run python scripts/check_class_function_coverage.py | |
| coverage/py${{ matrix.python-version }}/coverage.json | |
| --class PdfRestClient | |
| --class AsyncPdfRestClient | |
| --class _FilesClient | |
| --class _AsyncFilesClient | |
| --fail-under 90 | |
| --markdown-report coverage/py${{ matrix.python-version }}/class-function-coverage.md | |
| - name: Upload coverage reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-${{ matrix.python-version }} | |
| path: coverage/py${{ matrix.python-version }} | |
| examples: | |
| name: Examples (Python ${{ matrix.python-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| version: 0.9.18 | |
| python-version: ${{ matrix.python-version }} | |
| enable-cache: true | |
| cache-suffix: test-and-publish | |
| cache-dependency-glob: uv.lock | |
| - name: Run examples with nox | |
| run: uvx nox --python ${{ matrix.python-version }} --session examples | |
| env: | |
| PDFREST_API_KEY: ${{ secrets.PDFREST_API_KEY }} | |
| publish: | |
| name: Publish to CodeArtifact | |
| needs: | |
| - tests | |
| - examples | |
| if: github.event_name == 'release' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| env: | |
| UV_PROJECT_ENVIRONMENT: .venv-release | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Assume AWS role for repository CI | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::304774597385:role/cit-oidc-role-${{ github.event.repository.name }}-ci | |
| aws-region: us-east-2 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| version: 0.9.18 | |
| enable-cache: true | |
| cache-suffix: pre-commit | |
| cache-dependency-glob: uv.lock | |
| - name: Restore venv cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ env.UV_PROJECT_ENVIRONMENT }} | |
| key: ${{ runner.os }}-uv-release-${{ hashFiles('pyproject.toml') }} | |
| - name: Install keyring | |
| run: uv tool install keyring --with keyrings.codeartifact | |
| - name: Synchronize project dependencies | |
| run: uv sync --group dev | |
| - name: Build distribution artifacts | |
| run: uv build --python 3.11 | |
| - name: Publish package to CodeArtifact | |
| run: uv publish --publish-url=https://datalogics-304774597385.d.codeartifact.us-east-2.amazonaws.com/pypi/cit-pypi/ --username __token__ |