@@ -12,32 +12,12 @@ jobs:
1212 runs-on : ubuntu-latest
1313 strategy :
1414 matrix :
15- python-version : ["3.10", "3. 11", "3.12", "3.13", "3.14"]
15+ python-version : ["3.11", "3.12", "3.13", "3.14"]
1616
1717 steps :
1818 - name : Checkout
1919 uses : actions/checkout@v4
2020
21- - name : Cache pip
22- uses : actions/cache@v4
23- with :
24- path : |
25- ~/.cache/pip
26- key : ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/pyproject.toml') }}
27- restore-keys : |
28- ${{ runner.os }}-pip-${{ matrix.python-version }}-
29-
30- name : Cache pip wheels & pre-commit
31- uses : actions/cache@v4
32- with :
33- path : |
34- ~/.cache/pip/wheels
35- .wheelhouse
36- ~/.cache/pre-commit
37- key : ${{ runner.os }}-pip-wheels-${{ matrix.python-version }}-${{ hashFiles('**/pyproject.toml') }}
38- restore-keys : |
39- ${{ runner.os }}-pip-wheels-${{ matrix.python-version }}-
40-
4121 - name : Install uv
4222 uses : astral-sh/setup-uv@v4
4323 with :
@@ -46,35 +26,15 @@ jobs:
4626 - name : Set up Python ${{ matrix.python-version }}
4727 run : uv python install ${{ matrix.python-version }}
4828
49- - name : Build wheelhouse for project and dev deps (via uv)
50- run : |
51- # Build wheels for the project and development extras into .wheelhouse
52- uv pip wheel -w .wheelhouse --no-build-isolation "[dev]" || true
53-
54- name : Create venv (uv)
55- run : |
56- # create a fresh .venv using uv
57- uv venv
58-
59- name : Install project dev dependencies into venv from wheelhouse
60- run : |
61- # Install using only the local wheels for reproducibility / speed
62- uv pip install --no-index --find-links .wheelhouse "[dev]" || uv pip install --no-index --find-links .wheelhouse "[dev]"
29+ - name : Sync dependencies with uv
30+ run : uv sync --all-extras
6331
6432 - name : Lint (ruff)
65- run : uv run ruff check .
66-
67- - name : Check formatting with Black (via uv)
68- run : uv run python -m black --check .
33+ run : uv run ruff check python_project_deployment
6934
7035 - name : Typecheck (mypy)
7136 run : uv run mypy python_project_deployment
7237
73- - name : Run pre-commit hooks (all files) via uv
74- run : |
75- uv run pre-commit install
76- uv run pre-commit run --all-files
77-
7838 - name : Tests (pytest)
7939 run : uv run pytest --cov --cov-report=xml --cov-report=html
8040
9959 name : coverage-html-${{ matrix.python-version }}
10060 path : htmlcov
10161
102- - name : Build Sphinx docs via uv
103- if : " ${{ matrix.python-version == '3.11' }}"
104- run : |
105- uv run python -m sphinx -b html docs docs/_build/html || true
106-
107- name : Upload docs artifact
108- if : " ${{ matrix.python-version == '3.11' }}"
109- uses : actions/upload-artifact@v4
110- with :
111- name : docs-html
112- path : docs/_build/html
113-
11462 security :
11563 name : Security Scan
11664 runs-on : ubuntu-latest
@@ -195,36 +143,12 @@ jobs:
195143continue-on-error : true
196144
197145 - name : Upload security reports
146+ if : always()
198147 uses : actions/upload-artifact@v4
199148 with :
200149 name : security-reports
201150 path : |
202151 bandit-report.json
203152 bandit-report.sarif
204153 safety-report.json
205- if : always()
206-
207- deploy-docs :
208- name : Publish docs to GitHub Pages
209- runs-on : ubuntu-latest
210- needs : test
211- # Only deploy on pushes to main (avoid publishing from PRs)
212- if : github.event_name == 'push' && github.ref == 'refs/heads/main'
213- steps :
214- - name : Checkout
215- uses : actions/checkout@v4
216-
217- - name : Download docs artifact
218- uses : actions/download-artifact@v4
219- with :
220- name : docs-html
221- path : docs/_build/html
222-
223- - name : Upload pages artifact
224- uses : actions/upload-pages-artifact@v1
225- with :
226- path : docs/_build/html
227-
228- - name : Deploy to GitHub Pages
229- uses : actions/deploy-pages@v1
230- with : {}
154+ if data.get('vulnerabilities'):
0 commit comments