feat: allow smaller install by only install gui (#13) #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| jobs: | |
| lint: | |
| name: Lint & type-check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install dependencies | |
| run: uv sync --all-groups | |
| - name: Ruff lint | |
| run: uv run ruff check src/ tests/ | |
| - name: Ruff format check | |
| run: uv run ruff format --check src/ tests/ | |
| - name: Mypy | |
| run: uv run mypy src/ | |
| test: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install dependencies | |
| run: uv sync --all-groups | |
| - name: Run unit tests | |
| run: uv run pytest tests/unit/ -v | |
| audit: | |
| name: Dependency audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install dependencies | |
| run: uv sync --all-groups | |
| - name: Audit for known vulnerabilities | |
| run: | | |
| # CVE-2026-3219 / PYSEC-2026-196 affects pip itself (no fix released | |
| # yet); ignore both aliases so that vulnerabilities in actual project | |
| # dependencies still fail CI. | |
| uv run pip-audit --strict --ignore-vuln CVE-2026-3219 --ignore-vuln PYSEC-2026-196 | |
| release: | |
| name: Release | |
| needs: [lint, test, audit] | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| concurrency: release | |
| permissions: | |
| id-token: write # PyPI trusted publishing | |
| contents: write # push version bump commit + tag | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/project/odsbox-pilot/ | |
| steps: | |
| - uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 0 # PSR needs full history to find previous tags | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install dependencies | |
| run: uv sync --all-groups | |
| - name: Run semantic release | |
| id: release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: uv run semantic-release version | |
| - name: Detect release tag | |
| id: release_check | |
| shell: bash | |
| run: | | |
| if git tag --points-at HEAD | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then | |
| echo "released=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "released=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Build package | |
| if: steps.release_check.outputs.released == 'true' | |
| run: uv build | |
| - name: Publish to PyPI | |
| if: steps.release_check.outputs.released == 'true' | |
| run: uv publish --trusted-publishing always |