diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 8cc5084d..a3c17dae 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -3,6 +3,9 @@ name: Check pull requests for changelog updates on: - pull_request +permissions: + contents: read + jobs: check_changelog_updates: runs-on: ubuntu-latest diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 16043cc2..1f8119c8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,6 +3,9 @@ name: Continuous Integration on: - push +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index c289553c..64a9e6b2 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -13,7 +13,7 @@ on: workflow_dispatch: release: - types: [released] + types: [ released ] permissions: contents: read @@ -21,28 +21,25 @@ permissions: jobs: build: runs-on: ubuntu-latest - - permissions: - contents: read steps: - - uses: actions/checkout@v4 - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - - name: Build package - run: python -m build - - name: Upload dist - uses: actions/upload-artifact@v4 - with: - name: zospy_dist - path: "dist/" - + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Upload dist + uses: actions/upload-artifact@v4 + with: + name: zospy_dist + path: "dist/" + publish_to_pypi: name: Publish to PyPI needs: build @@ -53,16 +50,16 @@ jobs: id-token: write steps: - - name: Download dist - uses: actions/download-artifact@v4 - with: - name: zospy_dist - path: dist - - name: Publish package - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - + - name: Download dist + uses: actions/download-artifact@v4 + with: + name: zospy_dist + path: dist + - name: Publish package + uses: pypa/gh-action-pypi-publish@release/v1 + with: + user: __token__ + upload_to_github: name: Upload to GitHub runs-on: ubuntu-latest @@ -73,20 +70,20 @@ jobs: contents: write steps: - - name: Download dist - uses: actions/download-artifact@v4 - with: - name: zospy_dist - path: dist - - name: Upload wheels to GitHub release - uses: svenstaro/upload-release-action@2.9.0 - with: - tag: ${{ github.ref }} - file: "dist/*.whl" - file_glob: true - - name: Upload dist to GitHub release - uses: svenstaro/upload-release-action@2.9.0 - with: - tag: ${{ github.ref }} - file: "dist/*.tar.gz" - file_glob: true + - name: Download dist + uses: actions/download-artifact@v4 + with: + name: zospy_dist + path: dist + - name: Upload wheels to GitHub release + uses: svenstaro/upload-release-action@2.9.0 + with: + tag: ${{ github.ref }} + file: "dist/*.whl" + file_glob: true + - name: Upload dist to GitHub release + uses: svenstaro/upload-release-action@2.9.0 + with: + tag: ${{ github.ref }} + file: "dist/*.tar.gz" + file_glob: true diff --git a/.github/workflows/python-test-publish.yml b/.github/workflows/python-test-publish.yml index 44a0af7c..9e316d17 100644 --- a/.github/workflows/python-test-publish.yml +++ b/.github/workflows/python-test-publish.yml @@ -13,33 +13,33 @@ on: workflow_dispatch: release: - types: [prereleased] + types: [ prereleased ] + +permissions: + contents: read jobs: build: runs-on: ubuntu-latest - - permissions: - contents: read steps: - - uses: actions/checkout@v4 - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - - name: Build package - run: python -m build - - name: Upload dist - uses: actions/upload-artifact@v4 - with: - name: zospy_dist - path: "dist/" - + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Upload dist + uses: actions/upload-artifact@v4 + with: + name: zospy_dist + path: "dist/" + publish_to_testpypi: name: Publish to TestPyPI runs-on: ubuntu-latest @@ -50,19 +50,19 @@ jobs: id-token: write steps: - - name: Download dist - uses: actions/download-artifact@v4 - with: - name: zospy_dist - path: dist - - name: Publish package - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - repository-url: https://test.pypi.org/legacy/ - # If the release is already present, overwrite it - skip-existing: true - + - name: Download dist + uses: actions/download-artifact@v4 + with: + name: zospy_dist + path: dist + - name: Publish package + uses: pypa/gh-action-pypi-publish@release/v1 + with: + user: __token__ + repository-url: https://test.pypi.org/legacy/ + # If the release is already present, overwrite it + skip-existing: true + publish_to_github: runs-on: ubuntu-latest if: github.event_name == 'release' @@ -72,20 +72,20 @@ jobs: contents: write steps: - - name: Download dist - uses: actions/download-artifact@v4 - with: - name: zospy_dist - path: dist - - name: Upload wheels to GitHub release - uses: svenstaro/upload-release-action@2.9.0 - with: - tag: ${{ github.ref }} - file: "dist/*.whl" - file_glob: true - - name: Upload dist to GitHub release - uses: svenstaro/upload-release-action@2.9.0 - with: - tag: ${{ github.ref }} - file: "dist/*.tar.gz" - file_glob: true + - name: Download dist + uses: actions/download-artifact@v4 + with: + name: zospy_dist + path: dist + - name: Upload wheels to GitHub release + uses: svenstaro/upload-release-action@2.9.0 + with: + tag: ${{ github.ref }} + file: "dist/*.whl" + file_glob: true + - name: Upload dist to GitHub release + uses: svenstaro/upload-release-action@2.9.0 + with: + tag: ${{ github.ref }} + file: "dist/*.tar.gz" + file_glob: true