add token permissions #58
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | ||
| # Copyright (C) 2023 Benjamin Thomas Schwertfeger | ||
| # GitHub: https://github.com/btschwertfeger | ||
| # | ||
| # Workflow to apply pre-commit, build, test and upload the package | ||
| # to the test index of PyPI. | ||
| name: CI/CD | ||
| permissions: read-all | ||
| on: | ||
| push: | ||
| branches: | ||
| - "**" | ||
| schedule: | ||
| - cron: "20 16 * * 0" | ||
| release: | ||
| types: [created] | ||
| concurrency: | ||
| group: CICD-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| ## Checks the code logic, style and more | ||
| ## | ||
| Pre-Commit: | ||
| uses: ./.github/workflows/_pre_commit.yaml | ||
| ## Discover vulnerabilities | ||
| ## | ||
| CodeQL: | ||
|
Check failure on line 33 in .github/workflows/cicd.yaml
|
||
| uses: ./.github/workflows/_codeql.yaml | ||
| ## Builds the package on multiple OS for multiple | ||
| ## Python versions | ||
| ## | ||
| Build: | ||
| needs: [Pre-Commit] | ||
| uses: ./.github/workflows/_build.yaml | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| os: [ubuntu-latest, macos-latest, windows-latest] | ||
| python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | ||
| with: | ||
| os: ${{ matrix.os }} | ||
| python-version: ${{ matrix.python-version }} | ||
| ## Build the documentation | ||
| ## | ||
| Build-Doc: | ||
| needs: [Pre-Commit] | ||
| uses: ./.github/workflows/_build_doc.yaml | ||
| with: | ||
| os: ubuntu-latest | ||
| python-version: "3.11" | ||
| ## Run the unit tests for Python 3.8 until 3.11 | ||
| ## | ||
| Test: | ||
| needs: [Pre-Commit] | ||
| uses: ./.github/workflows/_test.yaml | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, windows-latest] | ||
| python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | ||
| with: | ||
| os: ${{ matrix.os }} | ||
| python-version: ${{ matrix.python-version }} | ||
| ## Generates and uploads the coverage statistics to codecov | ||
| ## | ||
| CodeCov: | ||
| if: | | ||
| (success() && github.actor == 'btschwertfeger') | ||
| && (github.event_name == 'push' || github.event_name == 'release') | ||
| needs: [Pre-Commit] | ||
| uses: ./.github/workflows/_codecov.yaml | ||
| with: | ||
| os: ubuntu-latest | ||
| python-version: "3.11" | ||
| secrets: inherit | ||
| ## Uploads the package to test.pypi.org on master if triggered by | ||
| ## a regular commit/push. | ||
| ## | ||
| UploadTestPyPI: | ||
| if: | | ||
| ( | ||
| success() | ||
| && github.actor == 'btschwertfeger' | ||
| && github.ref == 'refs/heads/master' | ||
| ) | ||
| && (github.event_name == 'push' || github.event_name == 'release') | ||
| needs: | ||
| - Build | ||
| - Build-Doc | ||
| - Test | ||
| - CodeQL | ||
| name: Upload current version to Test PyPI | ||
| uses: ./.github/workflows/_pypi_publish.yaml | ||
| with: | ||
| REPOSITORY_URL: https://test.pypi.org/legacy/ | ||
| secrets: | ||
| API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }} | ||
| ## Upload the python-kraken-sdk to Production PyPI | ||
| ## | ||
| UploadPyPI: | ||
| if: | | ||
| success() && | ||
| github.actor == 'btschwertfeger' && | ||
| github.event_name == 'release' | ||
| needs: | ||
| - Build | ||
| - Build-Doc | ||
| - Test | ||
| - CodeQL | ||
| name: Upload the current release to PyPI | ||
| uses: ./.github/workflows/_pypi_publish.yaml | ||
| with: | ||
| REPOSITORY_URL: https://upload.pypi.org/legacy/ | ||
| secrets: | ||
| API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} | ||
