diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a9a7615 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 + rebase-strategy: auto + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 diff --git a/.github/workflows/auto-merge-deps.yml b/.github/workflows/auto-merge-deps.yml new file mode 100644 index 0000000..3f29112 --- /dev/null +++ b/.github/workflows/auto-merge-deps.yml @@ -0,0 +1,26 @@ +name: Auto-merge Dependabot when green +on: + pull_request: + types: [labeled, synchronize, reopened, ready_for_review] + check_suite: + types: [completed] +permissions: + contents: write + pull-requests: write +jobs: + enable-automerge: + runs-on: ubuntu-latest + steps: + - name: Find green Dependabot PRs + uses: peter-evans/find-pull-request@v3 + id: find + with: + author: dependabot[bot] + state: open + base: main + - name: Enable auto-merge (squash) + if: steps.find.outputs.pull-requests != '' + uses: peter-evans/enable-pull-request-automerge@v3 + with: + pull-request-number: ${{ fromJson(steps.find.outputs.pull-requests)[0].number }} + merge-method: squash diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..1ce3f7d --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,30 @@ +name: dependabot-auto-merge + +on: + pull_request_target: + types: [opened, synchronize, reopened, ready_for_review] + +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + if: ${{ github.actor == 'dependabot[bot]' }} + runs-on: ubuntu-latest + steps: + - name: Fetch metadata + id: meta + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable PR auto-merge (patch/minor only) + if: | + steps.meta.outputs.update-type == 'version-update:semver-patch' || + steps.meta.outputs.update-type == 'version-update:semver-minor' + uses: peter-evans/enable-pull-request-automerge@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + pull-request-number: ${{ github.event.pull_request.number }} + merge-method: squash diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml new file mode 100644 index 0000000..4e1cde8 --- /dev/null +++ b/.github/workflows/publish-pypi.yml @@ -0,0 +1,49 @@ +name: publish-pypi + +on: + workflow_dispatch: + push: + tags: + - "v*" + +permissions: + contents: read + id-token: write + +jobs: + build-publish: + name: Build & publish to PyPI + runs-on: ubuntu-latest + environment: pypi + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.12" + cache: "pip" + + - name: Install build backend + run: python -m pip install --upgrade pip build + + - name: Build sdist & wheel + run: python -m build --sdist --wheel --outdir dist/ + + - name: Check tag matches version (only on tags) + if: startsWith(github.ref, 'refs/tags/') + shell: bash + run: | + PYPROJECT_VERSION=$(python - <<'PY' + import tomllib + print(tomllib.load(open("pyproject.toml","rb"))["project"]["version"]) + PY + ) + TAG="${GITHUB_REF_NAME#v}" + echo "pyproject.toml: $PYPROJECT_VERSION / tag: $TAG" + test "$TAG" = "$PYPROJECT_VERSION" + + - name: Publish to PyPI (Trusted Publisher) + if: startsWith(github.ref, 'refs/tags/') + uses: pypa/gh-action-pypi-publish@release/v1 + with: + print_hash: true