update release wf #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: [ '*.*.*' ] | |
| env: | |
| PYTHON_VERSION: "3.11" | |
| MONGODB_VERSION: "8.0" | |
| jobs: | |
| lint-and-format: | |
| name: Code Quality Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-lint-${{ hashFiles('**/requirements-test.txt', 'pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip-lint- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-test.txt | |
| pip install black isort | |
| - name: Check code formatting with Black | |
| run: | | |
| black --check --diff pymongosql/ | |
| - name: Check import sorting with isort | |
| run: | | |
| isort --check-only --diff pymongosql/ | |
| - name: Lint with flake8 | |
| run: | | |
| flake8 pymongosql/ --count --statistics | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11', '3.12', '3.13'] | |
| mongodb-version: ['7.0', '8.0'] | |
| services: | |
| mongodb: | |
| image: mongo:${{ matrix.mongodb-version }} | |
| env: | |
| MONGO_INITDB_ROOT_USERNAME: admin | |
| MONGO_INITDB_ROOT_PASSWORD: secret | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --health-cmd "mongosh --eval 'db.runCommand({ping: 1})' --quiet" | |
| --health-interval 30s | |
| --health-timeout 10s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-py${{ matrix.python-version }}-mongo${{ matrix.mongodb-version }}-pip-${{ hashFiles('**/requirements-test.txt', 'pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-py${{ matrix.python-version }}-mongo${{ matrix.mongodb-version }}-pip- | |
| - name: Install MongoDB shell | |
| run: | | |
| wget -qO - https://www.mongodb.org/static/pgp/server-7.0.asc | sudo apt-key add - | |
| echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list | |
| sudo apt-get update | |
| sudo apt-get install -y mongodb-mongosh | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-test.txt | |
| pip install -e . | |
| - name: Wait for MongoDB to be ready | |
| run: | | |
| echo "Waiting for MongoDB to be ready..." | |
| for i in {1..30}; do | |
| if mongosh --host localhost:27017 --username admin --password secret --authenticationDatabase admin --eval "db.runCommand({ping: 1})" --quiet; then | |
| echo "MongoDB is ready!" | |
| break | |
| fi | |
| echo "Attempt $i: MongoDB not ready yet, waiting..." | |
| sleep 2 | |
| done | |
| - name: Set up test database | |
| run: | | |
| echo "Setting up test database..." | |
| python tests/run_test_server.py setup || true | |
| - name: Run tests with coverage | |
| run: | | |
| python -m pytest tests/ -v --cov=pymongosql --cov-report=term-missing --cov-report=xml --cov-report=html | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| if: matrix.python-version == '3.11' && matrix.mongodb-version == '8.0' | |
| with: | |
| env_vars: OS,PYTHON | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.xml | |
| flags: unittests | |
| fail_ci_if_error: false | |
| - name: Upload coverage artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.python-version == '3.11' && matrix.mongodb-version == '8.0' | |
| with: | |
| name: coverage-report | |
| path: htmlcov/ | |
| build: | |
| name: Build Distribution | |
| runs-on: ubuntu-latest | |
| needs: [lint-and-format, test] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Fetch full history for setuptools_scm | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine setuptools_scm[toml] | |
| - name: Build source and wheel distributions | |
| run: | | |
| python -m build | |
| - name: Check distribution | |
| run: | | |
| twine check dist/* | |
| - name: List built packages | |
| run: | | |
| ls -la dist/ | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| pypi-publish: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/pymongosql | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| create-github-release: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: [build, pypi-publish] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: dist/* | |
| generate_release_notes: true | |
| name: Release ${{ steps.version.outputs.version }} | |
| body: | | |
| ## PyMongoSQL ${{ steps.version.outputs.version }} | |
| ### Installation | |
| ```bash | |
| pip install pymongosql==${{ steps.version.outputs.version }} | |
| ``` | |
| ### What's New | |
| See the automatically generated release notes below for detailed changes. | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install security tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install safety bandit[toml] | |
| - name: Run safety check | |
| run: | | |
| safety check --json --output safety-report.json || true | |
| - name: Run bandit security scan | |
| run: | | |
| bandit -r pymongosql/ -f json -o bandit-report.json || true | |
| - name: Upload security scan results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| safety-report.json | |
| bandit-report.json |