Testing
Code Quality
Repository
Linting

---

GitHub Actions and Re-usable Workflows for Python Packaging CI/CD

python-package-ci-cd is a collection of GitHub Actions and re-usable Workflows that enable Python Packaging CI/CD.

Actions

1. create_unique_testpypi_version
   • This action creates a unique version number for the provided Python package to enable uploading the package to TestPyPI.
2. fetch_pr_number
   • This action fetches the Pull Request number for the provided SHA in the provided GitHub repository.
3. find_unreleased_changelog_items
   • This action will parse the repository's CHANGELOG.md file to determine if there are any unreleased items. It will fail if it cannot find any unreleased items, as this means that the package is not ready for a new release.
4. update_development_dependencies
   • This action enables updating Python development dependencies using the Poetry package manager in-sync with pre-commit hooks.

Reusable Workflows

1. check-api-for-breaking-changes.yml
   • This workflow will use the griffe Python package to check for any major or breaking changes in a package's API.
2. codeql-analysis.yml
   • This workflow will checkout the code and then run a CodeQL analysis against the specified languages.
3. enforce-community-standards.yml
   • This workflow will ensure that all necessary files are in place in order to meet the Open Source Community Standards for a repository.
4. package-build.yml
   • This workflow will build the package using the hynek/build-and-inspect-python-package action, and then verify that the package can be installed on each combination of Python version and operating system specified.
5. package-release.yml
   • This workflow will create a new release of the package using the python-semantic-release tool. It will then build the package, upload the package to TestPyPI and PyPI, create a new GitHub Release for the project, and then verify that the package can be installed from TestPyPI and PyPI.
6. package-testpypi.yml
   • This workflow will build the package using the hynek/build-and-inspect-python-package action, upload the package to TestPyPI, and then verify that the package can be installed from TestPyPI.
7. publish-api-comparison.yml
   • This workflow will use the output from the check-api-for-breaking-changes.yml workflow to create a comment on the Pull Request that introduces the changes with a detailed breakdown of the changes.
8. publish-test-results.yml
   • This workflow will publish the test results from the artifact_<operating-system-name>_tests artifacts uploaded by the test-code.yml workflow by creating a comment on the Pull Request that triggered the test run.
9. sbom-scan.yml
   • This workflow will create a Software Bill of Materials (SBOM) for the repository using the anchore/sbom-action Action and then scan the SBOM using the anchore/scan-action Action.
10. test-code.yml
    • This workflow will run the tests for the code in the repository that are defined by its tox configuration.
11. test-docs.yml
    • This workflow will run the documentation tests for the code in the repository that are defined by its tox configuration.
12. update-python-and-pre-commit-dependencies.yml
    • This workflow updates Python development dependencies using the Poetry package manager in-sync with pre-commit hooks when triggered as a part of Dependabot updates for the Python dependencies.

Maintainers

Before reaching out to any maintainers directly, please first check if your issue or question is already covered by any open issues. If the issue or question you have is not already covered, please file a new issue or start a discussion and the maintainers will review and respond there.

• opensource@tektronix.com - For open-source policy and license questions.

Contributing

Interested in contributing? Check out the contributing guidelines. Please note that this project is released with a Code of Conduct. By contributing to this project, you agree to abide by its terms.

License

python-package-ci-cd was created by Tektronix. It is licensed under the terms of the Apache License 2.0.