.github/workflows/ci.yml

name: CI

on:
  - push

jobs:
  build:
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    permissions:
      contents: read
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version:
          - "3.11"
          - "3.12"
    steps:
      - uses: actions/checkout@v4
      - name: Set up project using python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          cache: pip
          python-version: ${{ matrix.python-version }}
      # Run all pre-commit hooks on all the files.
      # Getting only staged files can be tricky in case a new PR is opened
      # since the action is run on a branch in detached head state
      - name: Install and run pre-commit
        uses: pre-commit/action@v3.0.1
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          python -m pip install tox tox-gh-actions
      - name: Test with tox
        run: tox -r

  release:
    # Only run on the 'main' and 'develop' branches.
    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
    needs:
     - build
    permissions: write-all
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          token: ${{ secrets.FYJ_GH_TOKEN }}
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          cache: pip
          python-version: "3.12"
      - name: Install requirements
        run: |
          python -m pip install --upgrade pip
          python -m pip install tox tox-gh-actions
      - name: Set up GPG
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          git_commit_gpgsign: true
          git_committer_email: ${{ secrets.FYJ_GIT_COMMITTER_EMAIL }}
          git_committer_name: ${{ secrets.FYJ_GIT_COMMITTER_NAME }}
          # Currently, signing commits leads to the CI hanging indefinitely.
          # See https://github.com/semantic-release/semantic-release/issues/3065
          git_tag_gpgsign: false
          git_user_signingkey: true
          gpg_private_key: ${{ secrets.FYJ_GPG_KEY }}
          passphrase: ${{ secrets.FYJ_GPG_KEY_PASSPHRASE }}
          trust_level: 5
      - name: Set up NodeJS
        uses: actions/setup-node@v4
        with:
          cache: npm
          node-version-file: .nvmrc
      - name: Install semantic-release
        run: npm ci
      - name: Create a release
        env:
          DEBUG: semantic-release:*
          GIT_AUTHOR_EMAIL: ${{ secrets.FYJ_GIT_COMMITTER_EMAIL }}
          GIT_AUTHOR_NAME: ${{ secrets.FYJ_GIT_COMMITTER_NAME }}
          GIT_COMMITTER_EMAIL: ${{ secrets.FYJ_GIT_COMMITTER_EMAIL }}
          GIT_COMMITTER_NAME: ${{ secrets.FYJ_GIT_COMMITTER_NAME }}
          GITHUB_TOKEN: ${{ secrets.FYJ_GH_TOKEN }}
        run: npx semantic-release