v0.0.8 #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml', '**/requirements.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| make ci-install | |
| - name: Install make (Windows) | |
| if: runner.os == 'Windows' | |
| run: choco install make -y | |
| - name: Check docs language links | |
| run: python scripts/check_docs_language_links.py | |
| - name: Run quality and tests (Makefile) | |
| run: | | |
| make ci-test | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.9' && matrix.os == 'ubuntu-latest' | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e .[dev] | |
| pip install bandit safety | |
| - name: Security check with bandit (Makefile) | |
| run: | | |
| make security || true | |
| - name: Safety check | |
| run: | | |
| safety check --json --output safety-report.json || true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| build: | |
| needs: [test, security] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Build and check package (Makefile) | |
| run: | | |
| make ci-build | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-${{ github.ref_name }}-${{ github.run_number }} | |
| path: dist/ | |
| publish-test: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: false # 根据文档要求禁用:不进行自动 TestPyPI 发布 | |
| environment: testpypi | |
| permissions: | |
| contents: read | |
| id-token: write | |
| concurrency: | |
| group: ${{ github.repository }}-pypi-publish | |
| cancel-in-progress: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-${{ github.ref_name }}-${{ github.run_number }} | |
| path: dist/ | |
| - name: Publish to Test PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| skip-existing: true | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Verify install from TestPyPI | |
| run: | | |
| echo " Verifying installation from TestPyPI..." | |
| sleep 30 | |
| pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple/ claude-code-notifier | |
| python -c "import claude_notifier; print(f' Installed version: {claude_notifier.__version__}')" | |
| publish-release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: false # 已禁用;稳定版发布由 release.yml 统一处理 | |
| environment: pypi | |
| permissions: | |
| contents: read | |
| id-token: write | |
| concurrency: | |
| group: ${{ github.repository }}-pypi-publish | |
| cancel-in-progress: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-${{ github.ref_name }}-${{ github.run_number }} | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| skip-existing: true | |
| docker: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| ${{ secrets.DOCKERHUB_USERNAME }}/claude-notifier:latest | |
| ${{ secrets.DOCKERHUB_USERNAME }}/claude-notifier:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |