Updates to CI and Packaging

.github/workflows/wipac-cicd.yml

@@ -1,6 +1,6 @@
 name: wipac ci/cd
 
-on: [push]
+on: [ push ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,9 +18,15 @@ jobs:
     outputs:
       matrix: ${{ steps.versions.outputs.matrix }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: versions
-        uses: WIPACrepo/[email protected]
+        uses: WIPACrepo/[email protected]
+
+
+  #############################################################################
+  # LINTERS
+  #############################################################################
+
 
   flake8:
     runs-on: ubuntu-latest
@@ -33,43 +39,87 @@ jobs:
           max-complexity: 25
 
   mypy:
-    needs: [py-versions]
+    needs: [ py-versions ]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         py3: ${{ fromJSON(needs.py-versions.outputs.matrix) }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.py3 }}
       - uses: WIPACrepo/[email protected]
 
+  #############################################################################
+  # PACKAGING
+  #############################################################################
+
+
+  writable-branch-detect:
+    runs-on: ubuntu-latest
+    outputs:
+      OKAY: ${{ steps.detect.outputs.OKAY }}
+    steps:
+      - name: is this a bot-writable branch?
+        id: detect
+        # dependabot can't access normal secrets
+        #   & don't run non-branch triggers (like tags)
+        #   & we don't want to trigger an update on PR's merge to main/master/default (which is a branch)
+        run: |
+          set -euo pipefail
+          if [[ \
+              ${{github.actor}} != 'dependabot[bot]' && \
+              ${{github.ref_type}} == 'branch' && \
+              ${{format('refs/heads/{0}', github.event.repository.default_branch)}} != ${{github.ref}} \
+          ]]; then
+            echo "OKAY=true" >> "$GITHUB_OUTPUT"
+            echo "yes, this branch is compatible"
+          else
+            echo "OKAY=false" >> "$GITHUB_OUTPUT"
+            echo "no, this branch is incompatible"
+          fi
+
   py-setup:
+    needs: [ writable-branch-detect ]
     runs-on: ubuntu-latest
     steps:
-      # dependabot can't access normal secrets
-      #   & don't run non-branch triggers (like tags)
-      - if: |
-          github.actor != 'dependabot[bot]' &&
-          github.ref_type == 'branch'
-        name: checkout (only for non-dependabot non-default branches)
-        uses: actions/checkout@v3
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-      - if: |
-          github.actor != 'dependabot[bot]' &&
-          github.ref_type == 'branch'
-        name: wipac-dev-py-setup-action (only for non-dependabot non-default branches)
-        uses: WIPACrepo/[email protected]
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: WIPACrepo/[email protected]
         with:
-          base-keywords: IceCube
+          python_min: 3.9
+          python_max: 3.13
+          pypi_name: icecube-skyreader
+          author: WIPAC Developers
+          author_email: [email protected]
+          keywords: IceCube "skymap scanner" skymap HEALPix neutrino reconstruction
           git_committer_name: ${{ env.BOT_NAME }}
           git_committer_email: ${{ env.BOT_EMAIL }}
 
+  py-dependencies:
+    needs: [ writable-branch-detect ]
+    runs-on: ubuntu-latest
+    steps:
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: WIPACrepo/[email protected]
+
+
+  #############################################################################
+  # TESTS
+  #############################################################################
+
+
   unit-tests:
-    needs: [py-versions]
+    needs: [ py-versions ]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -83,34 +133,43 @@ jobs:
 
       - name: pip install
         run: |
+          set -euo pipefail
           pip install --upgrade pip wheel setuptools
           pip install .[tests]
 
       - name: test
         run: |
+          set -euo pipefail
           pytest -vvv tests/unit
 
       - name: dump comparison json files
         if: always()
         run: |
+          set -euo pipefail
           more *.json | cat
 
   release:
     # only run on main/master/default
     if: format('refs/heads/{0}', github.event.repository.default_branch) == github.ref
-    needs: [flake8, mypy, py-setup, unit-tests]
+    needs: [ flake8, mypy, py-setup, py-dependencies, unit-tests ]
     runs-on: ubuntu-latest
-    concurrency: release
+    concurrency: release  # prevent any possible race conditions
     steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-        token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    - name: Python Semantic Release
-      uses: python-semantic-release/[email protected]
-      with:
-        git_committer_name: ${{ env.BOT_NAME }}
-        git_committer_email: ${{ env.BOT_EMAIL }}
-        github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-        repository_username: __token__
-        repository_password: ${{ secrets.WIPAC_PYPI_TOKEN }}
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      # Python-Package Version Bump
+      - uses: python-semantic-release/[email protected]
+        id: psr-psr
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      # PyPI Release
+      - uses: pypa/[email protected]
+        if: steps.psr-psr.outputs.released == 'true'
+        with:
+          password: ${{ secrets.PYPI_TOKEN }}
+      # GitHub Release
+      - uses: python-semantic-release/[email protected]
+        if: steps.psr-psr.outputs.released == 'true'
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,5 +1,5 @@
 <!--- Top of README Badges (automated) --->
-[![PyPI](https://img.shields.io/pypi/v/icecube-skyreader)](https://pypi.org/project/icecube-skyreader/) [![GitHub release (latest by date including pre-releases)](https://img.shields.io/github/v/release/icecube/skyreader?include_prereleases)](https://github.com/icecube/skyreader/) [![PyPI - License](https://img.shields.io/pypi/l/icecube-skyreader)](https://github.com/icecube/skyreader/blob/main/LICENSE) [![Lines of code](https://img.shields.io/tokei/lines/github/icecube/skyreader)](https://github.com/icecube/skyreader/) [![GitHub issues](https://img.shields.io/github/issues/icecube/skyreader)](https://github.com/icecube/skyreader/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen) [![GitHub pull requests](https://img.shields.io/github/issues-pr/icecube/skyreader)](https://github.com/icecube/skyreader/pulls?q=is%3Apr+sort%3Aupdated-desc+is%3Aopen) 
+[![PyPI](https://img.shields.io/pypi/v/icecube-skyreader)](https://pypi.org/project/icecube-skyreader/) [![GitHub release (latest by date including pre-releases)](https://img.shields.io/github/v/release/icecube/skyreader?include_prereleases)](https://github.com/icecube/skyreader/) [![Versions](https://img.shields.io/pypi/pyversions/icecube-skyreader.svg)](https://pypi.org/project/icecube-skyreader) [![PyPI - License](https://img.shields.io/pypi/l/icecube-skyreader)](https://github.com/icecube/skyreader/blob/main/LICENSE) [![GitHub issues](https://img.shields.io/github/issues/icecube/skyreader)](https://github.com/icecube/skyreader/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen) [![GitHub pull requests](https://img.shields.io/github/issues-pr/icecube/skyreader)](https://github.com/icecube/skyreader/pulls?q=is%3Apr+sort%3Aupdated-desc+is%3Aopen)
 <!--- End of README Badges (automated) --->
 # skyreader
 An API for Results Produced by SkyDriver &amp; the Skymap Scanner