feat: release

.github/workflows/_pdm-publish.yml

@@ -0,0 +1,13 @@
+on:
+  workflow_call:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pdm-project/setup-pdm@v3
+      - run: pdm publish -u "__token__" -P "${{ secrets.PYPI_API_TOKEN }}"

.github/workflows/_pre-commit-autoupdate.yml

@@ -0,0 +1,27 @@
+on:
+  workflow_call:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  auto-update:
+    # browniebroke/pre-commit-autoupdate-action
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v3
+      - run: python -m pip install pre-commit
+      - run: pre-commit autoupdate --freeze
+      - run: pre-commit run -a
+      - uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: pre-commit-autoupdate
+          title: Update pre-commit hooks
+          commit-message: "chore: update pre-commit hooks"
+          body: Update versions of pre-commit hooks to latest version.

.github/workflows/_pre-commit.yml

@@ -0,0 +1,10 @@
+on:
+  workflow_call:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v3
+      - uses: pre-commit/[email protected]

.github/workflows/_python-semantic-release.yml

@@ -0,0 +1,25 @@
+on:
+  workflow_call:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: python-semantic-release
+      # cancel-in-progress: true
+
+    permissions:
+      # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#defining-access-for-the-github_token-scopes
+      contents: write
+
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: python-semantic-release/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/_test.yml

@@ -0,0 +1,30 @@
+on:
+  workflow_call:
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # https://github.com/actions/runner-images#available-images
+        os: [ubuntu-latest]
+        py_ver:
+          - "3.12"
+          - "3.11"
+          - "3.10"
+          - "3.9"
+          - "3.8"
+        pw_browser: [chromium]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pdm-project/setup-pdm@v4
+        with:
+          python-version: ${{ matrix.py_ver }}
+          cache: true
+          cache-dependency-path: "**/pdm.lock"
+      - run: pdm install
+      - run: pdm list --graph
+      - run: pdm run playwright install --with-deps ${{ matrix.pw_browser }}
+      - run: pdm run pytest --browser=${{ matrix.pw_browser }}

.github/workflows/main.yml

@@ -1,79 +1,21 @@
-name: main
-
 on:
-  pull_request_review:
   push:
-    branches:
-      - "*"
+  pull_request:
 
 jobs:
-  test:
-    # if: false
+  # permissions -> https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions
 
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        py_ver:
-          - "3.12"
-          - "3.11"
-          - "3.10"
-          - "3.9"
-          - "3.8"
-        pw_browser: [chromium]
-    runs-on: ${{ matrix.os }}
+  test:
+    uses: ./.github/workflows/_test.yml
 
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.py_ver }}
-      - uses: pdm-project/setup-pdm@v3
-      - run: pdm install
-      - run: pdm list --graph
-      - run: pdm run playwright install --with-deps ${{ matrix.pw_browser }}
-      - run: pdm run pytest --browser=${{ matrix.pw_browser }}
+  pre-commit:
+    uses: ./.github/workflows/_pre-commit.yml
 
-  release: # https://github.com/python-semantic-release/python-semantic-release/blob/master/.github/workflows/main.yml
+  python-semantic-release:
     if: ${{ github.ref == 'refs/heads/master' }}
-    needs:
-      - test
-
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-    runs-on: ${{ matrix.os }}
-
-    concurrency: release
+    uses: ./.github/workflows/_python-semantic-release.yml
     permissions:
-      id-token: write
       contents: write
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - uses: python-semantic-release/[email protected]
-        id: release
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          root_options: "-vv"
-
-      # https://python-semantic-release.readthedocs.io/en/latest/migrating_from_v7.html
-
-      - name: Publish package distributions to PyPI
-        id: pypi-publish
-        if: steps.release.outputs.released == 'true'
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          verbose: true
-          user: ${{ secrets.PYPI_USERNAME }}
-          password: ${{ secrets.PYPI_PASSWORD }}
-
-      - name: Publish package distributions to GitHub Releases
-        id: github-release
-        if: steps.release.outputs.released == 'true'
-        uses: python-semantic-release/upload-to-gh-release@main
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ steps.release.outputs.tag }}
+    needs:
+      - test
+      - pre-commit

.github/workflows/post-main.yml

@@ -0,0 +1,29 @@
+on:
+  workflow_run:
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
+    workflows:
+      - .github/workflows/main.yml
+    types:
+      - completed
+
+jobs:
+  is-success:
+    if: ${{ github.ref == 'refs/heads/master' }} && ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "is-success"
+
+  pre-commit-autoupdate:
+    uses: ./.github/workflows/_pre-commit-autoupdate.yml
+    permissions:
+      contents: write
+      pull-requests: write
+
+  pdm-publish:
+    needs:
+      - is-success
+    uses: ./.github/workflows/_pdm-publish.yml
+    permissions:
+      contents: read
+      id-token: write
+    secrets: inherit

.pre-commit-config.yaml

@@ -1,33 +1,47 @@
+# fail_fast: true
+
 exclude: |
   (?x)^(
+    .*/migrations/.*|
     CHANGELOG.md
   )$
 
 repos:
-  ### PYTHON
+  ### LOCAL
 
-  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: 8cd2d4056637e242709fe09f15a36f0b4b682bda # frozen: v1.8.0
+  - repo: local
     hooks:
-      - id: mypy
-        language_version: python3.9
-        # additional_dependencies:
-        #   - types-all
-        # args:
-        #   - --explicit-package-bases
+      - id: sh -c
+        name: sh -c
+        entry: sh -c
+        args:
+          - echo "pre-commit!"
+        language: system
+        require_serial: true
+        # verbose: true
+
+  ### PYTHON
 
   - repo: https://github.com/psf/black
-    rev: e026c93888f91a47a9c9f4e029f3eb07d96375e6 # frozen: 24.1.1
+    rev: 6fdf8a4af28071ed1d079c01122b34c5d587207a  # frozen: 24.2.0
     hooks: # https://black.readthedocs.io/en/stable/integrations/source_version_control.html
       - id: black
 
   - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: 1bd02b3569e3ac5cc66552b1336a96a8880d1bae  # frozen: v0.2.1
+    rev: cc575a3e5800b42ffbb5182b53d87203b2c4fc26 # frozen: v0.2.2
     hooks: # https://beta.ruff.rs/docs/installation-and-usage/#usage
       - id: ruff
 
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: "8cd2d4056637e242709fe09f15a36f0b4b682bda" # frozen: v1.8.0
+    hooks:
+      - id: mypy
+        additional_dependencies: [types-all]
+        args:
+          - --explicit-package-bases
+
   - repo: https://github.com/asottile/pyupgrade
-    rev: 1bbebc88c6925a4e56fd5446b830b12c38c1c24a # frozen: v3.15.0
+    rev: df17dfa3911b81b4a27190b0eea5b1debc7ffa0a # frozen: v3.15.1
     hooks:
       - id: pyupgrade
 
@@ -40,20 +54,10 @@ repos:
       - id: python-use-type-annotations
       - id: text-unicode-replacement-char
 
-  ### MD
-
-  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: c9ea83146232fb263effdfe6f222d87f5395b27a # frozen: v0.39.0
-    hooks:
-      - id: markdownlint-fix
-        args:
-          - --disable=line-length
-          - --disable=no-inline-html
-
   ### MISC
 
   - repo: https://github.com/crate-ci/typos
-    rev: c9a8c2e546451910cab4b467188a6c4e18a1743d  # frozen: v1.18.1
+    rev: 15c3fd95cb1c654bec86ec94bef057cc08a1c1c1 # frozen: typos-v0.10.21
     hooks:
       - id: typos
 
@@ -75,15 +79,15 @@ repos:
       - id: check-builtin-literals # requires literal syntax when initializing empty or zero python builtin types.
       - id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
       # - id: check-docstring-first # checks a common error of defining a docstring after code.
-      # - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
-      # - id: check-json # checks json files for parseable syntax.
+      - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
+      - id: check-json # checks json files for parseable syntax.
       - id: check-shebang-scripts-are-executable # ensures that (non-binary) files with a shebang are executable.
-      # - id: pretty-format-json # sets a standard for formatting json files.
-      #   args:
-      #     - --autofix
-      #     - --indent=2
-      #     - --no-sort-keys
-      #     - --no-ensure-ascii
+      - id: pretty-format-json # sets a standard for formatting json files.
+        args:
+          - --autofix
+          - --indent=2
+          - --no-sort-keys
+          - --no-ensure-ascii
       - id: check-merge-conflict # checks for files that contain merge conflict strings.
       # - id: check-symlinks # checks for symlinks which do not point to anything.
       - id: check-toml # checks toml files for parseable syntax.