.github/workflows/main.yml

name: build

on:
  push:
    branches:
      - master
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"

  pull_request:

jobs:
  build:

    runs-on: ${{ matrix.os }}

    strategy:
      fail-fast: false
      matrix:
        python: ["3.10", "3.11", "3.12", "3.13"]
        os: [ubuntu-latest, windows-latest]

    steps:
    - uses: actions/checkout@v4.2.2
    - name: Set up Python
      uses: actions/setup-python@v5.3.0
      with:
        python-version: ${{ matrix.python }}
    - name: Install tox
      run: |
        python -m pip install --upgrade pip
        pip install tox
    - name: Test
      run: |
        tox -e py
    - name: Upload coverage reports to Codecov
      uses: codecov/codecov-action@v5.1.1
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        fail_ci_if_error: true

  deploy:

    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')

    runs-on: ubuntu-latest

    needs: build

    steps:
    - uses: actions/checkout@v4.2.2
    - name: Set up Python
      uses: actions/setup-python@v5.3.0
      with:
        python-version: "3.x"
    - name: Install wheel
      run: |
        python -m pip install --upgrade pip
        pip install build
    - name: Build package
      run: |
        python -m build
    - name: Publish package to PyPI
      uses: pypa/gh-action-pypi-publish@v1.12.2
      with:
        user: __token__
        password: ${{ secrets.pypi_token }}
        attestations: true
    - name: GitHub Release
      uses: softprops/action-gh-release@v2.1.0
      with:
        files: dist/*

  sonarcloud:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4.2.2
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}