maint: Add SECURITY.md file #1133
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub CI | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "*" | |
| branches: | |
| - main | |
| env: | |
| MAIN_PYTHON_VERSION: '3.13' | |
| RESET_IMAGE_CACHE: 0 | |
| PACKAGE_NAME: ansys-tools-visualization-interface | |
| DOCUMENTATION_CNAME: visualization-interface.tools.docs.pyansys.com | |
| IN_GITHUB_ACTIONS: true | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| update-changelog: | |
| name: "Update CHANGELOG (on release)" | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: ansys/actions/doc-deploy-changelog@v10 | |
| with: | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} | |
| vulnerabilities: | |
| name: Vulnerabilities | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: PyAnsys Vulnerability check (on main) | |
| if: github.ref == 'refs/heads/main' | |
| uses: ansys/actions/check-vulnerabilities@v10 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| python-package-name: ${{ env.PACKAGE_NAME }} | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| - name: PyAnsys Vulnerability check (on dev mode) | |
| if: github.ref != 'refs/heads/main' | |
| uses: ansys/actions/check-vulnerabilities@v10 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| python-package-name: ${{ env.PACKAGE_NAME }} | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| dev-mode: true | |
| docs-style: | |
| name: Documentation Style Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: PyAnsys documentation style checks | |
| uses: ansys/actions/doc-style@v10 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| docs-build: | |
| name: Documentation Build | |
| runs-on: ubuntu-latest | |
| needs: [docs-style] | |
| steps: | |
| - name: Setup headless display | |
| uses: pyvista/setup-headless-display-action@v4 | |
| - name: "Run Ansys documentation building action" | |
| uses: ansys/actions/doc-build@v10 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| add-pdf-html-docs-as-assets: true | |
| smoke-tests: | |
| name: Build and Smoke tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ['3.10', '3.11', '3.12', '3.13'] | |
| should-release: | |
| - ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags') }} | |
| exclude: | |
| - should-release: false | |
| os: macos-latest | |
| steps: | |
| - name: Build wheelhouse and perform smoke test | |
| uses: ansys/actions/build-wheelhouse@v10 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| operating-system: ${{ matrix.os }} | |
| python-version: ${{ matrix.python-version }} | |
| whitelist-license-check: "attrs" # This has MIT license but fails the check | |
| testing: | |
| name: Run Unit Tests | |
| needs: [ smoke-tests ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Restore images cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: tests/graphics/image_cache | |
| key: pyvista-image-cache-${{ runner.os }}-v-${{ env.RESET_IMAGE_CACHE }}-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: pyvista-image-cache-${{ runner.os }}-v-${{ env.RESET_IMAGE_CACHE }} | |
| - name: "Run pytest" | |
| uses: ansys/actions/tests-pytest@v10 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| requires-xvfb: true | |
| - name: Upload PyVista generated images (cache and results) | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pytest-pyvista-images-${{ runner.os }} | |
| path: tests/graphics/image_cache | |
| retention-days: 7 | |
| - uses: codecov/codecov-action@v5 | |
| name: 'Upload coverage to CodeCov' | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| package: | |
| name: Package library | |
| needs: [docs-build, testing] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Build library source and wheel artifacts | |
| uses: ansys/actions/build-library@v10 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| upload_dev_docs: | |
| name: Upload dev documentation | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: [package] | |
| steps: | |
| - name: Deploy the latest documentation | |
| uses: ansys/actions/doc-deploy-dev@v10 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} | |
| release: | |
| name: Release project | |
| if: ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags') }} | |
| needs: [package] | |
| runs-on: ubuntu-latest | |
| environment: release | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: "Download the library artifacts from build-library step" | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: ${{ env.PACKAGE_NAME }}-artifacts | |
| path: ${{ env.PACKAGE_NAME }}-artifacts | |
| - name: "Upload artifacts to PyPI using trusted publisher" | |
| uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 | |
| with: | |
| repository-url: "https://upload.pypi.org/legacy/" | |
| print-hash: true | |
| packages-dir: ${{ env.PACKAGE_NAME }}-artifacts | |
| skip-existing: false | |
| - name: Release to GitHub | |
| uses: ansys/actions/release-github@v10 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| upload_docs_release: | |
| name: Upload release documentation | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| steps: | |
| - name: Deploy the stable documentation | |
| uses: ansys/actions/doc-deploy-stable@v10 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} |