Fix read permissions #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| jobs: | |
| deploy: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/starlette-compress | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixpkgs-23.11-darwin | |
| - name: Extract nixpkgs hash | |
| run: | | |
| nixpkgs_hash=$(grep -o -P '(?<=archive/)[0-9a-f]{40}(?=\.tar\.gz)' shell.nix) | |
| echo "NIXPKGS_HASH=$nixpkgs_hash" >> $GITHUB_ENV | |
| - name: Cache Nix store | |
| uses: actions/cache@v4 | |
| id: nix-cache | |
| with: | |
| key: nix-${{ runner.os }}-${{ env.NIXPKGS_HASH }} | |
| path: /tmp/nix-cache | |
| - name: Import Nix store cache | |
| if: steps.nix-cache.outputs.cache-hit == 'true' | |
| run: | | |
| nix-store --import < /tmp/nix-cache | |
| - name: Cache Python packages | |
| uses: actions/cache@v4 | |
| with: | |
| key: python-${{ runner.os }}-${{ hashFiles('poetry.lock') }} | |
| path: .venv | |
| - name: Install dependencies | |
| run: | | |
| nix-shell --pure --run true | |
| - name: Export Nix store cache | |
| if: steps.nix-cache.outputs.cache-hit != 'true' | |
| run: | | |
| nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nix-cache | |
| - name: Run tests | |
| run: | | |
| nix-shell --pure --run run-tests | |
| - name: Build distribution | |
| run: | | |
| nix-shell --pure --run "poetry build" | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |