diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b8f653a..cc46dc8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,16 @@ jobs: - '3.11' - '3.10' airflow-version: + # Latest release as of 2025-12-27 + # See: https://airflow.apache.org/docs/apache-airflow/stable/release_notes.html - '3.1.5' + # GCP Cloud Composer latest as of 2025-12-27 + # See: https://docs.cloud.google.com/composer/docs/composer-versions + # TODO: Uncomment once 'SUPERVISOR_COMMS' import bug is figured out + # This is fixed in later versions of Airflow. + # - '3.1.0' + # AWS MWAA latest as of 2025-12-27 + # See: https://docs.aws.amazon.com/mwaa/latest/userguide/airflow-versions.html - '3.0.6' dbt-version: - '1.11.2' @@ -46,7 +55,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@v2.10.4 + uses: step-security/harden-runner@v2.14.0 with: egress-policy: block allowed-endpoints: > @@ -55,6 +64,7 @@ jobs: hub.getdbt.com:443 github.com:80 github.com:443 + release-assets.githubusercontent.com:443 gitlab.com:22 gitlab.com:80 gitlab.com:443 @@ -74,16 +84,17 @@ jobs: sudo apt-get update sudo apt-get install --yes --no-install-recommends postgresql - - uses: actions/checkout@v4.2.2 + - name: Checkout + uses: actions/checkout@v6 + - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5.4.0 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - - name: Install uv and set the python version - uses: astral-sh/setup-uv@v5 + - name: Install uv + uses: astral-sh/setup-uv@v7 with: - version: 0.7.2 python-version: ${{ matrix.python-version }} - name: Install Airflow & dbt @@ -130,24 +141,27 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@v2.10.4 + uses: step-security/harden-runner@v2.14.0 with: egress-policy: block allowed-endpoints: > files.pythonhosted.org:443 github.com:443 + release-assets.githubusercontent.com:443 api.github.com:443 pypi.org:443 - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.4.0 + - name: Checkout + uses: actions/checkout@v6 + + - name: Set up Python '3.13' + uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.13' - - name: Install uv and set the python version - uses: astral-sh/setup-uv@v5 + - name: Install uv + uses: astral-sh/setup-uv@v7 with: - version: 0.7.2 python-version: ${{ matrix.python-version }} - name: Install airflow-dbt-python with uv @@ -190,3 +204,55 @@ jobs: minColorRange: 50 maxColorRange: 90 valColorRange: ${{ env.total }} + + release: + runs-on: ubuntu-latest + needs: test + if: github.ref_type == 'tag' + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2.14.0 + with: + egress-policy: audit + allowed-endpoints: > + files.pythonhosted.org:443 + github.com:443 + release-assets.githubusercontent.com:443 + api.github.com:443 + pypi.org:443 + + - name: Checkout + uses: actions/checkout@v6 + + - name: Set up Python '3.13' + uses: actions/setup-python@v6 + with: + python-version: '3.13' + + - name: Install uv + uses: astral-sh/setup-uv@v7 + with: + python-version: 3.13 + + - name: Install airflow-dbt-python with uv + run: uv sync --no-dev + + - name: Build airflow-dbt-python with uv + run: uv build + + - name: Set prerelease variable + run: echo "IS_PRERELEASE=$(if $(uv version --short | grep -qP '^[0-9]+\.[0-9]+\.[0-9]+$'); then echo 'false'; else echo 'true'; fi)" >> $GITHUB_ENV + + - name: Set release git tag + run: echo "RELEASE_TAG=${{ github.ref_name }}" >> $GITHUB_ENV + + - name: Check tag matches package version + run: if [[ "$(uv version --short)" == ${RELEASE_TAG/v/} ]]; then exit 0; else exit 1; fi + + - name: Release new tag + uses: softprops/action-gh-release@v1 + with: + prerelease: ${{ fromJSON(env.IS_PRERELEASE) }} + token: ${{ secrets.GH_DEPLOY_TOKEN }} + files: | + dist/* diff --git a/.github/workflows/docs_pages.yaml b/.github/workflows/docs_pages.yaml index 5773bd2..bea1ffc 100644 --- a/.github/workflows/docs_pages.yaml +++ b/.github/workflows/docs_pages.yaml @@ -8,29 +8,39 @@ jobs: build-docs: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@master - with: - fetch-depth: 0 + - name: Harden Runner + uses: step-security/harden-runner@v2.14.0 + with: + egress-policy: audit + allowed-endpoints: > + files.pythonhosted.org:443 + github.com:443 + release-assets.githubusercontent.com:443 + api.github.com:443 + pypi.org:443 - - name: Set up Python '3.12' - uses: actions/setup-python@v5.4.0 - with: - python-version: '3.12' + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 - - name: Install uv and set the python version - uses: astral-sh/setup-uv@v5 - with: - version: 0.7.2 - python-version: ${{ matrix.python-version }} + - name: Set up Python '3.13' + uses: actions/setup-python@v6 + with: + python-version: '3.13' - - name: Install airflow-dbt-python with uv - run: uv sync --all-extras --group docs + - name: Install uv + uses: astral-sh/setup-uv@v7 + with: + python-version: ${{ matrix.python-version }} - - name: Install Graphviz - run: sudo apt-get install graphviz + - name: Install airflow-dbt-python with uv + run: uv sync --all-extras --group docs - - name: Build documentation - run: | - cd docs/ - uv run python -m sphinx -T -b dirhtml -d _build/doctrees . html + - name: Install Graphviz + run: sudo apt-get install graphviz + + - name: Build documentation + run: | + cd docs/ + uv run python -m sphinx -T -b dirhtml -d _build/doctrees . html diff --git a/.github/workflows/pypi_deploy.yaml b/.github/workflows/pypi_deploy.yaml index 0f745f6..cba65ad 100644 --- a/.github/workflows/pypi_deploy.yaml +++ b/.github/workflows/pypi_deploy.yaml @@ -7,15 +7,25 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.4.0 + - name: Harden Runner + uses: step-security/harden-runner@v2.14.0 + with: + egress-policy: audit + allowed-endpoints: > + files.pythonhosted.org:443 + github.com:443 + release-assets.githubusercontent.com:443 + api.github.com:443 + pypi.org:443 + + - uses: actions/checkout@v6 + - uses: actions/setup-python@v6 with: python-version: '3.13' - name: Install uv and set the python version - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@v7 with: - version: 0.7.2 python-version: 3.13 - name: Install airflow-dbt-python with uv diff --git a/.github/workflows/tagged_release.yml b/.github/workflows/tagged_release.yml deleted file mode 100644 index 2202250..0000000 --- a/.github/workflows/tagged_release.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Tagged release - -on: - push: - tags: - - "v*" - -jobs: - gh_tagged_release: - runs-on: ubuntu-latest - steps: - - name: Wait for CI - uses: fountainhead/action-wait-for-check@v1.2.0 - id: wait-for-ci - with: - token: ${{ secrets.GH_DEPLOY_TOKEN }} - checkName: CI - # Wait for one hour - timeoutSeconds: 3600 - intervalSeconds: 60 - - - name: Fail if CI failed - if: steps.wait-for-ci.outputs.conclusion != 'success' - run: | - echo "CI failed or didn't complete in time" - exit 1 - - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.4.0 - with: - python-version: '3.12' - - - name: Install uv and set the python version - uses: astral-sh/setup-uv@v5 - with: - version: 0.7.2 - python-version: 3.12 - - - name: Install airflow-dbt-python with uv - run: uv sync --no-dev - - - name: Build airflow-dbt-python with uv - run: uv build - - - name: Set prerelease variable - run: echo "IS_PRERELEASE=$(if $(uv version --short | grep -qP '^[0-9]+\.[0-9]+\.[0-9]+$'); then echo 'false'; else echo 'true'; fi)" >> $GITHUB_ENV - - - name: Set release git tag - run: echo "RELEASE_TAG=${{ github.ref_name }}" >> $GITHUB_ENV - - - name: Check tag matches package version - run: if [[ "$(uv version --short)" == ${RELEASE_TAG/v/} ]]; then exit 0; else exit 1; fi - - - name: Release new tag - uses: softprops/action-gh-release@v1 - with: - prerelease: ${{ fromJSON(env.IS_PRERELEASE) }} - token: ${{ secrets.GH_DEPLOY_TOKEN }} - files: | - dist/*