iam-policy-validator 1.0.2__tar.gz → 1.0.4__tar.gz

{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.4}/.github/workflows/ci.yml

@@ -13,17 +13,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
         with:
           python-version: "3.12"
 
       - name: Install uv
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
+        uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
+        with:
+          enable-cache: true
 
       - name: Install dependencies
         run: uv sync --all-extras
@@ -34,30 +34,6 @@ jobs:
       - name: Run Ruff formatter check
         run: uv run ruff format --check .
 
-  # Temporarily disabled - will re-enable when type annotations are complete
-  # type-check:
-  #   name: Type Check with mypy
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout code
-  #       uses: actions/checkout@v5
-
-  #     - name: Set up Python
-  #       uses: actions/setup-python@v6
-  #       with:
-  #         python-version: "3.12"
-
-  #     - name: Install uv
-  #       run: |
-  #         curl -LsSf https://astral.sh/uv/install.sh | sh
-  #         echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-  #     - name: Install dependencies
-  #       run: uv sync --all-extras
-
-  #     - name: Run mypy
-  #       run: uv run mypy iam_validator/
-
   test:
     name: Test (Python ${{ matrix.python-version }})
     runs-on: ubuntu-latest
@@ -67,17 +43,17 @@ jobs:
         python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Install uv
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
+        uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
+        with:
+          enable-cache: true
 
       - name: Install dependencies
         run: uv sync --all-extras
@@ -91,17 +67,17 @@ jobs:
     needs: [lint, test]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
         with:
           python-version: "3.12"
 
       - name: Install uv
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
+        uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
+        with:
+          enable-cache: true
 
       - name: Install dependencies
         run: uv sync
@@ -109,30 +85,23 @@ jobs:
       - name: Build package
         run: uv build
 
-      - name: Upload build artifacts
-        uses: actions/upload-artifact@v5
-        with:
-          name: dist-packages
-          path: dist/
-          retention-days: 7
-
   integration-test:
     name: Integration Test (Self-Test)
     runs-on: ubuntu-latest
     needs: [lint, test]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
         with:
           python-version: "3.12"
 
       - name: Install uv
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
+        uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
+        with:
+          enable-cache: true
 
       - name: Install dependencies
         run: uv sync

{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.4}/.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: Release
 on:
   push:
     tags:
-      - "v*.*.*" # Triggers on version tags like v0.1.0, v1.2.3, etc.
+      - "v*.*.*"
 
 permissions:
   contents: write
@@ -17,17 +17,17 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         with:
           fetch-depth: 0 # Full history for changelog generation
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
         with:
           python-version: "3.12"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
         with:
           enable-cache: true
 
@@ -66,9 +66,9 @@ jobs:
           echo "Generated changelog with $COMMIT_COUNT commits"
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2
         with:
-          name: Release ${{ steps.get_version.outputs.tag }}
+          name: ${{ steps.get_version.outputs.tag }}
           body_path: CHANGELOG.txt
           files: |
             dist/*.whl
@@ -88,6 +88,56 @@ jobs:
         env:
           UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
 
+      - name: Create Release Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.get_version.outputs.version }}"
+          TAG="${{ steps.get_version.outputs.tag }}"
+          IS_PRERELEASE="${{ contains(steps.get_version.outputs.version, 'rc') || contains(steps.get_version.outputs.version, 'beta') || contains(steps.get_version.outputs.version, 'alpha') }}"
+
+          # Extract major and minor versions
+          MAJOR=$(echo "$VERSION" | cut -d. -f1)
+          MINOR=$(echo "$VERSION" | cut -d. -f1-2)
+
+          cat >> $GITHUB_STEP_SUMMARY << EOF
+          # 🚀 Release Summary
+
+          ## 📦 Package Information
+          - **Package**: \`iam-policy-validator\`
+          - **Version**: \`$VERSION\`
+          - **Tag**: \`$TAG\`
+
+          ## 📋 What Was Published
+
+          ### GitHub Release
+          - ✅ Created release: [$TAG](https://github.com/${{ github.repository }}/releases/tag/$TAG)
+          - 📄 Changelog generated from commits
+          - 📦 Artifacts attached: wheel + source distribution
+
+          ### PyPI
+          $(if [ "$IS_PRERELEASE" = "false" ]; then echo "- ✅ Published to [PyPI](https://pypi.org/project/iam-policy-validator/)"; else echo "- ⏭️ Skipped (pre-release version)"; fi)
+
+          ### Version Tags
+          - 🏷️ Major tag: \`v$MAJOR\`
+          - 🏷️ Minor tag: \`v$MINOR\`
+          - 🏷️ Full tag: \`v$VERSION\`
+
+          ## 🔗 Quick Links
+          - [📦 PyPI Package](https://pypi.org/project/iam-policy-validator/)
+          - [📚 GitHub Release](https://github.com/${{ github.repository }}/releases/tag/$TAG)
+          - [📖 Repository](https://github.com/${{ github.repository }})
+
+          ## 📥 Installation
+          \`\`\`bash
+          pip install iam-policy-validator==$VERSION
+          \`\`\`
+
+          or use the latest:
+          \`\`\`bash
+          pip install iam-policy-validator
+          \`\`\`
+          EOF
+
   update-action-versions:
     name: Update Major/Minor Tag References
     runs-on: ubuntu-latest
@@ -95,7 +145,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Configure Git
         run: |
@@ -108,12 +158,13 @@ jobs:
           MAJOR=$(echo $VERSION | cut -d. -f1)
           MINOR=$(echo $VERSION | cut -d. -f1-2)
 
-          # Update vX tag (e.g., v1)
+          # Update vX tag (e.g., v1) - annotated (unsigned by bot)
           git tag -fa "v$MAJOR" -m "Update v$MAJOR to $VERSION"
           git push origin "v$MAJOR" --force
 
-          # Update vX.Y tag (e.g., v1.2)
-          git tag -fa "v$MINOR" -m "Update v$MINOR to $VERSION"
+          # Update vX.Y tag (e.g., v1.2) - annotated (unsigned by bot)
+          git tag -fa "v$MINOR" -m "Updated v$MINOR to $VERSION"
           git push origin "v$MINOR" --force
 
-          echo "Updated tags: v$MAJOR and v$MINOR to point to $VERSION"
+          echo "✅ Updated tags: v$MAJOR and v$MINOR to point to $VERSION"
+          echo "ℹ️  Note: Automated tags are annotated but not signed by the bot."