Merge pull request #134 from ESSS/dependabot/github_actions/github-ac… #404

	name: build

	on:
	push:
	branches:
	- master
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"

	pull_request:

	jobs:
	build:

	runs-on: ${{ matrix.os }}

	strategy:
	fail-fast: false
	matrix:
	python: ["3.10", "3.11", "3.12", "3.13"]
	os: [ubuntu-latest, windows-latest]

	steps:
	- uses: actions/[email protected]
	- name: Set up Python
	uses: actions/[email protected]
	with:
	python-version: ${{ matrix.python }}
	- name: Install tox
	run: \|
	python -m pip install --upgrade pip
	pip install tox
	- name: Test
	run: \|
	tox -e py
	- name: Upload coverage reports to Codecov
	uses: codecov/[email protected]
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	fail_ci_if_error: true

	deploy:

	if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')

	runs-on: ubuntu-latest

	needs: build

	steps:
	- uses: actions/[email protected]
	- name: Set up Python
	uses: actions/[email protected]
	with:
	python-version: "3.x"
	- name: Install wheel
	run: \|
	python -m pip install --upgrade pip
	pip install build
	- name: Build package
	run: \|
	python -m build
	- name: Publish package to PyPI
	uses: pypa/[email protected]
	with:
	user: __token__
	password: ${{ secrets.pypi_token }}
	attestations: true
	- name: GitHub Release
	uses: softprops/[email protected]
	with:
	files: dist/*

	sonarcloud:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/[email protected]
	with:
	# Disabling shallow clone is recommended for improving relevancy of reporting
	fetch-depth: 0
	- name: SonarCloud Scan
	uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback