.github/workflows/main.yml

name: Build, Test, and Publish
on:
  # Run this workflow everytime a push is made to main
  # to release a pre-release version of the package.
  push:
    branches:
      - main

  # Run this workflow everytime a pull request is opened to main
  # to test the changes.
  pull_request:
    branches:
      - main

  # Run this workflow every time a new release is created
  release:
    types: [published]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  deploy:
    name: Build and deploy PyPi package
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2

    # Set up Python 3.x
    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: '3.x'

    # Install dependencies
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install build

    # Get the version of the package
    - name: Package Version
      id: package-version
      uses: paulhatch/semantic-version@v5.4.0
      with:
        major_pattern: "(MAJOR)"
        minor_pattern: "(MINOR)"

    # Export the version as an environment variable and also export 
    # the current release vs prerelease state as an environment variable.
    # This is determined if the event_name is release or not. Finally
    # build the package.
    - name: Build package
      if: github.event_name != 'pull_request'
      run: |
        export MAJOR=${{ steps.package-version.outputs.major }}
        export MINOR=${{ steps.package-version.outputs.minor }}
        export PATCH=${{ steps.package-version.outputs.patch }}

        if [ "${{ github.event_name }}" == "release" ]; then
          export RELEASE="true"
        else
          export RELEASE="false"
        fi

        echo "Building version $MAJOR.$MINOR.$PATCH"
        python -m build
    
    # Load the secret from 1Password
    - name: Load secret
      id: op-load-secret
      uses: 1password/load-secrets-action@v2
      if: github.event_name != 'pull_request'
      with:
        export-env: false
      env:
        OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
        SECRET: op://development/msmp5ffdzke4oke7o627ufud6e/credential

    # Publish the package to PyPi if a release is created
    - name: Publish package
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      if: github.event_name != 'pull_request'
      with:
        user: __token__
        password: ${{ steps.op-load-secret.outputs.SECRET }}