Merge pull request #3 from NRB-Tech/uv-switch #26

	name: Python Package

	on:
	push:
	branches: [ main ]
	tags:
	- 'v*'
	pull_request:
	branches: [ main ]

	jobs:
	test:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	python-version: ["3.12", "3.13"]

	steps:
	- uses: actions/checkout@v4
	- name: Install uv and set up python ${{ matrix.python-version }}
	uses: astral-sh/setup-uv@v5
	with:
	python-version: ${{ matrix.python-version }}
	enable-cache: true
	cache-dependency-glob: "uv.lock"
	- name: Install the project
	run: uv sync --only-group check
	- name: Lint
	run: make lint
	- name: Type check
	run: make typecheck
	- name: Test
	run: make test

	deploy:
	needs: test
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	environment: pypi
	permissions:
	id-token: write # IMPORTANT: this permission is required for trusted publishing

	steps:
	- uses: actions/checkout@v4
	- name: Set up uv
	uses: astral-sh/setup-uv@v5
	with:
	enable-cache: true
	cache-dependency-glob: "uv.lock"
	- name: Install the project
	run: uv sync --no-dev
	- name: Build package
	run: make build
	- name: Publish package
	uses: pypa/gh-action-pypi-publish@release/v1

	security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up uv
	uses: astral-sh/setup-uv@v5
	with:
	enable-cache: true
	cache-dependency-glob: "uv.lock"
	- name: Install the project
	run: uv sync --only-group security
	- name: Run Bandit security checks
	run: make bandit
	- name: Run Safety CLI to check for vulnerabilities
	uses: pyupio/safety-action@v1
	with:
	api-key: ${{ secrets.SAFETY_API_KEY }}

Provide feedback