Use hynek/build-and-inspect-python-package (#392)

Author: hugovk

.flake8

@@ -1,2 +1,2 @@
 [flake8]
-max_line_length = 88
+max-line-length = 88

.github/workflows/deploy.yml

@@ -2,49 +2,71 @@ name: Deploy
 
 on:
   push:
-    branches:
-      - main
+    branches: [main]
+    tags: ["*"]
+  pull_request:
+    branches: [main]
   release:
     types:
       - published
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
-  deploy:
-    if: github.repository_owner == 'hugovk'
+  # Always build & lint package.
+  build-package:
+    name: Build & verify package
     runs-on: ubuntu-latest
 
-    permissions:
-      # IMPORTANT: this permission is mandatory for OIDC publishing
-      id-token: write
-
     steps:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - name: Set up Python
-        uses: actions/setup-python@v4
+      - uses: hynek/build-and-inspect-python-package@v1
+
+  # Upload to Test PyPI on every commit on main.
+  release-test-pypi:
+    name: Publish in-dev package to test.pypi.org
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v3
         with:
-          python-version: "3.x"
-          cache: pip
-          cache-dependency-path: pyproject.toml
-
-      - name: Install dependencies
-        run: |
-          python -m pip install -U pip
-          python -m pip install -U build twine wheel
-
-      - name: Build package
-        run: |
-          python -m build
-          twine check --strict dist/*
-
-      - name: Publish package to PyPI
-        if: github.event.action == 'published'
-        uses: pypa/gh-action-pypi-publish@release/v1
+          name: Packages
+          path: dist
 
-      - name: Publish package to TestPyPI
+      - name: Upload package to Test PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
           repository-url: https://test.pypi.org/legacy/
+
+  # Upload to real PyPI on GitHub Releases.
+  release-pypi:
+    name: Publish released package to pypi.org
+    if: github.event.action == 'published'
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v3
+        with:
+          name: Packages
+          path: dist
+
+      - name: Upload package to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/lint.yml

@@ -2,6 +2,9 @@ name: Lint
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest

.github/workflows/require-pr-label.yml

@@ -8,6 +8,9 @@ jobs:
   label:
     runs-on: ubuntu-latest
 
+    permissions:
+      issues: write
+
     steps:
       - uses: mheap/github-action-required-labels@v4
         with:

.pre-commit-config.yaml

@@ -19,7 +19,8 @@ repos:
     rev: 6.0.0
     hooks:
       - id: flake8
-        additional_dependencies: [flake8-2020, flake8-implicit-str-concat]
+        additional_dependencies:
+          [flake8-2020, flake8-errmsg, flake8-implicit-str-concat]
 
   - repo: https://github.com/pre-commit/pygrep-hooks
     rev: v1.10.0
@@ -30,8 +31,9 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:
-      - id: check-json
+      - id: check-case-conflict
       - id: check-merge-conflict
+      - id: check-json
       - id: check-toml
       - id: check-yaml
       - id: end-of-file-fixer

src/pypistats/__init__.py

@@ -128,11 +128,12 @@ def pypi_stats_api(
 
     # Validate end date
     if end_date and end_date < first:
-        raise ValueError(
+        msg = (
             f"Requested end date ({end_date}) is before earliest available "
             f"data ({first}), because data is only available for 180 days. "
             "See https://pypistats.org/about#data"
         )
+        raise ValueError(msg)
 
     # Validate start date
     if start_date and start_date < first: