fix: enable github workflows

Signed-off-by: Phil Adams <[email protected]>

Author: padamstx

.github/workflows/build.yaml

@@ -0,0 +1,91 @@
+# This workflow will build and unit test the project.
+# If the workflow is running on the "main" branch, then
+# semantic-release is also run to create a new release (if
+# warranted by the new commits being built).
+
+name: Build/Test
+
+on: 
+  push:
+    branches: ['**']
+  pull_request:
+    branches: ['**']
+  workflow_dispatch:
+    # Allow workflow to be triggered manually.
+
+jobs:
+  detect-secrets:
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    name: Detect-Secrets
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.13
+
+      - name: Install detect-secrets
+        run: |
+          pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
+
+      - name: Run detect-secrets
+        run: |
+          detect-secrets scan --update .secrets.baseline
+          detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline
+
+  build:
+    needs: detect-secrets
+    name: Build/Test (Python ${{ matrix.python-version }})
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.9', '3.13']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Build & Test
+        run: make ci
+
+  create-release:
+    needs: build
+    name: Semantic-Release
+    if: "github.ref_name == 'main' && github.event_name != 'pull_request'"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.13
+
+      - name: Install Publishing Tools
+        run: |
+          pip install bump-my-version
+          npm install
+
+      - name: Run semantic-release
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: npm run semantic-release

.github/workflows/publish.yaml

@@ -0,0 +1,34 @@
+# This workflow is responsible for:
+# - publishing artifacts to Maven Central
+# - building and publishing javadocs to the git repository.
+# It is triggered when a new release is created.
+
+name: Publish
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+    # Allow this workflow to be triggered manually
+
+jobs:
+  publish:
+    name: Publish Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.13
+
+      - name: Build and publish distribution
+        env:
+          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+        run: |
+          make ci
+          make publish-release

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-10-10T16:00:10Z",
+  "generated_at": "2025-01-09T21:56:01Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -346,23 +346,23 @@
         "hashed_secret": "4080eeeaf54faf879b9e8d99c49a8503f7e855bb",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 17,
+        "line_number": 37,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "37e94c31b6a756ba2afd2fe9a9765172cd79ac47",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 102,
+        "line_number": 110,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "da2f27d2c57a0e1ed2dc3a34b4ef02faf2f7a4c2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 123,
+        "line_number": 131,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
@@ -372,15 +372,15 @@
         "hashed_secret": "da2f27d2c57a0e1ed2dc3a34b4ef02faf2f7a4c2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 62,
+        "line_number": 63,
         "type": "Hex High Entropy String",
         "verified_result": null
       },
       {
         "hashed_secret": "37e94c31b6a756ba2afd2fe9a9765172cd79ac47",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 205,
+        "line_number": 206,
         "type": "Secret Keyword",
         "verified_result": null
       }

Makefile

@@ -12,7 +12,7 @@ all: upgrade-pip setup test-unit lint
 
 ci: all
 
-publish-release: build-dist publish-dist
+publish-release: publish-deps build-dist publish-dist
 
 upgrade-pip:
 	${PYTHON} -m pip install --upgrade pip
@@ -23,6 +23,10 @@ deps:
 dev-deps:
 	${PYTHON} -m pip install .[dev]
 
+detect-secrets:
+	detect-secrets scan --update .secrets.baseline
+	detect-secrets audit .secrets.baseline
+
 publish-deps:
 	${PYTHON} -m pip install .[publish]