refactor: optimize GitHub Actions workflows

1. Remove setup.yaml dependency
2. Add Python and uv setup steps to each workflow
3. Use github.token consistently
4. Update template workflows to match

Author: colyerdeng

.github/workflows/bump_version.yaml

@@ -22,26 +22,28 @@ permissions:
   pull-requests: write  # 用于创建 PR
 
 jobs:
-  setup:
-    uses: ./.github/workflows/setup.yaml
-    secrets: inherit
-
   bump-version:
     if: "!startsWith(github.event.head_commit.message, 'bump:')"
-    needs: setup
     runs-on: ubuntu-latest
     name: "Bump version and create changelog with commitizen"
     steps:
-      - name: Debug token (bump-version job)
-        run: |
-          echo "Token from setup job is set: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN != '' }}"
-
       - name: Check out
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           token: ${{ github.token }}
 
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Install dependencies
+        run: uv sync --extra=dev
+
       - id: cz
         name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master

.github/workflows/deploy_docs.yaml

@@ -10,21 +10,24 @@ permissions:
   contents: write  # 用于部署到 GitHub Pages
 
 jobs:
-  setup:
-    uses: ./.github/workflows/setup.yaml
-    with:
-      install-deps: docs
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    outputs:
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-
   deploy:
-    needs: setup
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Install dependencies
+        run: uv sync --extra=docs
+
       - name: Build and deploy documentation
-        run: uvx mkdocs gh-deploy --force
+        run: uv run mkdocs gh-deploy --force
         env:
-          GITHUB_TOKEN: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN || github.token }}
+          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/lint.yaml

@@ -13,36 +13,29 @@ permissions:
   pull-requests: write  # 用于在 PR 中添加评论
 
 jobs:
-  setup:
-    uses: ./.github/workflows/setup.yaml
-    with:
-      install-deps: dev
-      python-version: "3.12"  # 使用最新版本
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-
-  lint:
-    needs: setup
+  check:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Set up Python
+      - name: Setup Python
         uses: actions/setup-python@v5
         with:
           python-version: "3.12"
 
       - name: Install uv
         uses: astral-sh/setup-uv@v5
 
+      - name: Install dependencies
+        run: uv sync --extra=dev
+
       - name: Run lint checks
         id: lint
-        run: uv tool run nox -s lint
+        run: uvx nox -s lint
         continue-on-error: true
 
-      - name: Comment on PR
+      - name: Comment on PR (Lint)
         if: github.event_name == 'pull_request' && steps.lint.outcome == 'failure'
         uses: actions/github-script@v7
         with:
@@ -62,24 +55,9 @@ jobs:
         if: steps.lint.outcome == 'failure'
         run: exit 1
 
-  test-all:
-    needs: setup
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-
-      - name: Run tests on all Python versions
+      - name: Run tests
         id: test
-        run: uv tool run nox -s test_all
+        run: uvx nox -s test_all
         continue-on-error: true
 
       - name: Upload coverage reports
@@ -90,7 +68,7 @@ jobs:
           file: ./coverage.xml
           flags: unittests
 
-      - name: Comment on PR
+      - name: Comment on PR (Tests)
         if: github.event_name == 'pull_request' && steps.test.outcome == 'failure'
         uses: actions/github-script@v7
         with:

.github/workflows/release_build.yaml

@@ -1,4 +1,4 @@
-name: release_build
+name: release-build
 
 on:
   push:
@@ -16,40 +16,51 @@ permissions:
   id-token: write  # 用于发布到 PyPI
 
 jobs:
-  setup:
-    uses: ./.github/workflows/setup.yaml
-    with:
-      install-deps: dev
-      python-version: "3.12"
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    outputs:
-      personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-
-  build:
-    needs: setup
+  release-build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write  # 用于创建 GitHub Release
     steps:
-      - name: Run tests
-        run: uvx nox -s test_all
+      - uses: actions/checkout@v4
 
-      - name: Build package
-        run: uvx nox -s build
+      - name: Load secret
+        uses: 1password/load-secrets-action@v2
+        with:
+          export-env: true
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: op://shawndengdev/github_access_token/credential
+          PYPI_TOKEN: op://shawndengdev/pypi_token/credential
 
-      - name: Create Release
-        id: create_release
-        uses: softprops/action-gh-release@v2
+      - uses: actions/setup-python@v5
         with:
-          token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN || github.token }}
-          tag_name: ${{ github.event.inputs.version || github.ref_name }}
-          draft: false
-          prerelease: false
-          files: |
-            dist/*
+          python-version: "3.12"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: ">=0.4.0"
+
+      - name: Install dependencies
+        run: uv sync --extra dev
+
+      - name: Build and test
+        run: |
+          uvx nox -s lint
+          uvx nox -s test
+          uvx nox -s build
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        env:
+          UV_PUBLISH_TOKEN: ${{ env.PYPI_TOKEN }}
+        run: uv publish
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
         with:
-          packages-dir: dist/
-          repository-url: https://upload.pypi.org/legacy/
+          files: |
+            dist/*.tar.gz
+            dist/*.whl
+          generate_release_notes: true
+        env:
+          GITHUB_TOKEN: ${{ env.PERSONAL_ACCESS_TOKEN }}

repo_scaffold/templates/template-python/{{cookiecutter.project_slug}}/.github/workflows/bump_version.yaml

@@ -22,27 +22,33 @@ permissions:
   pull-requests: write  # 用于创建 PR
 
 jobs:
-  setup:
-    uses: ./.github/workflows/setup.yaml
-    secrets: inherit
-
   bump-version:
     if: "!startsWith(github.event.head_commit.message, 'bump:')"
-    needs: setup
     runs-on: ubuntu-latest
     name: "Bump version and create changelog with commitizen"
     steps:
       - name: Check out
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          token: ${{ github.token }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Install dependencies
+        run: uv sync --extra=dev
 
       - id: cz
         name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master
         with:
-          github_token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          github_token: ${{ github.token }}
           changelog_increment_filename: body.md
           increment: ${{ github.event.inputs.increment }}
 
@@ -52,4 +58,4 @@ jobs:
           body_path: body.md
           tag_name: ${{ env.REVISION }}
         env:
-          GITHUB_TOKEN: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}