maint: Complete CICD

Author: AlejandroFernandezLuces

.github/workflows/cicd.yml

@@ -12,9 +12,44 @@ on:
 env:
     PACKAGE_NAME: ansys-tools-common
     MAIN_PYTHON_VERSION: 3.13
-    DOCUMENTATION_CNAME: bookish-adventure-16g5prl.pages.github.io
+    DOCUMENTATION_CNAME: tools.docs.pyansys.com
 
 jobs:
+
+    update-changelog:
+      name: "Update CHANGELOG (on release)"
+      if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
+      runs-on: ubuntu-latest
+      permissions:
+        contents: write
+        pull-requests: write
+      steps:
+        - uses: ansys/actions/doc-deploy-changelog@v10
+          with:
+            token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+            bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
+            bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
+
+    vulnerabilities:
+      name: Vulnerabilities
+      runs-on: ubuntu-latest
+      steps:
+        - name: PyAnsys Vulnerability check (on main)
+          if: github.ref == 'refs/heads/main'
+          uses: ansys/actions/check-vulnerabilities@v10
+          with:
+            python-version: ${{ env.MAIN_PYTHON_VERSION }}
+            python-package-name: ${{ env.PACKAGE_NAME }}
+            token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+
+        - name: PyAnsys Vulnerability check (on dev mode)
+          if: github.ref != 'refs/heads/main'
+          uses: ansys/actions/check-vulnerabilities@v10
+          with:
+            python-version: ${{ env.MAIN_PYTHON_VERSION }}
+            python-package-name: ${{ env.PACKAGE_NAME }}
+            token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+            dev-mode: true
     style:
         name: Code style
         runs-on: ubuntu-latest
@@ -96,16 +131,46 @@ jobs:
                 library-name: ${{ env.PACKAGE_NAME }}
                 python-version: ${{ env.MAIN_PYTHON_VERSION }}
 
-    upload_dev_docs:
-      name: Upload dev documentation
-      if: github.ref == 'refs/heads/main'
+    release:
+      name: Release project
+      if: ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags') }}
+      needs: [package]
       runs-on: ubuntu-latest
-      needs: [doc-build]
+      environment: release
+      permissions:
+        id-token: write
+        contents: write
       steps:
-        - name: Deploy the latest documentation
-          uses: ansys/actions/doc-deploy-dev@v10
+        - name: "Download the library artifacts from build-library step"
+          uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+          with:
+            name: ${{ env.PACKAGE_NAME }}-artifacts
+            path: ${{ env.PACKAGE_NAME }}-artifacts
+
+        - name: "Upload artifacts to PyPI using trusted publisher"
+          uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
+          with:
+            repository-url: "https://upload.pypi.org/legacy/"
+            print-hash: true
+            packages-dir: ${{ env.PACKAGE_NAME }}-artifacts
+            skip-existing: false
+
+        - name: Release to GitHub
+          uses: ansys/actions/release-github@v10
+          with:
+            token: ${{ secrets.GITHUB_TOKEN }}
+            library-name: ${{ env.PACKAGE_NAME }}
+
+    upload_docs_release:
+      name: Upload release documentation
+      if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
+      runs-on: ubuntu-latest
+      needs: [release]
+      steps:
+        - name: Deploy the stable documentation
+          uses: ansys/actions/doc-deploy-stable@v10
           with:
             cname: ${{ env.DOCUMENTATION_CNAME }}
             token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
             bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
-            bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
+            bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}