Tox

Merge pull request #15 from nipreps/dependabot/github_actions/actions… #124

	name: Tox

	on:
	push:
	branches:
	- main
	- maint/*
	tags:
	- '*'
	pull_request:
	branches:
	- main
	- maint/*
	schedule:
	- cron: '0 0 * * MON'

	defaults:
	run:
	shell: bash

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	build:
	name: Build & verify package
	runs-on: ubuntu-latest

	permissions:
	attestations: write
	id-token: write

	steps:
	- uses: actions/checkout@v6
	with:
	fetch-depth: 0

	- uses: hynek/build-and-inspect-python-package@v2
	with:
	attest-build-provenance-github: ${{ github.event_name != 'pull_request' }}

	test:
	runs-on: ${{ matrix.os }}
	needs: [build]
	strategy:
	matrix:
	os: ['ubuntu-latest', 'macos-latest', 'windows-latest']
	steps:
	- name: Download packages
	uses: actions/download-artifact@v6
	with:
	name: Packages
	path: dist/
	- name: Unpack sdist
	run: tar xf dist/*.tar.gz --strip-components=1
	- uses: astral-sh/setup-uv@v7
	- name: Install Tox
	run: uv tool install -p 3.13 --with=tox-uv tox
	- name: Test
	run: tox --parallel-no-spinner

	- uses: codecov/codecov-action@v5
	if: ${{ always() }}
	with:
	token: ${{ secrets.CODECOV_TOKEN }}

	publish:
	runs-on: ubuntu-latest
	needs: [test]
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
	permissions:
	id-token: write
	steps:
	- name: Download packages
	uses: actions/download-artifact@v6
	with:
	name: Packages
	path: dist/
	- uses: pypa/gh-action-pypi-publish@release/v1

Provide feedback