Update workflows

.github/CODEOWNERS

@@ -4,4 +4,4 @@
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence, these people will be requests a review
 # review when someone opens a pull request.
-*       @matt035343
+*       @SneaksAndData/or-scientists

.github/workflows/black.yaml

@@ -0,0 +1,57 @@
+name: Validate code format
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  validate_code:
+    name: Validate code format
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    if: ${{ github.ref != 'refs/heads/main' }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11.x'
+          architecture: 'x64'
+
+      - name: Import Secrets
+        uses: hashicorp/[email protected]
+        with:
+          url: https://hashicorp-vault.awsp.sneaksanddata.com/
+          role: github
+          method: jwt
+          secrets: |
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key ;
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key_id ;
+      - name: Setup AWS CA
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          aws_access_key: ${{ env.ACCESS_KEY }}
+          aws_access_key_id: ${{ env.ACCESS_KEY_ID }}
+          mode: read
+          aws_ca_domain: esd-code-artifact-production
+          aws_ca_domain_owner: 497010676583
+          aws_ca_repository: esd-artifacts
+        id: setup_aws_ca
+      - name: Install Poetry and dependencies
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          pypi_repo_url: ${{ steps.setup_aws_ca.outputs.url }}
+          pypi_token_username: ${{ steps.setup_aws_ca.outputs.user }}
+          pypi_token: ${{ steps.setup_aws_ca.outputs.token }}
+          install_extras: "all"
+      - name: Black
+        shell: bash
+        run: |
+          set -e
+          poetry run black . --check --diff

.github/workflows/deploy_pypi.yaml

@@ -0,0 +1,57 @@
+name: Release a new version
+
+on: workflow_dispatch
+jobs:
+  release_to_pypi:
+    name: Release distribution to PyPi
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11.x'
+          architecture: 'x64'
+      - name: Install Poetry
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+           pypi_repo_url: ${{ secrets.AZOPS_PYPI_REPO_URL }}
+           pypi_token_username: ${{ secrets.AZOPS_PAT_USER }}
+           pypi_token: ${{ secrets.AZOPS_PAT }}
+           install_extras: "all"
+           skip_dependencies: true
+      - name: Prepare version
+        run: |
+          set -e
+
+          version=$(git describe --tags --abbrev=7)
+          sed -i "s/version = \"0.0.0\"/version = \"${version:1}\"/" pyproject.toml
+          echo "__version__ = '${version:1}'" > ./anti_clustering/_version.py
+
+      - name: Configure Test PyPi
+        if: ${{ github.ref == 'refs/heads/main' }}
+        env:
+          PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_API_TOKEN }}
+        run: |
+          set -e
+
+          poetry config repositories.test-pypi https://test.pypi.org/legacy/
+          poetry config pypi-token.test-pypi $PYPI_TEST_TOKEN
+
+      - name: Publish distribution 📦 to test PyPI
+        if: ${{ github.ref == 'refs/heads/main' }}
+        run: |
+          set -e
+
+          poetry build && poetry publish -r test-pypi
+
+      - name: Publish distribution 📦 to PyPI
+        env:
+          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_API_TOKEN }}
+        if: ${{ startsWith(github.ref, 'refs/tags') }}
+        run: |
+          set -e
+
+          poetry build && poetry publish

.github/workflows/dev-release.yaml

@@ -0,0 +1,56 @@
+on: issue_comment
+
+jobs:
+  pr_commented:
+    # This job only runs for pull request comments
+    name: PR comment
+
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    runs-on: ubuntu-latest
+    if: ${{ github.event.issue.pull_request && github.event.comment.body == 'create_package' && github.event.issue.state == 'open' }}
+    steps:
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9.x'
+          architecture: 'x64'
+      - uses: actions/checkout@v3
+        with:
+          ref: refs/pull/${{github.event.issue.number}}/merge
+          fetch-depth: 0
+      - name: Import Secrets
+        uses: hashicorp/[email protected]
+        with:
+          url: https://hashicorp-vault.production.sneaksanddata.com/
+          role: github
+          method: jwt
+          secrets: |
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key ;
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key_id ;
+      - name: Setup AWS CA
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          aws_access_key: ${{ env.ACCESS_KEY }}
+          aws_access_key_id: ${{ env.ACCESS_KEY_ID }}
+          mode: publish
+          aws_ca_domain: esd-code-artifact-production
+          aws_ca_domain_owner: 497010676583
+          aws_ca_repository: esd-artifacts
+        id: setup_aws_ca
+      - name: Install Poetry and dependencies
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          pypi_repo_url: ${{ steps.setup_aws_ca.outputs.url }}
+          pypi_token_username: ${{ steps.setup_aws_ca.outputs.user }}
+          pypi_token: ${{ steps.setup_aws_ca.outputs.token }}
+          install_extras: all
+      - name: Create package
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          repo_url: ${{ steps.setup_aws_ca.outputs.url }}
+          repo_token_username: ${{ steps.setup_aws_ca.outputs.user }}
+          repo_token: ${{ steps.setup_aws_ca.outputs.token }}
+          package_name: anti_clustering

.github/workflows/pylint.yaml

@@ -0,0 +1,56 @@
+name: Validate code linting
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  validate_code:
+    name: Validate code linting
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    if: ${{ github.ref != 'refs/heads/main' }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11.x'
+          architecture: 'x64'
+
+      - name: Import Secrets
+        uses: hashicorp/[email protected]
+        with:
+          url: https://hashicorp-vault.awsp.sneaksanddata.com/
+          role: github
+          method: jwt
+          secrets: |
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key ;
+            /secret/data/common/package-publishing/aws-ca/production/artifact-user access_key_id ;
+      - name: Setup AWS CA
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          aws_access_key: ${{ env.ACCESS_KEY }}
+          aws_access_key_id: ${{ env.ACCESS_KEY_ID }}
+          mode: read
+          aws_ca_domain: esd-code-artifact-production
+          aws_ca_domain_owner: 497010676583
+          aws_ca_repository: esd-artifacts
+        id: setup_aws_ca
+      - name: Install Poetry and dependencies
+        uses: SneaksAndData/github-actions/[email protected]
+        with:
+          pypi_repo_url: ${{ steps.setup_aws_ca.outputs.url }}
+          pypi_token_username: ${{ steps.setup_aws_ca.outputs.user }}
+          pypi_token: ${{ steps.setup_aws_ca.outputs.token }}
+          install_extras: "all"
+      - name: Lint code
+        run: |
+          set -e
+          find ./anti_clustering -type f -name "*.py" | xargs poetry run pylint

.github/workflows/release.yaml

@@ -1,57 +1,18 @@
 name: Release a new version
 
 on: workflow_dispatch
+
 jobs:
-  release_to_pypi:
-    name: Release distribution to PyPi
+  create_release:
+    name: Create release
     runs-on: ubuntu-latest
+    if: ${{ github.ref == 'refs/heads/master' }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.11.x'
-          architecture: 'x64'
-      - name: Install Poetry
-        uses: SneaksAndData/github-actions/[email protected]
+      - uses: SneaksAndData/github-actions/[email protected]
         with:
-           pypi_repo_url: ${{ secrets.AZOPS_PYPI_REPO_URL }}
-           pypi_token_username: ${{ secrets.AZOPS_PAT_USER }}
-           pypi_token: ${{ secrets.AZOPS_PAT }}
-           install_extras: "all"
-           skip_dependencies: true
-      - name: Prepare version
-        run: |
-          set -e
-
-          version=$(git describe --tags --abbrev=7)
-          sed -i "s/version = \"0.0.0\"/version = \"${version:1}\"/" pyproject.toml
-          echo "__version__ = '${version:1}'" > ./anti_clustering/_version.py
-
-      - name: Configure Test PyPi
-        if: ${{ github.ref == 'refs/heads/main' }}
-        env:
-          PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_API_TOKEN }}
-        run: |
-          set -e
-
-          poetry config repositories.test-pypi https://test.pypi.org/legacy/
-          poetry config pypi-token.test-pypi $PYPI_TEST_TOKEN
-
-      - name: Publish distribution 📦 to test PyPI
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: |
-          set -e
-
-          poetry build && poetry publish -r test-pypi
-
-      - name: Publish distribution 📦 to PyPI
-        env:
-          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_API_TOKEN }}
-        if: ${{ startsWith(github.ref, 'refs/tags') }}
-        run: |
-          set -e
-
-          poetry build && poetry publish
+          major_v: 0
+          minor_v: 4