build_python.yml

name: build_python
# build for python, skip scala tests
on:
  push:
    branches:
      - "python/**"
permissions:
  contents: read
jobs:
  build:
    # Heavy: mvn install (skipping Scala tests) + GDAL native install + full pytest suite with PySpark and GDAL Python bindings.
    runs-on:
      group: larger-runners
      labels: larger
    # Checkout uses REPO_ACCESS_TOKEN (non-exempt secret), so gate behind the protected env.
    environment: runtime
    permissions:
      contents: read
      # Required by .github/actions/jfrog-auth: GitHub OIDC token exchange for pip/Maven via JFrog.
      id-token: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    strategy:
      matrix:
        python: [ 3.12.3 ]
        pytest: [8.4.2]
        numpy: [ 2.1.3 ]
        gdal: [ 3.11.4 ]
        spark: [ 4.0.0 ]
    steps:
      - name: checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
      - name: Create pip cache key file
        run: |
          echo "${{ github.ref }}-${{ matrix.python }}-${{ matrix.numpy }}-${{ matrix.spark }}-${{ matrix.gdal }}" > .ci-pip-cache-key
      - name: Cache apt packages
        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
        with:
          path: .cache/apt-archives
          key: apt-${{ runner.os }}-${{ hashFiles('.github/actions/scala_build/action.yml', '.github/actions/python_build/action.yml') }}
      - name: build scala with skipping tests
        uses: ./.github/actions/scala_build
        with:
          skip_tests: "true"
      - name: build python
        uses: ./.github/actions/python_build
      - name: upload artifacts
        uses: ./.github/actions/upload_artifacts