release: π version 0.2.1 #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is triggered on push to tags and runs the following steps: | |
| # 1. Check and Build Distribution | |
| # 2. Publish to TestPyPI | |
| # 3. Publish to PyPI if the previous step is successful | |
| # 4. Sign Distribution with Sigstore | |
| # 5. Create GitHub Release with the signed distribution | |
| name: π¦ CI Pipeline 2 -- Release | |
| # Controls when the action will run. Triggers the workflow on push or pull request | |
| # events but only for the master branch | |
| on: | |
| push: | |
| tags: | |
| - "*.*.*" | |
| paths: | |
| - "**" | |
| - "!docs/**" | |
| - "!examples/**" | |
| env: | |
| TERM: xterm | |
| VENV_PATH: .venv | |
| jobs: | |
| # Wait for the testing pipeline to finish | |
| wait-for-testing: | |
| name: π Wait for Testing Pipeline | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository == 'crs4/rocrate-validator' }} | |
| steps: | |
| - name: Wait for testing pipeline to succeed | |
| uses: fountainhead/[email protected] | |
| id: wait-for-testing | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| checkName: β Run tests | |
| ref: ${{ github.sha }} | |
| - name: Do something with a passing build | |
| if: steps.wait-for-testing.outputs.conclusion == 'success' | |
| run: echo "Testing pipeline passed" && exit 0 | |
| - name: Do something with a failing build | |
| if: steps.wait-for-testing.outputs.conclusion == 'failure' | |
| run: echo "Testing pipeline failed" && exit 1 | |
| # Check and Build Distribution | |
| build: | |
| name: π Check and Build Distribution | |
| runs-on: ubuntu-latest | |
| needs: wait-for-testing | |
| if: ${{ github.repository == 'crs4/rocrate-validator' }} | |
| steps: | |
| # Access the tag from the first workflow's outputs | |
| - name: β¬οΈ Checkout code | |
| uses: actions/checkout@v4 | |
| - name: π Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| - name: π§ Set up Python Environment | |
| run: | | |
| pip install --upgrade pip | |
| pip install poetry | |
| - name: π¦ Install Package Dependencies | |
| run: poetry install --no-interaction --no-ansi | |
| - name: β Check version | |
| run: | | |
| if [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref_type }}" == "tag" ]; then | |
| declared_version=$(poetry version -s) | |
| echo "Checking tag '${{ github.ref }}' against package version $declared_version" | |
| if [ "${{ github.ref }}" != "refs/tags/$declared_version" ]; then | |
| echo "Tag '${{ github.ref }}' does not match the declared package version '$declared_version'" | |
| exit 1 | |
| else | |
| echo "Tag '${{ github.ref }}' matches the declared package version '$declared_version'" | |
| fi | |
| fi | |
| - name: ποΈ Build a binary wheel and a source tarball | |
| run: poetry build | |
| - name: π¦ Store the distribution packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: | | |
| dist/*.whl | |
| dist/*.tar.gz | |
| # Publish to TestPyPI | |
| publish-to-testpypi: | |
| name: π¦ Publish to TestPyPI | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/test-py-pipelines | |
| permissions: | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - name: β¬οΈ Download all the distribution packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: π¦ Publish distribution to TestPyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| # Publish to PyPI | |
| publish-to-pypi: | |
| name: π¦ Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [build, publish-to-testpypi] | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/test-py-pipelines | |
| permissions: | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - name: β¬οΈ Download all the dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: π¦ Publish distribution to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| # Sign and Upload to GitHub Release | |
| sign-packages: | |
| name: ποΈ Sign the Python distribution with Sigstore | |
| needs: publish-to-pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: β¬οΈ Download all the distribution packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: ποΈ Sign the dists with Sigstore | |
| uses: sigstore/[email protected] | |
| with: | |
| inputs: >- | |
| ./dist/*.tar.gz | |
| ./dist/*.whl | |
| - name: π¦ Store the signed distribution packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package-signatures | |
| path: dist/*.sigstore | |
| # Create GitHub Release | |
| github_release: | |
| name: π Release on GitHub | |
| needs: sign-packages | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: β¬οΈ Download all the distribution packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: β¬οΈ Download all the distribution signatures | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-signatures | |
| path: dist/ | |
| - name: π Create GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: >- | |
| gh release create | |
| '${{ github.ref_name }}' | |
| --repo '${{ github.repository }}' | |
| --generate-notes | |
| - name: π¦ Upload artifacts to GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # Upload to GitHub Release using the `gh` CLI. | |
| # `dist/` contains the built packages, and the | |
| # sigstore-produced signatures and certificates. | |
| run: >- | |
| gh release upload | |
| '${{ github.ref_name }}' dist/** | |
| --repo '${{ github.repository }}' |