Skip to content

release: πŸ”– version 0.4.3 #11

release: πŸ”– version 0.4.3

release: πŸ”– version 0.4.3 #11

Workflow file for this run

# This workflow is triggered on push to tags and runs the following steps:
# 1. Check and Build Distribution
# 2. Publish to TestPyPI
# 3. Publish to PyPI if the previous step is successful
# 4. Sign Distribution with Sigstore
# 5. Create GitHub Release with the signed distribution
name: πŸ“¦ CI Pipeline 2 -- Release
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
push:
tags:
- "*.*.*"
paths:
- "**"
- "!docs/**"
- "!examples/**"
env:
TERM: xterm
VENV_PATH: .venv
jobs:
# Wait for the testing pipeline to finish
wait-for-testing:
name: πŸ•’ Wait for Testing Pipeline
runs-on: ubuntu-latest
if: ${{ github.repository == 'crs4/rocrate-validator' }}
steps:
- name: Wait for testing pipeline to succeed
uses: fountainhead/[email protected]
id: wait-for-testing
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: βŒ› Run tests
ref: ${{ github.sha }}
- name: Do something with a passing build
if: steps.wait-for-testing.outputs.conclusion == 'success'
run: echo "Testing pipeline passed" && exit 0
- name: Do something with a failing build
if: steps.wait-for-testing.outputs.conclusion == 'failure'
run: echo "Testing pipeline failed" && exit 1
# Check and Build Distribution
build:
name: πŸ— Check and Build Distribution
runs-on: ubuntu-latest
needs: wait-for-testing
if: ${{ github.repository == 'crs4/rocrate-validator' }}
steps:
# Access the tag from the first workflow's outputs
- name: ⬇️ Checkout code
uses: actions/checkout@v4
- name: 🐍 Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: 🚧 Set up Python Environment
run: |
pip install --upgrade pip
pip install poetry
- name: πŸ“¦ Install Package Dependencies
run: poetry install --no-interaction --no-ansi
- name: βœ… Check version
run: |
if [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref_type }}" == "tag" ]; then
declared_version=$(poetry version -s)
echo "Checking tag '${{ github.ref }}' against package version $declared_version"
if [ "${{ github.ref }}" != "refs/tags/$declared_version" ]; then
echo "Tag '${{ github.ref }}' does not match the declared package version '$declared_version'"
exit 1
else
echo "Tag '${{ github.ref }}' matches the declared package version '$declared_version'"
fi
fi
- name: πŸ—οΈ Build a binary wheel and a source tarball
run: poetry build
- name: πŸ“¦ Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: |
dist/*.whl
dist/*.tar.gz
# Publish to TestPyPI
publish-to-testpypi:
name: πŸ“¦ Publish to TestPyPI
runs-on: ubuntu-latest
needs: build
environment:
name: testpypi
url: https://test.pypi.org/p/roc-validator
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: ⬇️ Download all the distribution packages
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: πŸ“¦ Publish distribution to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
# Publish to PyPI
publish-to-pypi:
name: πŸ“¦ Publish to PyPI
runs-on: ubuntu-latest
needs: [build, publish-to-testpypi]
environment:
name: pypi
url: https://pypi.org/p/roc-validator
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: ⬇️ Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: πŸ“¦ Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# Sign and Upload to GitHub Release
sign-packages:
name: πŸ–ŠοΈ Sign the Python distribution with Sigstore
needs: publish-to-pypi
runs-on: ubuntu-latest
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: ⬇️ Download all the distribution packages
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: πŸ–ŠοΈ Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: πŸ“¦ Store the signed distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-signatures
path: dist/*.sigstore
# Create GitHub Release
github_release:
name: πŸŽ‰ Release on GitHub
needs: sign-packages
runs-on: ubuntu-latest
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: ⬇️ Download all the distribution packages
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: ⬇️ Download all the distribution signatures
uses: actions/download-artifact@v4
with:
name: python-package-signatures
path: dist/
- name: πŸŽ‰ Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--generate-notes
- name: πŸ“¦ Upload artifacts to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'