Version bump (#106) #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
# Only one release job at a time. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
# Triggered when a release is published.defaults: | |
# This happens when a draft (generated by release-drafter.yml) is published. | |
# | |
# This applies whether the published draft is marked "pre-release" or not. | |
# | |
# > NOTE: The prereleased type will not trigger for pre-releases published from | |
# > draft releases, but the published type will trigger. If you want a workflow | |
# > to run when stable and pre-releases publish, subscribe to published instead | |
# > of released and prereleased. | |
# > | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release | |
on: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
# Generally limited permissions. | |
# We'll request write permission when needed for deployment. | |
permissions: | |
contents: read | |
# Basic workflow from | |
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#configuring-trusted-publishing | |
jobs: | |
build-dewy: | |
name: Build dewy (and dewy-client) distribution 📦 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install poetry | |
uses: abatilo/actions-poetry@v2 | |
- name: Build dewy | |
run: | | |
poetry install --with=dev | |
poetry build | |
- name: Store the dewy distribution packages | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dewy-distributions | |
path: dist/ | |
- name: Build dewy-client | |
working-directory: dewy-client | |
run: | | |
poetry install | |
poetry build | |
- name: Store the dewy-client distribution packages | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dewy-client-distributions | |
path: dewy-client/dist/ | |
publish-dewy-to-pypi: | |
name: Publish dewy to pypi | |
# Only publish to PyPi on releases. | |
if: github.event_name == 'release' && github.event.action == 'published' | |
needs: build-dewy | |
runs-on: ubuntu-latest | |
environment: | |
# name: test-pypi | |
# url: https://test.pypi.org/p/dewy | |
name: prod-pypi | |
url: https://pypi.org/p/dewy | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download the dewy dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: dewy-distributions | |
path: dist/ | |
- name: Publish distribution 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# with: | |
# repository-url: https://test.pypi.org/legacy/ | |
publish-dewy-client-to-pypi: | |
name: Publish dewy-client to pypi | |
# Only publish to PyPi on releases. | |
if: github.event_name == 'release' && github.event.action == 'published' | |
needs: build-dewy | |
runs-on: ubuntu-latest | |
environment: | |
# name: test-pypi | |
# url: https://test.pypi.org/p/dewy-client | |
name: prod-pypi | |
url: https://pypi.org/p/dewy-client | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download the dewy-client dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: dewy-client-distributions | |
path: dewy-client/dist/ | |
- name: Publish distribution 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
packages-dir: dewy-client/dist | |
# repository-url: https://test.pypi.org/legacy/ | |
github-release: | |
name: Sign and finalize GitHub release | |
# Only publish on release. | |
if: github.event_name == 'release' && github.event.action == 'published' | |
needs: | |
- publish-dewy-to-pypi | |
- publish-dewy-client-to-pypi | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # IMPORTANT: mandatory for making GitHub Releases | |
id-token: write # IMPORTANT: mandatory for sigstore | |
steps: | |
- name: Download the dewy dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: dewy-distributions | |
path: dist/ | |
- name: Download the dewy-client dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: dewy-client-distributions | |
path: dewy-client/dist/ | |
- name: Sign the dewy and dewy-client dists with Sigstore | |
uses: sigstore/gh-action-sigstore-python@v1.2.3 | |
with: | |
inputs: >- | |
./dist/*.tar.gz | |
./dist/*.whl | |
./dewy-client/dist/*.tar.gz | |
./dewy-client/dist/*.whl | |
- name: Upload dewy artifact signatures to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Upload to GitHub Release using the `gh` CLI. | |
# `dist/` contains the built packages, and the | |
# sigstore-produced signatures and certificates. | |
run: >- | |
gh release upload | |
'${{ github.ref_name }}' dist/** | |
--repo '${{ github.repository }}' | |
- name: Upload dewy-client artifact signatures to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Upload to GitHub Release using the `gh` CLI. | |
# `dewy-client/dist/` contains the built packages, and the | |
# sigstore-produced signatures and certificates. | |
run: >- | |
gh release upload | |
'${{ github.ref_name }}' dewy-client/dist/** | |
--repo '${{ github.repository }}' | |
# We need to checkout the repository in order to edit the release. | |
- uses: actions/checkout@v4 | |
- name: Publish release | |
# TODO: Add --discussion-category "Announcements" to create a release discussion? | |
run: | | |
gh release edit ${{ github.ref_name }} \ | |
--draft=false --prerelease=false --latest | |
env: | |
GH_TOKEN: ${{ github.token }} |