-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ci: Initial release workflows These are currently configured to publish `dewy` and `dewy-client`.
- Loading branch information
1 parent
352a43c
commit e801510
Showing
5 changed files
with
199 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
name: Release | ||
|
||
# Only one release job at a time. | ||
concurrency: | ||
group: ${{ github.workflow }} | ||
cancel-in-progress: true | ||
|
||
# Triggered when a release is published.defaults: | ||
# This happens when a draft (generated by release-drafter.yml) is published. | ||
# | ||
# This applies whether the published draft is marked "pre-release" or not. | ||
# | ||
# > NOTE: The prereleased type will not trigger for pre-releases published from | ||
# > draft releases, but the published type will trigger. If you want a workflow | ||
# > to run when stable and pre-releases publish, subscribe to published instead | ||
# > of released and prereleased. | ||
# > | ||
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release | ||
on: | ||
push: | ||
branches: | ||
- main | ||
release: | ||
types: | ||
- published | ||
|
||
# Generally limited permissions. | ||
# We'll request write permission when needed for deployment. | ||
permissions: | ||
contents: read | ||
|
||
# Basic workflow from | ||
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#configuring-trusted-publishing | ||
jobs: | ||
build-dewy: | ||
name: Build dewy (and dewy-client) distribution 📦 | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Install Python | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: "3.11" | ||
- name: Install poetry | ||
uses: abatilo/actions-poetry@v2 | ||
- name: Build dewy | ||
run: | | ||
poetry install --with=dev | ||
poetry build | ||
- name: Store the dewy distribution packages | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: dewy-distributions | ||
path: dist/ | ||
- name: Build dewy-client | ||
working-directory: dewy-client | ||
run: | | ||
poetry install | ||
poetry build | ||
- name: Store the dewy-client distribution packages | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: dewy-client-distributions | ||
path: dewy-client/dist/ | ||
|
||
publish-dewy-to-pypi: | ||
name: Publish dewy to pypi | ||
# Only publish to PyPi on releases. | ||
if: github.event_name == 'release' && github.event.action == 'published' | ||
needs: build-dewy | ||
runs-on: ubuntu-latest | ||
environment: | ||
# name: test-pypi | ||
# url: https://test.pypi.org/p/dewy | ||
name: prod-pypi | ||
url: https://pypi.org/p/dewy | ||
permissions: | ||
id-token: write # IMPORTANT: mandatory for trusted publishing | ||
|
||
steps: | ||
- name: Download the dewy dist | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: dewy-distributions | ||
path: dist/ | ||
- name: Publish distribution 📦 to PyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
# with: | ||
# repository-url: https://test.pypi.org/legacy/ | ||
|
||
publish-dewy-client-to-pypi: | ||
name: Publish dewy-client to pypi | ||
# Only publish to PyPi on releases. | ||
if: github.event_name == 'release' && github.event.action == 'published' | ||
needs: build-dewy | ||
runs-on: ubuntu-latest | ||
environment: | ||
# name: test-pypi | ||
# url: https://test.pypi.org/p/dewy-client | ||
name: prod-pypi | ||
url: https://pypi.org/p/dewy-client | ||
permissions: | ||
id-token: write # IMPORTANT: mandatory for trusted publishing | ||
|
||
steps: | ||
- name: Download the dewy-client dist | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: dewy-client-distributions | ||
path: dewy-client/dist/ | ||
- name: Publish distribution 📦 to PyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
with: | ||
packages-dir: dewy-client/dist | ||
# repository-url: https://test.pypi.org/legacy/ | ||
|
||
github-release: | ||
name: Sign and finalize GitHub release | ||
# Only publish on release. | ||
if: github.event_name == 'release' && github.event.action == 'published' | ||
needs: | ||
- publish-dewy-to-pypi | ||
- publish-dewy-client-to-pypi | ||
runs-on: ubuntu-latest | ||
|
||
permissions: | ||
contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
id-token: write # IMPORTANT: mandatory for sigstore | ||
|
||
steps: | ||
- name: Download the dewy dist | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: dewy-distributions | ||
path: dist/ | ||
- name: Download the dewy-client dist | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: dewy-client-distributions | ||
path: dewy-client/dist/ | ||
- name: Sign the dewy and dewy-client dists with Sigstore | ||
uses: sigstore/gh-action-sigstore-python@v1.2.3 | ||
with: | ||
inputs: >- | ||
./dist/*.tar.gz | ||
./dist/*.whl | ||
./dewy-client/dist/*.tar.gz | ||
./dewy-client/dist/*.whl | ||
- name: Upload dewy artifact signatures to GitHub Release | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
# Upload to GitHub Release using the `gh` CLI. | ||
# `dist/` contains the built packages, and the | ||
# sigstore-produced signatures and certificates. | ||
run: >- | ||
gh release upload | ||
'${{ github.ref_name }}' dist/** | ||
--repo '${{ github.repository }}' | ||
- name: Upload dewy-client artifact signatures to GitHub Release | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
# Upload to GitHub Release using the `gh` CLI. | ||
# `dewy-client/dist/` contains the built packages, and the | ||
# sigstore-produced signatures and certificates. | ||
run: >- | ||
gh release upload | ||
'${{ github.ref_name }}' dewy-client/dist/** | ||
--repo '${{ github.repository }}' | ||
- name: Publish release | ||
# TODO: Add --discussion-category "Announcements" to create a release discussion? | ||
run: | | ||
gh release edit ${{ github.ref_name }} \ | ||
--draft=false --latest | ||
env: | ||
GH_TOKEN: ${{ github.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
.ruff_cache | ||
__pycache__ | ||
.env | ||
.vscode/ | ||
.vscode/ | ||
/dist | ||
/dewy-client/dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters