mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
f86f656d3c
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](24cb908017...8f4b7f8486)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
119 lines
3.8 KiB
YAML
119 lines
3.8 KiB
YAML
name: CD
|
|
concurrency: cd
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
test:
|
|
uses: ./.github/workflows/_test.yml
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
|
|
with:
|
|
ref: ${{ github.event.workflow_run.head_branch }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install build dependency
|
|
run: python3 -m pip install --constraint requirements/build.txt build
|
|
|
|
- name: Build binary wheel and source tarball
|
|
run: python3 -m build --sdist --wheel --outdir dist/ .
|
|
|
|
- name: Store build artifacts
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
|
|
# NOTE: The GitHub release page contains the release artifacts too, but using
|
|
# GitHub upload/download actions seems robuster: there is no need to compute
|
|
# download URLs and tampering with artifacts between jobs is more limited.
|
|
with:
|
|
name: build-artifacts
|
|
path: dist
|
|
|
|
candidate_release:
|
|
name: Release candidate on Github for review
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
outputs:
|
|
release_id: ${{ steps.gh-release.outputs.result }}
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
|
|
with:
|
|
name: build-artifacts
|
|
path: dist
|
|
|
|
- id: gh-release
|
|
name: Publish GitHub release draft
|
|
uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
|
|
with:
|
|
script: |
|
|
fs = require('fs')
|
|
res = await github.rest.repos.createRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: '${{ github.ref_name }}',
|
|
tag_name: '${{ github.ref }}',
|
|
draft: true,
|
|
body: 'See [CHANGELOG.md](https://github.com/' +
|
|
context.repo.owner + '/' + context.repo.repo +
|
|
'/blob/${{ github.ref_name }}/docs/CHANGELOG.md) for details.'
|
|
});
|
|
|
|
fs.readdirSync('dist/').forEach(file => {
|
|
github.rest.repos.uploadReleaseAsset({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: res.data.id,
|
|
name: file,
|
|
data: fs.readFileSync('dist/' + file),
|
|
});
|
|
});
|
|
return res.data.id
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: candidate_release
|
|
environment: release
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
|
|
with:
|
|
name: build-artifacts
|
|
path: dist
|
|
|
|
- name: Publish binary wheel and source tarball on PyPI
|
|
# Only attempt pypi upload in upstream repository
|
|
if: github.repository == 'theupdateframework/python-tuf'
|
|
uses: pypa/gh-action-pypi-publish@48b317d84d5f59668bb13be49d1697e36b3ad009
|
|
with:
|
|
user: __token__
|
|
password: ${{ secrets.PYPI_API_TOKEN }}
|
|
|
|
- name: Finalize GitHub release
|
|
uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
|
|
with:
|
|
script: |
|
|
github.rest.repos.updateRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: '${{ needs.candidate_release.outputs.release_id }}',
|
|
draft: false,
|
|
})
|