mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
2ca88cf8c4
Bumps the action-dependencies group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/github-script](https://github.com/actions/github-script) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](bbbca2ddaa...043fb46d1a) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](ed597411d8...3a2844b7e9) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](ed0c53931b...cef221092e) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
121 lines
No EOL
3.8 KiB
YAML
121 lines
No EOL
3.8 KiB
YAML
name: CD
|
|
concurrency: cd
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
test:
|
|
uses: ./.github/workflows/_test.yml
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
ref: ${{ github.event.workflow_run.head_branch }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install build dependency
|
|
run: python3 -m pip install --constraint requirements/build.txt build
|
|
|
|
- name: Build binary wheel, source tarball and changelog
|
|
run: |
|
|
python3 -m build --sdist --wheel --outdir dist/ .
|
|
awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
|
|
|
|
- name: Store build artifacts
|
|
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
|
with:
|
|
name: build-artifacts
|
|
path: |
|
|
dist
|
|
changelog
|
|
|
|
candidate_release:
|
|
name: Release candidate on Github for review
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
outputs:
|
|
release_id: ${{ steps.gh-release.outputs.result }}
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- id: gh-release
|
|
name: Publish GitHub release draft
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
with:
|
|
script: |
|
|
fs = require('fs')
|
|
res = await github.rest.repos.createRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: process.env.REF_NAME + '-rc',
|
|
tag_name: process.env.REF,
|
|
body: fs.readFileSync('changelog', 'utf8'),
|
|
});
|
|
|
|
fs.readdirSync('dist/').forEach(file => {
|
|
github.rest.repos.uploadReleaseAsset({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: res.data.id,
|
|
name: file,
|
|
data: fs.readFileSync('dist/' + file),
|
|
});
|
|
});
|
|
return res.data.id
|
|
env:
|
|
REF_NAME: ${{ github.ref_name }}
|
|
REF: ${{ github.ref }}
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: candidate_release
|
|
environment: release
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
id-token: write # to authenticate as Trusted Publisher to pypi.org
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- name: Publish binary wheel and source tarball on PyPI
|
|
# Only attempt pypi upload in upstream repository
|
|
if: github.repository == 'theupdateframework/python-tuf'
|
|
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
|
|
|
|
- name: Finalize GitHub release
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
with:
|
|
script: |
|
|
github.rest.repos.updateRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: process.env.RELEASE_ID,
|
|
name: process.env.REF_NAME,
|
|
})
|
|
|
|
env:
|
|
REF_NAME: ${{ github.ref_name }}
|
|
RELEASE_ID: ${{ needs.candidate_release.outputs.release_id }} |