Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
python-tuf/.github/workflows/cd.yml
Lukas Pühringer 3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0 
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00

117 lines
3.8 KiB
YAML
Raw Blame History

name: CD
concurrency: cd
on:
push:
tags:
- v*
permissions: {}
jobs:
test:
uses: ./.github/workflows/_test.yml
build:
name: Build
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout release tag
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
ref: ${{ github.event.workflow_run.head_branch }}
- name: Set up Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
with:
python-version: '3.x'
- name: Install build dependency
run: python3 -m pip install --constraint requirements/build.txt build
- name: Build binary wheel and source tarball
run: python3 -m build --sdist --wheel --outdir dist/ .
- name: Store build artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
# NOTE: The GitHub release page contains the release artifacts too, but using
# GitHub upload/download actions seems robuster: there is no need to compute
# download URLs and tampering with artifacts between jobs is more limited.
with:
name: build-artifacts
path: dist
candidate_release:
name: Release candidate on Github for review
runs-on: ubuntu-latest
needs: build
permissions:
contents: write # to modify GitHub releases
outputs:
release_id: ${{ steps.gh-release.outputs.result }}
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: build-artifacts
path: dist
- id: gh-release
name: Publish GitHub release draft
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
with:
script: |
fs = require('fs')
res = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
name: '${{ github.ref_name }}-rc',
tag_name: '${{ github.ref }}',
body: 'Release waiting for review...',
});
fs.readdirSync('dist/').forEach(file => {
github.rest.repos.uploadReleaseAsset({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: res.data.id,
name: file,
data: fs.readFileSync('dist/' + file),
});
});
return res.data.id
release:
name: Release
runs-on: ubuntu-latest
needs: candidate_release
environment: release
permissions:
contents: write # to modify GitHub releases
id-token: write # to authenticate as Trusted Publisher to pypi.org
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: build-artifacts
path: dist
- name: Publish binary wheel and source tarball on PyPI
# Only attempt pypi upload in upstream repository
if: github.repository == 'theupdateframework/python-tuf'
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8
- name: Finalize GitHub release
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: '${{ needs.candidate_release.outputs.release_id }}',
name: '${{ github.ref_name }}',
body: 'See [CHANGELOG.md](https://github.com/' +
context.repo.owner + '/' + context.repo.repo +
'/blob/${{ github.ref_name }}/docs/CHANGELOG.md) for details.'
})
Reference in a new issue View git blame Copy permalink