mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
051cbda20a
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python).
Updates `actions/setup-python` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](0b93645e9f...42375524e2)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
113 lines
3.6 KiB
YAML
113 lines
3.6 KiB
YAML
name: CD
|
|
concurrency: cd
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
test:
|
|
uses: ./.github/workflows/_test.yml
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.workflow_run.head_branch }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install build dependency
|
|
run: python3 -m pip install --constraint requirements/build.txt build
|
|
|
|
- name: Build binary wheel, source tarball and changelog
|
|
run: |
|
|
PIP_CONSTRAINT=requirements/build.txt python3 -m build --sdist --wheel --outdir dist/ .
|
|
awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
|
|
|
|
- name: Store build artifacts
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
name: build-artifacts
|
|
path: |
|
|
dist
|
|
changelog
|
|
|
|
candidate_release:
|
|
name: Release candidate on Github for review
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
outputs:
|
|
release_id: ${{ steps.gh-release.outputs.result }}
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- id: gh-release
|
|
name: Publish GitHub release draft
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
with:
|
|
script: |
|
|
fs = require('fs')
|
|
res = await github.rest.repos.createRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: '${{ github.ref_name }}-rc',
|
|
tag_name: '${{ github.ref }}',
|
|
body: fs.readFileSync('changelog', 'utf8'),
|
|
});
|
|
|
|
fs.readdirSync('dist/').forEach(file => {
|
|
github.rest.repos.uploadReleaseAsset({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: res.data.id,
|
|
name: file,
|
|
data: fs.readFileSync('dist/' + file),
|
|
});
|
|
});
|
|
return res.data.id
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: candidate_release
|
|
environment: release
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
id-token: write # to authenticate as Trusted Publisher to pypi.org
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- name: Publish binary wheel and source tarball on PyPI
|
|
# Only attempt pypi upload in upstream repository
|
|
if: github.repository == 'theupdateframework/python-tuf'
|
|
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
|
|
|
|
- name: Finalize GitHub release
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
with:
|
|
script: |
|
|
github.rest.repos.updateRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: '${{ needs.candidate_release.outputs.release_id }}',
|
|
name: '${{ github.ref_name }}',
|
|
})
|