mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
d3d7c46483
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [actions/github-script](https://github.com/actions/github-script) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](a26af69be9...e797f83bcb) Updates `actions/github-script` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](60a0d83039...ed597411d8) Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](76f52bc884...ed0c53931b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
121 lines
No EOL
3.8 KiB
YAML
121 lines
No EOL
3.8 KiB
YAML
name: CD
|
|
concurrency: cd
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
test:
|
|
uses: ./.github/workflows/_test.yml
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
ref: ${{ github.event.workflow_run.head_branch }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install build dependency
|
|
run: python3 -m pip install --constraint requirements/build.txt build
|
|
|
|
- name: Build binary wheel, source tarball and changelog
|
|
run: |
|
|
python3 -m build --sdist --wheel --outdir dist/ .
|
|
awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
|
|
|
|
- name: Store build artifacts
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: build-artifacts
|
|
path: |
|
|
dist
|
|
changelog
|
|
|
|
candidate_release:
|
|
name: Release candidate on Github for review
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
outputs:
|
|
release_id: ${{ steps.gh-release.outputs.result }}
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- id: gh-release
|
|
name: Publish GitHub release draft
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
fs = require('fs')
|
|
res = await github.rest.repos.createRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: process.env.REF_NAME + '-rc',
|
|
tag_name: process.env.REF,
|
|
body: fs.readFileSync('changelog', 'utf8'),
|
|
});
|
|
|
|
fs.readdirSync('dist/').forEach(file => {
|
|
github.rest.repos.uploadReleaseAsset({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: res.data.id,
|
|
name: file,
|
|
data: fs.readFileSync('dist/' + file),
|
|
});
|
|
});
|
|
return res.data.id
|
|
env:
|
|
REF_NAME: ${{ github.ref_name }}
|
|
REF: ${{ github.ref }}
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: candidate_release
|
|
environment: release
|
|
permissions:
|
|
contents: write # to modify GitHub releases
|
|
id-token: write # to authenticate as Trusted Publisher to pypi.org
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
name: build-artifacts
|
|
|
|
- name: Publish binary wheel and source tarball on PyPI
|
|
# Only attempt pypi upload in upstream repository
|
|
if: github.repository == 'theupdateframework/python-tuf'
|
|
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
|
|
|
|
- name: Finalize GitHub release
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
github.rest.repos.updateRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: process.env.RELEASE_ID,
|
|
name: process.env.REF_NAME,
|
|
})
|
|
|
|
env:
|
|
REF_NAME: ${{ github.ref_name }}
|
|
RELEASE_ID: ${{ needs.candidate_release.outputs.release_id }} |