-
Notifications
You must be signed in to change notification settings - Fork 3
140 lines (131 loc) · 4.37 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# This workflow automates the build, publish, and release process for the Python 🐍 package 📦
#
# It builds both source (sdist) and binary (wheel) distributions,
# on every tag push to the main branch, or pull request event.
#
# If the event is a push to the main branch, the distributions
# are published to TestPyPI. This should be a good indicator
# that the build and publishing process is always working
# correctly, as opposed to only finding out when we try
# to actually publish a new release to the real PyPI.
#
# Only when a new tag push, the distributions are then published to
# the "real" PyPI, and a new GitHub Release is created containing
# the latest release notes and Sigstore-certified distributions.
#
name: Release workflow 🚀
on:
push:
branches: [ main ]
tags: [ '*' ]
pull_request:
types: [ opened, synchronize, reopened ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build distributions
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
with:
# TODO: This can be very expensive for large repos. Is there a better way to do this?
# Fetch all history and tags for setuptools_scm to work
fetch-depth: 0
- uses: ./.github/actions/setup-python
with:
python-version: "3.9"
requirements: tox
- name: Build source (sdist) and binary (wheel) distributions
run: tox -e build-dists
- uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
publish-to-testpypi:
name: Publish distribution to TestPyPI
if: github.ref == 'refs/heads/main'
needs:
- build
runs-on: ubuntu-latest
timeout-minutes: 2
environment:
name: testpypi
url: https://test.pypi.org/p/ridgeplot
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
verbose: true
print-hash: true
publish-to-pypi:
name: Publish distribution to PyPI
if: startsWith(github.ref, 'refs/tags/')
needs:
- build
- publish-to-testpypi
runs-on: ubuntu-latest
timeout-minutes: 2
environment:
name: pypi
url: https://pypi.org/p/ridgeplot
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- uses: pypa/gh-action-pypi-publish@release/v1
with:
verbose: true
print-hash: true
github-release:
name: Publish a GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest
timeout-minutes: 2
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
# Generate the release notes
- uses: actions/checkout@v4
with:
# TODO: This can be very expensive for large repos. Is there a better way to do this?
# Fetch all history and tags for setuptools_scm to work
fetch-depth: 0
- uses: ./.github/actions/setup-python
with:
python-version: "3.9"
requirements: tox
- name: Generate release notes
run: tox -e release-notes
# Sign the package distributions with Sigstore
# https://github.com/marketplace/actions/gh-action-sigstore-python
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
body_path: LATEST_RELEASE_NOTES.md
# `dist/` contains the built distributions, and the
# Sigstore-produced signatures and certificates.
files: dist/**