-
Notifications
You must be signed in to change notification settings - Fork 1
120 lines (109 loc) · 4.14 KB
/
release.yml
File metadata and controls
120 lines (109 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: Release
on:
workflow_dispatch:
inputs:
version:
description: "Version to release: a version number (e.g. 1.0.0rc4) or one of: patch, minor, major, prepatch, preminor, premajor, prerelease"
required: true
type: string
dry_run:
description: "Dry run (deletes draft release, does not push changes, does not publish to PyPI)"
required: false
type: boolean
default: false
changelog_body:
description: "Custom release notes (overrides auto-generated changelog). Use \\n for newlines, or trigger via 'gh workflow run' for real multiline input."
required: false
type: string
default: ""
schedule:
- cron: "0 9 * * *"
jobs:
release:
if: github.event_name != 'schedule' || github.repository == 'Calysto/maintainer_tools'
runs-on: ubuntu-latest
environment: release
permissions:
contents: write
outputs:
tag: ${{ steps.release.outputs.tag }}
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: ./actions/base-setup
- uses: ./actions/release
id: release
with:
version: ${{ github.event_name == 'schedule' && '10.10.10.10' || inputs.version }}
dry_run: ${{ github.event_name == 'schedule' && 'true' || inputs.dry_run }}
app_id: ${{ vars.APP_ID }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
ref: ${{ github.ref_name }}
changelog_body: ${{ inputs.changelog_body }}
# Build the package from the release tag so the artifact matches what was released.
build-package:
name: Build & verify package
needs: [release]
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ needs.release.outputs.tag }}
fetch-depth: 0
persist-credentials: false
- uses: ./actions/build
publish:
needs: [build-package]
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
attestations: write
steps:
- name: Download packages built by build-and-inspect-python-package
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Packages
path: dist
- name: Upload package to Test PyPI
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
repository-url: https://test.pypi.org/legacy/
skip-existing: ${{ github.event_name == 'schedule' && 'true' || inputs.dry_run }}
verbose: ${{ github.event_name == 'schedule' && 'true' || inputs.dry_run }}
update-v1-tag:
needs: [publish, release]
runs-on: ubuntu-latest
environment: release
permissions:
contents: write
# Only run for stable releases (version contains no letters, e.g. 1.0.0 not 1.0.0a1)
if: ${{ !inputs.dry_run && github.event_name != 'schedule' && !contains(needs.release.outputs.tag, 'a') && !contains(needs.release.outputs.tag, 'b') && !contains(needs.release.outputs.tag, 'rc') && !contains(needs.release.outputs.tag, 'dev') }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Generate token
uses: actions/create-github-app-token@v3.2.0
id: create-app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
permission-contents: write
- name: Configure git
env:
TOKEN: ${{ steps.create-app-token.outputs.token }}
REPOSITORY: ${{ github.repository }}
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git remote set-url origin "https://x-access-token:${TOKEN}@github.com/${REPOSITORY}"
- name: Update v1 tag
run: |
git tag -d v1 || true
git push origin :refs/tags/v1 || true
git tag v1
git push origin v1