fix(ci): add retry logic to verify-pypi/testpypi for index propagation #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| release: | |
| types: [created, edited, published] | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Build distribution packages and generate SBOM | |
| build: | |
| name: Build distribution | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| outputs: | |
| version: "${{ steps.version.outputs.version }}" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 | |
| with: | |
| python-version: "3.10" | |
| enable-cache: true | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0 | |
| - name: Add dev version if not a PyPi build | |
| if: "github.event_name == 'push' || (github.event_name == 'release' && github.event.action != 'published')" | |
| run: | | |
| just set-dev-version ${{ github.run_number}} | |
| - name: Capture version | |
| id: version | |
| run: | | |
| echo "version=$(just version)" >> "$GITHUB_OUTPUT" | |
| - name: Build package with SBOM | |
| run: just build-release | |
| - name: Upload distributions | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: dist | |
| path: dist/ | |
| retention-days: 7 | |
| # Test built package installs correctly | |
| test: | |
| name: "Test package (${{ matrix.os }}, Python ${{ matrix.python-version }})" | |
| needs: build | |
| runs-on: "${{ matrix.os }}" | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: ["ubuntu-latest", "windows-latest", "macos-latest"] | |
| python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.14t"] | |
| steps: | |
| - name: Download distributions | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| enable-cache: false # No checkout, so no dependency files to hash | |
| - name: Install from wheel | |
| shell: bash | |
| run: | | |
| uv venv | |
| uv pip install dist/*.whl | |
| - name: Smoke test | |
| run: | | |
| uv run python -c "import jsonlt; print(f'Version: {jsonlt.__version__}')" | |
| # Publish to TestPyPI (triggered by tag push or draft release/unpublished release edit) | |
| publish-testpypi: | |
| name: Publish to TestPyPI | |
| needs: | |
| - build | |
| - test | |
| if: "github.event_name == 'push' || (github.event_name == 'release' && github.event.action != 'published')" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/jsonlt-python | |
| permissions: | |
| id-token: write # Trusted Publishing OIDC | |
| attestations: write # Artifact attestations | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Download distributions | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Generate build attestation | |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 | |
| with: | |
| subject-path: "dist/*.tar.gz,dist/*.whl" | |
| - name: Generate SBOM attestation | |
| uses: actions/attest-sbom@4651f806c01d8637787e274ac3bdf724ef169f34 # v3.0.0 | |
| with: | |
| subject-path: "dist/*.tar.gz,dist/*.whl" | |
| sbom-path: dist/sbom.cdx.json | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0 | |
| - name: Publish to TestPyPI | |
| run: just publish-testpypi | |
| - name: Verify TestPyPI release | |
| run: just verify-testpypi ${{ needs.build.outputs.version }} | |
| # Publish to PyPI (triggered by publishing the GitHub Release) | |
| publish-pypi: | |
| name: Publish to PyPI | |
| needs: | |
| - build | |
| - test | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/jsonlt-python | |
| permissions: | |
| id-token: write # Trusted Publishing OIDC | |
| attestations: write # Artifact attestations | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Download distributions | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Generate build attestation | |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 | |
| with: | |
| subject-path: "dist/*.tar.gz,dist/*.whl" | |
| - name: Generate SBOM attestation | |
| uses: actions/attest-sbom@4651f806c01d8637787e274ac3bdf724ef169f34 # v3.0.0 | |
| with: | |
| subject-path: "dist/*.tar.gz,dist/*.whl" | |
| sbom-path: dist/sbom.cdx.json | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0 | |
| - name: Publish to PyPI | |
| run: just publish-pypi | |
| - name: Verify PyPi release | |
| run: just verify-testpypi ${{ needs.build.outputs.version }} |