Merge pull request #326 from OpenTabular/feat/ci-release-hardening #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to TestPyPI (RC) | |
| # Triggered when a maintainer pushes an RC tag (e.g. v1.7.0rc1). | |
| # Stable release tags are handled by publish-pypi.yml instead. | |
| # | |
| # Requires the "testpypi-publish" GitHub Environment with tag-based protection. | |
| # Uses OIDC trusted publishing — no token secret required. | |
| # Also creates a GitHub pre-release for visibility. | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*rc*" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| publish-rc: | |
| runs-on: ubuntu-latest | |
| environment: testpypi-publish | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install Poetry | |
| run: pipx install poetry | |
| - name: Configure Poetry | |
| run: poetry config virtualenvs.in-project true | |
| - name: Cache virtualenv | |
| uses: actions/cache@v4 | |
| with: | |
| path: .venv | |
| key: venv-publish-rc-${{ runner.os }}-3.10-${{ hashFiles('poetry.lock') }} | |
| - name: Install dependencies | |
| run: poetry install --only main | |
| - name: Check tag matches pyproject version | |
| run: | | |
| VERSION=$(python3 -c "import tomllib; d=tomllib.load(open('pyproject.toml','rb')); print(d['tool']['poetry']['version'])") | |
| TAG="${GITHUB_REF_NAME#v}" | |
| echo "pyproject version: $VERSION" | |
| echo "git tag version: $TAG" | |
| if [ "$VERSION" != "$TAG" ]; then | |
| echo "❌ Tag version and pyproject.toml version do not match." | |
| exit 1 | |
| fi | |
| - name: Build package | |
| run: poetry build | |
| - name: Check package | |
| run: | | |
| python -m pip install --upgrade twine | |
| twine check dist/* | |
| - name: Test wheel install | |
| run: | | |
| python -m venv /tmp/deeptab-wheel-test | |
| source /tmp/deeptab-wheel-test/bin/activate | |
| pip install dist/*.whl | |
| python -c "import deeptab; print(deeptab.__version__)" | |
| - name: Publish to TestPyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| - name: Create GitHub pre-release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| prerelease: true | |
| generate_release_notes: true | |
| files: dist/* | |
| smoke-test-testpypi: | |
| name: Smoke-test install from TestPyPI | |
| needs: publish-rc | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install from TestPyPI (with retry) | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "Installing deeptab==$VERSION from TestPyPI" | |
| for i in 1 2 3 4 5; do | |
| pip install \ | |
| --index-url https://test.pypi.org/simple/ \ | |
| --extra-index-url https://pypi.org/simple/ \ | |
| "deeptab==$VERSION" && break | |
| echo "Attempt $i failed, retrying in 30s..." | |
| sleep 30 | |
| done | |
| - name: Import smoke test | |
| run: python -c "import deeptab; print('version:', deeptab.__version__)" |