policyengine-us-data/.github/workflows/push.yaml at f528c4ff8a28feec0b048c0f7faae00bf9c8a7d9 · PolicyEngine/policyengine-us-data · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Push to main

on:
  push:
    branches: [main]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - run: pip install ruff>=0.9.0
      - run: ruff format --check .

  run-context:
    name: Run context
    runs-on: ubuntu-latest
    outputs:
      run_id: ${{ steps.run-context.outputs.run_id }}
      github_run_url: ${{ steps.run-context.outputs.github_run_url }}
    env:
      MODAL_ENVIRONMENT: main
      US_DATA_MODAL_APP_PREFIX: policyengine-us-data-pub
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.14"
      - name: Resolve run context
        id: run-context
        run: python .github/scripts/resolve_run_context.py

  # ── Documentation ──────────────────────────────────────────
  docs:
    name: Documentation
    runs-on: ubuntu-latest
    if: github.event.head_commit.message != 'Update package version'
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-python@v6
        with:
          python-version: "3.14"
      - uses: actions/setup-node@v6
        with:
          node-version: "24"
      - uses: astral-sh/setup-uv@v8.1.0
      - run: uv sync --dev
      - name: Generate pipeline documentation artifacts
        run: uv run python scripts/extract_pipeline_docs.py
      - name: Build documentation
        run: uv run make documentation
        env:
          BASE_URL: /policyengine-us-data
      - name: Deploy to GitHub Pages
        uses: JamesIves/github-pages-deploy-action@v4
        with:
          branch: gh-pages
          folder: docs/_build/html
          clean: true

  # ── Versioning (bump + changelog on non-version-bump pushes) ──
  versioning:
    name: Versioning
    runs-on: ubuntu-latest
    needs: run-context
    if: github.event.head_commit.message != 'Update package version'
    outputs:
      version_sha: ${{ steps.version-commit.outputs.sha }}
    steps:
      - name: Generate GitHub App token
        id: app-token
        uses: actions/create-github-app-token@v3
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
      - uses: actions/checkout@v6
        with:
          token: ${{ steps.app-token.outputs.token }}
          fetch-depth: 0
      - uses: actions/setup-python@v6
        with:
          python-version: "3.14"
      - uses: astral-sh/setup-uv@v8.1.0
      - run: pip install towncrier
      - name: Bump version and build changelog
        run: |
          python .github/bump_version.py
          towncrier build --yes --version "$(python .github/fetch_version.py)"
      - name: Generate pipeline documentation artifacts
        run: uv run --no-sync --with pyyaml python scripts/extract_pipeline_docs.py
      - name: Update lockfile
        run: uv lock
      - name: Update changelog
        uses: EndBug/add-and-commit@v10
        with:
          add: "."
          message: Update package version
      - name: Capture version commit
        id: version-commit
        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

  # ── Full publication pipeline ───────────────────────────────
  launch-pipeline:
    name: Launch publication pipeline
    runs-on: ubuntu-latest
    needs:
      - lint
      - run-context
      - publish
    if: github.event.head_commit.message == 'Update package version'
    permissions:
      actions: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - name: Dispatch pipeline workflow
        env:
          GH_TOKEN: ${{ github.token }}
          US_DATA_RUN_ID: ${{ needs.run-context.outputs.run_id }}
          SOURCE_SHA: ${{ github.sha }}
        run: bash .github/scripts/dispatch_publication_pipeline.sh

  # ── PyPI publish (version bump commits only) ────────────────
  publish:
    runs-on: ubuntu-latest
    needs: lint
    if: github.event.head_commit.message == 'Update package version'
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-python@v6
        with:
          python-version: "3.14"
      - uses: astral-sh/setup-uv@v8.1.0
      - run: uv sync --dev
      - run: uv run python -m build
      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: __token__
          password: ${{ secrets.PYPI }}
          skip-existing: true
      - name: Verify PyPI version before data publication
        run: python .github/scripts/verify_pypi_version.py