pysatl-core/.github/workflows/release.yml at main · PySATL/pysatl-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: Release
run-name: ${{ github.event_name == 'workflow_dispatch' && 'Release TestPyPI' || format('Release {0} PyPI', github.ref_name) }}

on:
  workflow_dispatch:
  push:
    tags:
      - "v*"

permissions:
  contents: read

jobs:
  validate:
    name: Validate release ref
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          persist-credentials: false

      - name: Validate trigger and version
        shell: bash
        run: |
          set -euo pipefail

          if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then
            if [[ "${GITHUB_REF}" != "refs/heads/main" ]]; then
              echo "Manual TestPyPI releases must be run from the main branch." >&2
              exit 1
            fi
            exit 0
          fi

          if [[ "${GITHUB_EVENT_NAME}" != "push" || "${GITHUB_REF}" != refs/tags/v* ]]; then
            echo "PyPI releases must be triggered by a v* tag push." >&2
            exit 1
          fi

          project_version="$(python - <<'PY'
          import tomllib

          with open("pyproject.toml", "rb") as pyproject:
              print(tomllib.load(pyproject)["tool"]["poetry"]["version"])
          PY
          )"
          tag_version="${GITHUB_REF_NAME#v}"

          if [[ "${project_version}" != "${tag_version}" ]]; then
            echo "Tag version ${tag_version} does not match pyproject.toml version ${project_version}." >&2
            exit 1
          fi

  build-sdist:
    name: Build sdist
    needs: validate
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive
          persist-credentials: false

      - name: Setup Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - name: Install build tooling
        run: python -m pip install --upgrade pip build

      - name: Build sdist
        run: python -m build --sdist --outdir dist

      - name: Upload sdist
        uses: actions/upload-artifact@v7
        with:
          name: release-sdist
          path: dist/*.tar.gz

  build-wheels:
    name: Build wheels on ${{ matrix.os }}
    needs: validate
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ macos-latest, windows-latest ]

    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive
          persist-credentials: false

      - name: Build wheels
        uses: pypa/cibuildwheel@v3.4.1

      - name: Upload wheels
        uses: actions/upload-artifact@v7
        with:
          name: release-wheels-${{ matrix.os }}
          path: wheelhouse/*.whl

  check-distributions:
    name: Check distributions
    needs: [ build-sdist, build-wheels ]
    runs-on: ubuntu-latest

    steps:
      - name: Setup Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - name: Download distributions
        uses: actions/download-artifact@v7
        with:
          pattern: release-*
          path: dist
          merge-multiple: true

      - name: Install validation tooling
        run: python -m pip install --upgrade pip "twine>=6.2,<7" "packaging>=24.2"

      - name: Check distribution metadata
        run: python -m twine check dist/*

  publish-testpypi:
    name: Publish to TestPyPI
    needs: check-distributions
    if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    environment:
      name: testpypi
      url: https://test.pypi.org/p/pysatl-core
    permissions:
      id-token: write

    steps:
      - name: Download distributions
        uses: actions/download-artifact@v7
        with:
          pattern: release-*
          path: dist
          merge-multiple: true

      - name: Publish package distributions to TestPyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: https://test.pypi.org/legacy/

  publish-pypi:
    name: Publish to PyPI
    needs: check-distributions
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/p/pysatl-core
    permissions:
      id-token: write

    steps:
      - name: Download distributions
        uses: actions/download-artifact@v7
        with:
          pattern: release-*
          path: dist
          merge-multiple: true

      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1