|
| 1 | +name: publish-py |
| 2 | + |
| 3 | +concurrency: |
| 4 | + group: publish-py-${{ inputs.release_type }}-${{ inputs.branch }} |
| 5 | + cancel-in-progress: false |
| 6 | + |
| 7 | +on: |
| 8 | + workflow_dispatch: |
| 9 | + inputs: |
| 10 | + release_type: |
| 11 | + description: Release type |
| 12 | + required: true |
| 13 | + default: stable |
| 14 | + type: choice |
| 15 | + options: |
| 16 | + - stable |
| 17 | + - prerelease |
| 18 | + branch: |
| 19 | + description: Branch to release from |
| 20 | + required: true |
| 21 | + default: main |
| 22 | + type: string |
| 23 | + prerelease_suffix: |
| 24 | + description: Optional shared prerelease suffix |
| 25 | + required: false |
| 26 | + default: "" |
| 27 | + type: string |
| 28 | + |
| 29 | +jobs: |
| 30 | + prepare-release: |
| 31 | + runs-on: ubuntu-latest |
| 32 | + timeout-minutes: 10 |
| 33 | + outputs: |
| 34 | + version: ${{ steps.release_metadata.outputs.version }} |
| 35 | + release_tag: ${{ steps.release_metadata.outputs.release_tag }} |
| 36 | + branch: ${{ steps.release_metadata.outputs.branch }} |
| 37 | + commit: ${{ steps.release_metadata.outputs.commit }} |
| 38 | + release_type: ${{ steps.release_metadata.outputs.release_type }} |
| 39 | + steps: |
| 40 | + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 |
| 41 | + with: |
| 42 | + fetch-depth: 1 |
| 43 | + ref: ${{ inputs.branch }} |
| 44 | + |
| 45 | + - name: Check version sync |
| 46 | + run: python3 .github/scripts/check_version_sync.py |
| 47 | + |
| 48 | + - name: Set up Python |
| 49 | + uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3.1.4 |
| 50 | + with: |
| 51 | + python-version: "3.12" |
| 52 | + |
| 53 | + - name: Determine release metadata |
| 54 | + id: release_metadata |
| 55 | + env: |
| 56 | + RELEASE_TYPE: ${{ inputs.release_type }} |
| 57 | + TARGET_BRANCH: ${{ inputs.branch }} |
| 58 | + PRERELEASE_SUFFIX: ${{ inputs.prerelease_suffix }} |
| 59 | + run: | |
| 60 | + set -euo pipefail |
| 61 | +
|
| 62 | + CURRENT_VERSION=$(python -c 'from pathlib import Path; ns = {}; exec(Path("py/autoevals/version.py").read_text(encoding="utf-8"), ns); print(ns["VERSION"])') |
| 63 | + RELEASE_COMMIT=$(git rev-parse HEAD) |
| 64 | +
|
| 65 | + if [[ -z "${PRERELEASE_SUFFIX}" ]]; then |
| 66 | + PRERELEASE_SUFFIX="${GITHUB_RUN_NUMBER}" |
| 67 | + fi |
| 68 | +
|
| 69 | + echo "release_type=${RELEASE_TYPE}" >> "$GITHUB_OUTPUT" |
| 70 | + echo "branch=${TARGET_BRANCH}" >> "$GITHUB_OUTPUT" |
| 71 | + echo "commit=${RELEASE_COMMIT}" >> "$GITHUB_OUTPUT" |
| 72 | +
|
| 73 | + if [[ "$RELEASE_TYPE" == "stable" ]]; then |
| 74 | + RELEASE_TAG="py-${CURRENT_VERSION}" |
| 75 | +
|
| 76 | + if git ls-remote --exit-code --tags origin "refs/tags/${RELEASE_TAG}" >/dev/null 2>&1; then |
| 77 | + echo "Tag ${RELEASE_TAG} already exists on origin" >&2 |
| 78 | + exit 1 |
| 79 | + fi |
| 80 | +
|
| 81 | + echo "version=${CURRENT_VERSION}" >> "$GITHUB_OUTPUT" |
| 82 | + echo "release_tag=${RELEASE_TAG}" >> "$GITHUB_OUTPUT" |
| 83 | + else |
| 84 | + VERSION="${CURRENT_VERSION}rc${PRERELEASE_SUFFIX}" |
| 85 | +
|
| 86 | + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" |
| 87 | + echo "release_tag=" >> "$GITHUB_OUTPUT" |
| 88 | + fi |
| 89 | +
|
| 90 | + publish: |
| 91 | + needs: prepare-release |
| 92 | + runs-on: ubuntu-latest |
| 93 | + timeout-minutes: 20 |
| 94 | + permissions: |
| 95 | + contents: write |
| 96 | + id-token: write # Required for PyPI trusted publishing |
| 97 | + env: |
| 98 | + PACKAGE_NAME: autoevals |
| 99 | + VERSION: ${{ needs.prepare-release.outputs.version }} |
| 100 | + RELEASE_TAG: ${{ needs.prepare-release.outputs.release_tag }} |
| 101 | + RELEASE_TYPE: ${{ needs.prepare-release.outputs.release_type }} |
| 102 | + TARGET_BRANCH: ${{ needs.prepare-release.outputs.branch }} |
| 103 | + RELEASE_COMMIT: ${{ needs.prepare-release.outputs.commit }} |
| 104 | + steps: |
| 105 | + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 |
| 106 | + with: |
| 107 | + fetch-depth: 0 |
| 108 | + ref: ${{ needs.prepare-release.outputs.branch }} |
| 109 | + |
| 110 | + - name: Check version sync |
| 111 | + run: python3 .github/scripts/check_version_sync.py |
| 112 | + |
| 113 | + - name: Set up Python |
| 114 | + uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3.1.4 |
| 115 | + with: |
| 116 | + python-version: "3.12" |
| 117 | + |
| 118 | + - name: Check PyPI version availability |
| 119 | + run: | |
| 120 | + set -euo pipefail |
| 121 | +
|
| 122 | + python - <<'PY' |
| 123 | + import os |
| 124 | + import sys |
| 125 | + import urllib.error |
| 126 | + import urllib.request |
| 127 | +
|
| 128 | + package = os.environ["PACKAGE_NAME"] |
| 129 | + version = os.environ["VERSION"] |
| 130 | + url = f"https://pypi.org/pypi/{package}/{version}/json" |
| 131 | +
|
| 132 | + try: |
| 133 | + urllib.request.urlopen(url) |
| 134 | + except urllib.error.HTTPError as exc: |
| 135 | + if exc.code == 404: |
| 136 | + raise SystemExit(0) |
| 137 | + raise |
| 138 | + except urllib.error.URLError as exc: |
| 139 | + print(f"Failed to query PyPI: {exc}", file=sys.stderr) |
| 140 | + raise |
| 141 | + else: |
| 142 | + print(f"{package}=={version} already exists on PyPI", file=sys.stderr) |
| 143 | + raise SystemExit(1) |
| 144 | + PY |
| 145 | +
|
| 146 | + - name: Install build dependencies |
| 147 | + run: python -m pip install --upgrade pip build twine |
| 148 | + |
| 149 | + - name: Prepare prerelease package metadata |
| 150 | + if: ${{ env.RELEASE_TYPE == 'prerelease' }} |
| 151 | + run: | |
| 152 | + set -euo pipefail |
| 153 | +
|
| 154 | + python - <<'PY' |
| 155 | + import os |
| 156 | + import re |
| 157 | + from pathlib import Path |
| 158 | +
|
| 159 | + path = Path("py/autoevals/version.py") |
| 160 | + text = path.read_text(encoding="utf-8") |
| 161 | + new_text, count = re.subn( |
| 162 | + r'^VERSION\s*=\s*["\'][^"\']+["\']\s*$', |
| 163 | + f'VERSION = "{os.environ["VERSION"]}"', |
| 164 | + text, |
| 165 | + count=1, |
| 166 | + flags=re.MULTILINE, |
| 167 | + ) |
| 168 | + if count != 1: |
| 169 | + raise SystemExit("Could not update py/autoevals/version.py for prerelease publish") |
| 170 | + path.write_text(new_text + ("" if new_text.endswith("\n") else "\n"), encoding="utf-8") |
| 171 | + PY |
| 172 | +
|
| 173 | + - name: Build package |
| 174 | + run: python -m build |
| 175 | + |
| 176 | + - name: Verify package metadata |
| 177 | + run: python -m twine check dist/* |
| 178 | + |
| 179 | + - name: Publish to PyPI |
| 180 | + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 |
| 181 | + with: |
| 182 | + packages-dir: dist/ |
| 183 | + |
| 184 | + - name: Create and push stable release tag |
| 185 | + if: ${{ env.RELEASE_TYPE == 'stable' }} |
| 186 | + run: | |
| 187 | + set -euo pipefail |
| 188 | +
|
| 189 | + git config user.name "github-actions[bot]" |
| 190 | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
| 191 | + git tag "${RELEASE_TAG}" "${RELEASE_COMMIT}" |
| 192 | + git push origin "${RELEASE_TAG}" |
| 193 | +
|
| 194 | + - name: Create GitHub release |
| 195 | + if: ${{ env.RELEASE_TYPE == 'stable' }} |
| 196 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 197 | + env: |
| 198 | + RELEASE_TAG: ${{ env.RELEASE_TAG }} |
| 199 | + VERSION: ${{ env.VERSION }} |
| 200 | + with: |
| 201 | + script: | |
| 202 | + await github.rest.repos.createRelease({ |
| 203 | + owner: context.repo.owner, |
| 204 | + repo: context.repo.repo, |
| 205 | + tag_name: process.env.RELEASE_TAG, |
| 206 | + name: `autoevals Python v${process.env.VERSION}`, |
| 207 | + draft: false, |
| 208 | + prerelease: false, |
| 209 | + generate_release_notes: true, |
| 210 | + }); |
| 211 | +
|
| 212 | + - name: Summarize release |
| 213 | + run: | |
| 214 | + set -euo pipefail |
| 215 | +
|
| 216 | + { |
| 217 | + echo "## PyPI publish complete" |
| 218 | + echo |
| 219 | + echo "- Package: \`${PACKAGE_NAME}\`" |
| 220 | + echo "- Version: \`${VERSION}\`" |
| 221 | + echo "- Release type: \`${RELEASE_TYPE}\`" |
| 222 | + if [ "${RELEASE_TYPE}" = "prerelease" ]; then |
| 223 | + echo "- Install: \`pip install --pre ${PACKAGE_NAME}\`" |
| 224 | + else |
| 225 | + echo "- Git tag: \`${RELEASE_TAG}\`" |
| 226 | + echo "- Install: \`pip install ${PACKAGE_NAME}\`" |
| 227 | + fi |
| 228 | + } >> "$GITHUB_STEP_SUMMARY" |
0 commit comments