release: v2.49.2 — sponsorship surfaces: GitHub Sponsors (FUNDING.yml… #28
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| # Required for PyPI Trusted Publishing (OIDC): | |
| # 1. On PyPI, go to the project page → Publishing → Add a pending publisher. | |
| # 2. Owner = drknowhow, Repository = code-context-control, | |
| # Workflow = release.yml, Environment = pypi. | |
| # 3. Push a tag (e.g. `git tag v2.28.0 && git push --tags`) to trigger. | |
| permissions: | |
| contents: read | |
| jobs: | |
| verify-ci: | |
| name: Verify CI passed on tagged commit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Wait for CI to succeed on this commit | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| COMMIT_SHA=$(git rev-parse 'HEAD^{commit}') | |
| echo "Gating release on CI for $COMMIT_SHA" | |
| for attempt in $(seq 1 60); do | |
| RUN=$(gh api "repos/${GITHUB_REPOSITORY}/actions/workflows/ci.yml/runs?head_sha=${COMMIT_SHA}&per_page=1" --jq '.workflow_runs[0] // empty') | |
| if [ -z "$RUN" ]; then | |
| # CI may not have been scheduled yet when the tag lands with the push. | |
| if [ "$attempt" -ge 10 ]; then | |
| echo "::error::No CI run found for ${COMMIT_SHA}. Push the commit to main (so CI runs) before tagging a release." | |
| exit 1 | |
| fi | |
| echo "No CI run for ${COMMIT_SHA} yet — waiting... (attempt ${attempt}/10)" | |
| else | |
| STATUS=$(echo "$RUN" | jq -r '.status') | |
| CONCLUSION=$(echo "$RUN" | jq -r '.conclusion // empty') | |
| URL=$(echo "$RUN" | jq -r '.html_url') | |
| if [ "$STATUS" = "completed" ]; then | |
| if [ "$CONCLUSION" = "success" ]; then | |
| echo "CI passed: $URL" | |
| exit 0 | |
| fi | |
| echo "::error::CI concluded '${CONCLUSION}' for ${COMMIT_SHA} — fix CI before releasing: $URL" | |
| exit 1 | |
| fi | |
| echo "CI status '${STATUS}' — waiting for completion... (attempt ${attempt}/60)" | |
| fi | |
| sleep 30 | |
| done | |
| echo "::error::Timed out after 30 minutes waiting for CI on ${COMMIT_SHA}." | |
| exit 1 | |
| build: | |
| name: Build distribution | |
| needs: verify-ci | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| cache: pip | |
| - name: Install build tooling | |
| run: python -m pip install --upgrade pip build twine | |
| - name: Verify tag matches package version | |
| run: | | |
| TAG_VERSION="${GITHUB_REF_NAME#v}" | |
| PKG_VERSION=$(python -c "import tomllib, pathlib; print(tomllib.loads(pathlib.Path('pyproject.toml').read_text())['project']['version'])") | |
| if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then | |
| echo "::error::Tag $GITHUB_REF_NAME does not match pyproject.toml version $PKG_VERSION" | |
| exit 1 | |
| fi | |
| - name: Build sdist + wheel | |
| run: python -m build --sdist --wheel --outdir dist | |
| - name: twine check | |
| run: python -m twine check dist/* | |
| - name: Upload distribution artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: dist | |
| path: dist/ | |
| publish-pypi: | |
| name: Publish to PyPI | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/code-context-control | |
| permissions: | |
| id-token: write # required for Trusted Publishing | |
| steps: | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| github-release: | |
| name: Attach artifacts to GitHub Release | |
| needs: publish-pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v3 | |
| with: | |
| files: dist/* | |
| generate_release_notes: true | |
| draft: false | |
| prerelease: false |