duckdb-python/.github/workflows/release.yml at 6261380f9d13ef1b69f2db50c3154dc9f19a3473 · duckdb/duckdb-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Release is called by duckdb's InvokeCI -> NotifyExternalRepositories job
name: Release
on:
  workflow_dispatch:
    inputs:
      duckdb-sha:
        type: string
        description: The DuckDB submodule commit to build against
        required: true
      stable-version:
        type: string
        description: Release a stable version (vX.Y.Z-((rc|post)N))
        required: false
      pypi-index:
        type: choice
        description: Which PyPI to use
        required: true
        options:
          - test
          - prod
      store-s3:
        type: boolean
        description: Also store test packages in S3
        default: false

defaults:
  run:
    shell: bash

jobs:
  build_and_test:
    name: Build and test releases
    uses:  ./.github/workflows/packaging.yml
    with:
      minimal: true
      testsuite: none
      git-ref: ${{ github.ref }}
      duckdb-git-ref: ${{ inputs.duckdb-sha }}
      set-version: ${{ inputs.stable-version }}

  upload_s3:
    name: Upload Artifacts to S3
    runs-on: ubuntu-latest
    needs: [build_and_test]
    if: ${{ github.repository_owner == 'duckdb' && ( inputs.pypi-index == 'prod' || inputs.store-s3 ) }}
    steps:
      - name: Fetch artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: '{sdist,wheel}*'
          path: artifacts/
          merge-multiple: true

      - name: Authenticate with AWS
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: 'us-east-2'
          aws-access-key-id: ${{ secrets.S3_DUCKDB_STAGING_ID }}
          aws-secret-access-key: ${{ secrets.S3_DUCKDB_STAGING_KEY }}

      - name: Upload Artifacts
        id: s3_upload
        run: |
          sha=${{ github.ref }}
          aws s3 cp artifacts s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/ --recursive

      - name: S3 Upload Summary
        run : |
          sha=${{ github.ref }}
          version=$(basename artifacts/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
          echo "## S3 Upload Summary" >> $GITHUB_STEP_SUMMARY
          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
          echo "* SHA: ${sha:0:10}" >> $GITHUB_STEP_SUMMARY
          echo "* S3 URL: s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/" >> $GITHUB_STEP_SUMMARY

  determine_environment:
    name: Determine the Github Actions environment to use
    runs-on: ubuntu-latest
    needs: build_and_test
    outputs:
      env_name: ${{ steps.set-env.outputs.env_name }}
    steps:
      - name: Set environment name
        id: set-env
        run: |
          set -euo pipefail
          case "${{ inputs.pypi-index }}" in
            test)
              echo "env_name=pypi-test" >> "$GITHUB_OUTPUT"
              ;;
            prod)
              if [[ -n "${{ inputs.stable-version }}" ]]; then
                echo "env_name=pypi-prod" >> "$GITHUB_OUTPUT"
              else
                echo "env_name=pypi-prod-nightly" >> "$GITHUB_OUTPUT"
              fi
              ;;
            *)
              echo "Error: invalid combination of inputs.pypi-index='${{ inputs.pypi-index }}' and inputs.stable-version='${{ inputs.stable-version }}'" >&2
              exit 1
              ;;
          esac

  publish_pypi:
    name: Publish Artifacts to PyPI
    runs-on: ubuntu-latest
    needs: determine_environment
    environment:
      name: ${{ needs.determine_environment.outputs.env_name }}
    permissions:
      # this is needed for the OIDC flow that is used with trusted publishing on PyPI
      id-token: write
    steps:
      - if: ${{ vars.PYPI_HOST == '' }}
        run: |
          echo "Error: PYPI_HOST is not set in CI environment '${{ needs.determine_environment.outputs.env_name }}'"
          exit 1

      - name: Fetch artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: '{sdist,wheel}*'
          path: packages/
          merge-multiple: true

      - name: Upload artifacts to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: 'https://${{ vars.PYPI_HOST }}/legacy/'
          packages-dir: packages
          verbose: 'true'

      - name: PyPI Upload Summary
        run : |
          version=$(basename packages/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
          echo "## PyPI Upload Summary" >> $GITHUB_STEP_SUMMARY
          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
          echo "* PyPI Host: ${{ vars.PYPI_HOST }}" >> $GITHUB_STEP_SUMMARY
          echo "* CI Environment: ${{ needs.determine_environment.outputs.env_name }}" >> $GITHUB_STEP_SUMMARY

  cleanup_nightlies:
    name: Remove Nightlies from PyPI
    needs: [determine_environment, publish_pypi]
    if: ${{ inputs.stable-version == '' }}
    uses: ./.github/workflows/cleanup_pypi.yml
    with:
      environment: ${{ needs.determine_environment.outputs.env_name }}