|
6 | 6 | pull_request: |
7 | 7 | branches: |
8 | 8 | - "**" |
| 9 | + # This is so we can call CI locally from other workflows that might want to |
| 10 | + # run CI before doing whatever task they're doing. Like the release workflow. |
| 11 | + workflow-call: |
9 | 12 |
|
10 | 13 | defaults: |
11 | 14 | run: |
|
46 | 49 | flags: unittests |
47 | 50 | fail_ci_if_error: true |
48 | 51 | working-directory: "./backend" |
49 | | - |
50 | | - release: |
51 | | - needs: run_tests |
52 | | - runs-on: ubuntu-latest |
53 | | - if: github.ref_name == 'main' |
54 | | - concurrency: |
55 | | - group: ${{ github.workflow }}-release-${{ github.ref_name }} |
56 | | - cancel-in-progress: false |
57 | | - |
58 | | - permissions: |
59 | | - contents: write |
60 | | - |
61 | | - steps: |
62 | | - # Note: We checkout the repository at the branch that triggered the workflow. |
63 | | - # Python Semantic Release will automatically convert shallow clones to full clones |
64 | | - # if needed to ensure proper history evaluation. However, we forcefully reset the |
65 | | - # branch to the workflow sha because it is possible that the branch was updated |
66 | | - # while the workflow was running, which prevents accidentally releasing un-evaluated |
67 | | - # changes. |
68 | | - - name: Setup | Checkout Repository on Release Branch |
69 | | - uses: actions/checkout@v4 |
70 | | - with: |
71 | | - ref: ${{ github.ref_name }} |
72 | | - |
73 | | - - name: Setup | Force release branch to be at workflow sha |
74 | | - run: | |
75 | | - git reset --hard ${{ github.sha }} |
76 | | -
|
77 | | - - name: Action | Semantic Version Release |
78 | | - id: release |
79 | | - # Adjust tag with desired version if applicable. |
80 | | - uses: python-semantic-release/python-semantic-release@v10.5.3 |
81 | | - with: |
82 | | - github_token: ${{ secrets.GITHUB_TOKEN }} |
83 | | - git_committer_name: "github-actions" |
84 | | - git_committer_email: "actions@users.noreply.github.com" |
85 | | - |
86 | | - - name: Publish | Upload to GitHub Release Assets |
87 | | - uses: python-semantic-release/publish-action@v10.5.3 |
88 | | - if: steps.release.outputs.released == 'true' |
89 | | - with: |
90 | | - github_token: ${{ secrets.GITHUB_TOKEN }} |
91 | | - tag: ${{ steps.release.outputs.tag }} |
92 | | - |
93 | | - - name: Upload | Distribution Artifacts |
94 | | - uses: actions/upload-artifact@v4 |
95 | | - with: |
96 | | - name: distribution-artifacts |
97 | | - path: dist |
98 | | - if-no-files-found: error |
99 | | - |
100 | | - outputs: |
101 | | - released: ${{ steps.release.outputs.released || 'false' }} |
102 | | - |
103 | | - deploy: |
104 | | - # 1. Separate out the deploy step from the publish step to run each step at |
105 | | - # the least amount of token privilege |
106 | | - # 2. Also, deployments can fail, and its better to have a separate job if you need to retry |
107 | | - # and it won't require reversing the release. |
108 | | - runs-on: ubuntu-latest |
109 | | - needs: release |
110 | | - if: github.ref_name == 'main' && needs.release.outputs.released == 'true' |
111 | | - |
112 | | - permissions: |
113 | | - contents: read |
114 | | - id-token: write |
115 | | - |
116 | | - steps: |
117 | | - - name: Setup | Download Build Artifacts |
118 | | - uses: actions/download-artifact@v4 |
119 | | - id: artifact-download |
120 | | - with: |
121 | | - name: distribution-artifacts |
122 | | - path: dist |
123 | | - |
124 | | - - name: Publish to PyPi |
125 | | - uses: pypa/gh-action-pypi-publish@release/v1 |
126 | | - with: |
127 | | - packages-dir: dist |
128 | | - user: __token__ |
129 | | - password: ${{ secrets.PYPI_UPLOAD_TOKEN }} |
0 commit comments