55 branches : [main]
66
77jobs :
8- ci :
9- name : Run CI
10- runs-on : ubuntu-latest
11- strategy :
12- fail-fast : true
13- matrix :
14- toxenv : [quality, docs, django42, django52]
15-
16- steps :
17- - name : Check out repository
18- uses : actions/checkout@v6
19-
20- - name : Set up Python
21- uses : actions/setup-python@v6
22- with :
23- python-version : " 3.12"
24-
25- - name : Install uv
26- uses : astral-sh/setup-uv@v6
27-
28- - name : Install CI dependencies
29- run : uv sync --group ci
30-
31- - name : Run tests (${{ matrix.toxenv }})
32- env :
33- TOXENV : ${{ matrix.toxenv }}
34- run : uv run tox
8+ run_tests :
9+ uses : ./.github/workflows/python-tests.yml
3510
3611 release :
37- name : Semantic Release
12+ needs : run_tests
3813 runs-on : ubuntu-latest
39- needs : ci
40- concurrency : release
14+ if : github.ref_name == 'main'
15+ concurrency :
16+ group : ${{ github.workflow }}-release-${{ github.ref_name }}
17+ cancel-in-progress : false
18+
4119 permissions :
42- id-token : write # for PyPI trusted publisher (OIDC)
43- contents : write # to push tags and create GitHub releases
20+ contents : write
4421
4522 steps :
46- - name : Check out repository
23+ # Checkout at the branch that triggered the workflow, then force-reset to
24+ # the exact sha so we don't accidentally release commits that arrived
25+ # while this workflow was running.
26+ - name : Setup | Checkout Repository on Release Branch
4727 uses : actions/checkout@v6
4828 with :
49- fetch-depth : 0
29+ ref : ${{ github.ref_name }}
30+
31+ - name : Setup | Force release branch to workflow sha
32+ run : git reset --hard ${{ github.sha }}
5033
5134 - name : Set up Python
5235 uses : actions/setup-python@v6
@@ -66,12 +49,51 @@ jobs:
6649 npm ci
6750 npm run build
6851
69- - name : Python Semantic Release
52+ - name : Action | Semantic Version Release
7053 id : release
71- uses : python-semantic-release/python-semantic-release@v9
54+ uses : python-semantic-release/python-semantic-release@v10.5.3
7255 with :
7356 github_token : ${{ secrets.GITHUB_TOKEN }}
57+ git_committer_name : " github-actions"
58+ git_committer_email : " actions@users.noreply.github.com"
59+ changelog : " false"
7460
75- - name : Publish to PyPI
61+ - name : Publish | Upload to GitHub Release Assets
62+ uses : python-semantic-release/publish-action@v10.5.3
63+ if : steps.release.outputs.released == 'true'
64+ with :
65+ github_token : ${{ secrets.GITHUB_TOKEN }}
66+ tag : ${{ steps.release.outputs.tag }}
67+
68+ - name : Upload | Distribution Artifacts
69+ uses : actions/upload-artifact@v4
7670 if : steps.release.outputs.released == 'true'
71+ with :
72+ name : distribution-artifacts
73+ path : dist/
74+ if-no-files-found : error
75+
76+ outputs :
77+ released : ${{ steps.release.outputs.released || 'false' }}
78+ version : ${{ steps.release.outputs.version }}
79+
80+ publish_to_pypi :
81+ # Separate from the release job for least privilege and retry-ability:
82+ # publishing can fail independently and shouldn't require reversing the release.
83+ runs-on : ubuntu-latest
84+ needs : release
85+ if : github.ref_name == 'main' && needs.release.outputs.released == 'true'
86+
87+ permissions :
88+ contents : read
89+ id-token : write # for PyPI OIDC trusted publisher
90+
91+ steps :
92+ - name : Download Distribution Artifacts
93+ uses : actions/download-artifact@v4
94+ with :
95+ name : distribution-artifacts
96+ path : dist/
97+
98+ - name : Publish to PyPI
7799 uses : pypa/gh-action-pypi-publish@release/v1
0 commit comments