Merge pull request #2806 from jku/prep-v6 #29

Workflow file for this run

	name: CD
	concurrency: cd

	on:
	push:
	tags:
	- v*

	permissions: {}

	jobs:
	test:
	uses: ./.github/workflows/_test.yml

	build:
	name: Build
	runs-on: ubuntu-latest
	needs: test
	steps:
	- name: Checkout release tag
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	ref: ${{ github.event.workflow_run.head_branch }}

	- name: Set up Python
	uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
	with:
	python-version: '3.x'

	- name: Install build dependency
	run: python3 -m pip install --constraint requirements/build.txt build

	- name: Build binary wheel, source tarball and changelog
	run: \|
	python3 -m build --sdist --wheel --outdir dist/ .
	awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog

	- name: Store build artifacts
	uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
	with:
	name: build-artifacts
	path: \|
	dist
	changelog

	candidate_release:
	name: Release candidate on Github for review
	runs-on: ubuntu-latest
	needs: build
	permissions:
	contents: write # to modify GitHub releases
	outputs:
	release_id: ${{ steps.gh-release.outputs.result }}
	steps:
	- name: Fetch build artifacts
	uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
	with:
	name: build-artifacts

	- id: gh-release
	name: Publish GitHub release draft
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
	with:
	script: \|
	fs = require('fs')
	res = await github.rest.repos.createRelease({
	owner: context.repo.owner,
	repo: context.repo.repo,
	name: process.env.REF_NAME + '-rc',
	tag_name: process.env.REF,
	body: fs.readFileSync('changelog', 'utf8'),
	});

	fs.readdirSync('dist/').forEach(file => {
	github.rest.repos.uploadReleaseAsset({
	owner: context.repo.owner,
	repo: context.repo.repo,
	release_id: res.data.id,
	name: file,
	data: fs.readFileSync('dist/' + file),
	});
	});
	return res.data.id
	env:
	REF_NAME: ${{ github.ref_name }}
	REF: ${{ github.ref }}

	release:
	name: Release
	runs-on: ubuntu-latest
	needs: candidate_release
	environment: release
	permissions:
	contents: write # to modify GitHub releases
	id-token: write # to authenticate as Trusted Publisher to pypi.org
	steps:
	- name: Fetch build artifacts
	uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
	with:
	name: build-artifacts

	- name: Publish binary wheel and source tarball on PyPI
	# Only attempt pypi upload in upstream repository
	if: github.repository == 'theupdateframework/python-tuf'
	uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4

	- name: Finalize GitHub release
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
	with:
	script: \|
	github.rest.repos.updateRelease({
	owner: context.repo.owner,
	repo: context.repo.repo,
	release_id: process.env.RELEASE_ID,
	name: process.env.REF_NAME,
	})

	env:
	REF_NAME: ${{ github.ref_name }}
	RELEASE_ID: ${{ needs.candidate_release.outputs.release_id }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #2806 from jku/prep-v6 #29

Workflow file

Merge pull request #2806 from jku/prep-v6 #29

Uh oh!

Workflow file for this run