-
-
Notifications
You must be signed in to change notification settings - Fork 135
149 lines (143 loc) Β· 5.7 KB
/
Copy pathrelease.yaml
File metadata and controls
149 lines (143 loc) Β· 5.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: π Release
on:
workflow_dispatch:
inputs:
release:
description: "π Release (semver bump)?"
required: true
default: "no"
type: choice
options: ["no", patch, minor, major]
push:
branches: ["main"]
tags: ["[0-9]+.[0-9]+.[0-9]+"]
pull_request:
concurrency:
group: >-
${{ github.workflow }}-${{ github.ref }}${{
github.event.inputs.release && github.event.inputs.release != 'no' && '-release' || ''
}}
cancel-in-progress: ${{ github.event.inputs.release == 'no' || github.event.inputs.release == null }}
permissions:
contents: read
env:
dists-artifact-name: python-package-distributions
jobs:
build:
name: π¦ build
runs-on: ubuntu-24.04
permissions:
contents: read
pull-requests: read
outputs:
version: ${{ steps.v.outputs.version }}
changelog: ${{ steps.v.outputs.changelog }}
steps:
- name: π₯ Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: π¦ Setup uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
enable-cache: false # this workflow builds the artifact that gets published; no cache to poison
- name: π Generate changelog
id: v
if: ${{ !startsWith(github.ref, 'refs/tags/') }} # on a tag push we build to publish, no changelog needed
run: >-
uv run tasks/changelog.py "$RELEASE_TYPE" "$EVENT_NUMBER" "$BASE_SHA"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TYPE:
${{ github.event.inputs.release == 'no' || github.event.inputs.release == null && 'patch' ||
github.event.inputs.release }}
EVENT_NUMBER: ${{ github.event.number }}
BASE_SHA: ${{ github.event.pull_request.base.sha }}
- name: π·οΈ Create temporary tag for hatch-vcs
if: github.event.inputs.release != 'no' && github.event.inputs.release != null
run: git tag "$STEPS_V_OUTPUTS_VERSION"
env:
STEPS_V_OUTPUTS_VERSION: ${{ steps.v.outputs.version }}
- name: π¦ Build package
run: uv build --python 3.14 --python-preference only-managed --sdist --wheel . --out-dir dist
- name: π€ Store the distribution packages
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ${{ env.dists-artifact-name }}
path: dist/*
release:
name: π·οΈ tag
needs: [build]
if: github.event.inputs.release != 'no' && github.event.inputs.release != null && github.ref == 'refs/heads/main'
runs-on: ubuntu-24.04
# RELEASE_TOKEN is an environment-scoped secret; without selecting the environment it resolves empty and the
# checkout fails with "Input required and not supplied: token".
environment:
name: release
permissions:
contents: write
steps:
- name: π₯ Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
token: ${{ secrets.RELEASE_TOKEN }} # zizmor: ignore[artipacked]
- name: π€ Commit changelog and tag
env:
CHANGELOG: ${{ needs.build.outputs.changelog }}
VERSION: ${{ needs.build.outputs.version }}
run: |
if git ls-remote --tags origin "refs/tags/$VERSION" | grep -q .; then
echo "Tag $VERSION already exists, nothing to do"
exit 0
fi
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
header="$VERSION ($(date -u +%Y-%m-%d))"
separator=$(printf '%0.s*' $(seq 1 $((${#header} + 1))))
{
head -4 docs/changelog.rst
printf '%s\n %s\n%s\n\n' "$separator" "$header" "$separator"
printf '%s\n\n' "$CHANGELOG"
tail -n +5 docs/changelog.rst
} > docs/changelog.tmp
mv docs/changelog.tmp docs/changelog.rst
git add docs/changelog.rst
git commit -m "Release $VERSION"
git tag "$VERSION"
# Push the branch, then the tag. The tag is pushed with RELEASE_TOKEN (a PAT, not GITHUB_TOKEN), so it
# triggers this same workflow on the tag ref, where the publish job below uploads to PyPI. Publishing keys
# off the tag, not this dispatch run, so any tag β including one pushed by hand β always reaches PyPI.
git push origin main
git push origin "$VERSION"
publish:
name: π publish
needs: [build]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-24.04
environment:
name: release
url: https://pypi.org/project/filelock/${{ github.ref_name }}
permissions:
id-token: write
contents: write
steps:
- name: β¬οΈ Download all the dists
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: ${{ env.dists-artifact-name }}
path: dist/
- name: π Publish to PyPI
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
skip-existing: true
- name: π’ Create GitHub release
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
VERSION: ${{ github.ref_name }}
run: |
if gh release view "$VERSION" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then
echo "Release $VERSION already exists, skipping"
else
gh release create "$VERSION" --repo "$GITHUB_REPOSITORY" --title="$VERSION" --verify-tag --generate-notes
fi