CI: add automatic publication to pypi.org and test.pypi.org

We want to reduce the potential for human error in our publication process and also streamline the process for everyone with the permission to create tags in the repository. The CI job runs for new commits pushed to the master branch and newly pushed tags, as long as the PUBLISH_PYPI GitHub Action variable is set to "true". This is to prevent CI runs on forked repository from failing because they are not allowed to publish on pypi.org and test.pypi.org. A fork that wants to use the publish logic just has to set the PUBLISH_PYPI variable for their repository. The job does not check out the git repository (hence why it does not use the existing publication logic in the Makefile) and instead downloads the artifacts generated by the build job. All builds are uploaded to test.pypi.org (so they can be tested via pip install) and tagged releases are uploaded to pypi.org as well. Also remove the upload helpers from the Makefile to make it clear that they are replaced by the automated process. Signed-off-by: Leonard Göhrs <[email protected]>
linux-automation · May 6, 2024 · f277969 · f277969
1 parent f6e7c68
commit f277969
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 45 deletions.
diff --git a/.github/workflows/check-and-build.yaml b/.github/workflows/check-and-build.yaml
diff --git a/.github/workflows/check-and-publish.yaml b/.github/workflows/check-and-publish.yaml
@@ -0,0 +1,64 @@
+name: Check and Publish
+
+on: [push, pull_request]
+
+jobs:
+  codespell:
+    name: Codespell
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: make qa-codespell
+
+  pytest:
+    name: Python Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: make qa-pytest
+
+  ruff:
+    name: Python Format and Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: make qa-ruff
+
+  build:
+    name: Python Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # include tags and full history for setuptools_scm
+          fetch-depth: 0
+      - run: make build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+  publish:
+    name: Publish
+    if: ${{ github.event_name == 'push' && vars.PUBLISH_PYPI == 'true' && (startsWith(github.ref, 'refs/tags') || github.ref == 'refs/heads/master') }}
+    runs-on: ubuntu-latest
+    needs:
+      - codespell
+      - pytest
+      - ruff
+      - build
+    permissions:
+      id-token: write
+    steps:
+      - name: Download artifacts from build stage
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - name: Publish distribution package to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+      - name: Publish distribution package to PyPI
+        if: ${{ startsWith(github.ref, 'refs/tags') }}
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/Makefile b/Makefile
@@ -12,10 +12,10 @@ $(PYTHON_PACKAGING_VENV)/.created:
 	$(PYTHON) -m venv $(PYTHON_PACKAGING_VENV) && \
 	. $(PYTHON_PACKAGING_VENV)/bin/activate && \
 	$(PYTHON) -m pip install --upgrade pip && \
-	$(PYTHON) -m pip install build twine
+	$(PYTHON) -m pip install build
 	date > $(PYTHON_PACKAGING_VENV)/.created
 
-.PHONY: packaging-env build _release
+.PHONY: packaging-env build
 
 packaging-env: $(PYTHON_PACKAGING_VENV)/.created
 
@@ -24,10 +24,6 @@ build: packaging-env
 	rm -rf dist *.egg-info && \
 	$(PYTHON) -m build
 
-_release: build
-	. $(PYTHON_PACKAGING_VENV)/bin/activate && \
-	$(PYTHON) -m twine upload dist/*
-
 # helper ######################################################################
 .PHONY: clean envs