Skip to content
Release Workflow

Prod Release for pantos-io/client-library - 3.1.2 #16

Sign in to view logs

Prod Release for pantos-io/client-library - 3.1.2

Prod Release for pantos-io/client-library - 3.1.2 #16

Workflow file for this run

.github/workflows/release.yaml at 49abcb6
name: Release Workflow
run-name: ${{ (github.event.release.prerelease && 'Beta') || 'Prod'}} Release for ${{ github.repository }} - ${{ github.event.release.tag_name }}
on:
release:
# Triggered on Pre-Releases and Releases
types: [released, prereleased]
# Only allow one release at the time
concurrency:
group: deploy-${{ github.repository }}-release-${{ github.event.release.prerelease }}
jobs:
define-environment:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.get-environment.outputs.version }}
steps:
- uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: audit
- name: Configure Environment
id: get-environment
run: |
wget -O /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/master/src/semver
chmod +x /usr/local/bin/semver
if [[ $(semver validate ${{ github.event.release.tag_name }}) == "invalid" ]]; then
echo "::error title=Invalid Release::Release must be tagged with a valid SemVer version"
exit 1
fi
echo "version=$(semver get release ${{ github.event.release.tag_name }})" >> $GITHUB_OUTPUT
build:
name: Build Package
needs: define-environment
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: audit
- uses: actions/checkout@v4
- uses: pantos-io/ci-workflows/.github/actions/install-poetry@v1
- name: Build package
run: |
make check-version VERSION=${{ needs.define-environment.outputs.version }}
make build
- name: Freeze dependencies
run: |
poetry self add poetry-plugin-freeze
poetry freeze-wheel
# Copy the file "METADATA" from the wheel to "PKG-INFO" in the sdist
# Unzip wheel and sdist
mkdir tmp
cp dist/*.whl tmp/wheel.zip
unzip tmp/wheel.zip -d tmp/wheel/
# Untar sdist
mkdir tmp/sdist
tar -xzf dist/*.tar.gz -C tmp/sdist/
# Copy the file
cp tmp/wheel/*.dist-info/METADATA tmp/sdist/*/PKG-INFO
# Tar the sdist again
cd tmp/sdist/*
tar -czf ../../../dist/$(basename ../../../dist/*.tar.gz) *
cd ../../..
# Remove the temporary directories
rm -rf tmp
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: build
path: dist
publish-pypi:
name: Publish to PyPi
needs: [define-environment, build]
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/project/pantos-${{ github.repository }}/${{ needs.define-environment.outputs.version }}
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: audit
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: build
path: dist
- name: Publish package distributions to PyPi
uses: pypa/gh-action-pypi-publish@release/v1
with:
print-hash: true
repository-url: 'https://upload.pypi.org/legacy/'
add-assets:
name: Add Assets to the ${{ github.event.release.tag_name }} Release
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: audit
- uses: actions/download-artifact@v4
with:
name: build
path: dist
- name: List directory
run: |
mkdir -p release
cp dist/*.whl release/
- uses: sigstore/[email protected]
with:
inputs: release/*
release-signing-artifacts: true