-
Notifications
You must be signed in to change notification settings - Fork 11
87 lines (76 loc) · 2.76 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Release
concurrency: release
on:
push:
tags:
- v*
permissions: {}
jobs:
build-signer:
name: Build tuf-on-ci signer
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.12'
- name: Install build dependencies
run: python3 -m pip install -c build/build-constraints.txt build
- name: Build release changelog, signer wheel & source tarball
run: |
PIP_CONSTRAINT=build/build-constraints.txt python3 -m build --sdist --wheel --outdir dist/ signer/
awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
- name: Store build artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: build-artifacts
path: |
dist
changelog
release-pypi:
name: Release Signer on PyPI
runs-on: ubuntu-latest
needs: build-signer
environment: release
permissions:
id-token: write # to authenticate as Trusted Publisher to pypi.org
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-artifacts
- name: Publish binary wheel and source tarball on PyPI
if: github.repository == 'theupdateframework/tuf-on-ci'
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
release-gh:
name: Release
runs-on: ubuntu-latest
needs: release-pypi
permissions:
contents: write # to modify GitHub releases
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-artifacts
- name: Make a GitHub release
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
fs = require('fs')
res = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
name: '${{ github.ref_name }}',
tag_name: '${{ github.ref }}',
body: fs.readFileSync('changelog', 'utf8'),
})
fs.readdirSync('dist/').forEach(file => {
github.rest.repos.uploadReleaseAsset({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: res.data.id,
name: file,
data: fs.readFileSync('dist/' + file),
});
});