Move things out of root #1653
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Python π distribution π¦ to PyPI or TestPyPI | |
on: | |
release: | |
types: [published] # Only publish to pip when we formally publish a release | |
# For more on how to formally release on Github, read https://help.github.com/en/articles/creating-releases | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
jobs: | |
build-distribution: | |
name: Build distribution π¦ | |
strategy: | |
matrix: | |
include: | |
- python-version: "3.11" | |
poetry-version: "1.7.1" | |
os: ubuntu-latest | |
poetry-install-extra-args: "--compile" | |
runs-on: ${{ matrix.os }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ matrix.python-version }}-${{ matrix.poetry-version }}-${{ matrix.os }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: abatilo/actions-poetry@v3 | |
with: | |
poetry-version: ${{ matrix.poetry-version }} | |
- name: Setup a local virtual environment | |
run: | | |
poetry config virtualenvs.create true --local | |
poetry config virtualenvs.in-project true --local | |
- uses: actions/cache@v4 | |
name: Define a cache for the virtual environment based | |
with: | |
path: ./.venv | |
key: venv-${{ hashFiles('poetry.lock') }}-${{ matrix.python-version }}-${{ matrix.poetry-version }}-${{ matrix.os }} | |
- name: Install the project dependencies | |
run: poetry install ${{ matrix.poetry-install-extra-args }} | |
- name: Bump package version with local extension | |
run: poetry version "$(poetry version -s).dev$(date +%s)" | |
if: ${{ ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) }} | |
- name: Build a binary wheel and a source tarball | |
run: poetry build | |
- name: Store the distribution packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
publish-to-pypi: | |
name: >- | |
PiPI: Publish Python π distribution π¦ | |
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes | |
needs: | |
- build-distribution | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/gbmi | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Publish distribution π¦ to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
publish-to-testpypi: | |
name: >- | |
TestPyPI: Publish Python π distribution π¦ | |
if: ${{ ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) }} # only publish to TestPyPI on non-tag pushes | |
needs: | |
- build-distribution | |
runs-on: ubuntu-latest | |
environment: | |
name: testpypi | |
url: https://test.pypi.org/p/gbmi | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Publish distribution π¦ to TestPyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
check-publish: | |
runs-on: ubuntu-latest | |
needs: | |
- publish-to-testpypi | |
if: ${{ always() && ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) }} | |
steps: | |
- run: echo 'The triggering workflow (publish-to-testpypi) passed' | |
if: ${{ needs.publish-to-testpypi.result == 'success' }} | |
- run: echo 'The triggering workflow (publish-to-testpypi) failed' && false | |
if: ${{ needs.publish-to-testpypi.result != 'success' }} | |
github-release: | |
name: >- | |
Sign the Python π distribution π¦ with Sigstore | |
and upload them to GitHub Release | |
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes | |
needs: | |
- publish-to-pypi | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # IMPORTANT: mandatory for making GitHub Releases | |
id-token: write # IMPORTANT: mandatory for sigstore | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- run: find dist | |
- run: ls -la dist | |
- name: Sign the dists with Sigstore | |
uses: sigstore/[email protected] | |
with: | |
inputs: >- | |
./dist/* | |
- name: Upload artifact signatures to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Upload to GitHub Release using the `gh` CLI. | |
# `dist/` contains the built packages, and the | |
# sigstore-produced signatures and certificates. | |
run: >- | |
gh release upload | |
'${{ github.ref_name }}' dist/** | |
--repo '${{ github.repository }}' | |
bump-package-version: | |
name: Bump package version | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Bump Package version | |
id: bumpPackageViaPush | |
run: | | |
poetry version patch # bump version | |
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" | |
git config http.sslVerify false | |
git config user.name "Automated Publisher" | |
git config user.email "[email protected]" | |
git remote add publisher "${remote_repo}" | |
git remote update | |
git show-ref # useful for debugging | |
git branch --verbose | |
git checkout -b temp | |
git branch -D main || true | |
git checkout -b main publisher/main | |
git add pyproject.toml | |
timestamp=$(date -u) | |
git commit -m "Automated Package Version Bump: ${timestamp} ${GITHUB_SHA}" | |
git push publisher main | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
if: always() | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
title: 'Package Version Bump' | |
body: > | |
This PR is auto-generated by | |
[create-pull-request](https://github.com/peter-evans/create-pull-request). | |
labels: automated pr | |
if: failure() && steps.bumpPackageViaPush.outcome == 'failure' |