publish #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| VERSION: | |
| description: "The version to release" | |
| required: true | |
| IS_PRE_RELEASE: | |
| description: "It IS a pre-release" | |
| required: true | |
| default: false | |
| type: boolean | |
| jobs: | |
| bump: # This job is used to bump the version and create a release | |
| runs-on: ubuntu-latest | |
| env: | |
| VERSION: ${{ inputs.VERSION }} | |
| GH_TOKEN: ${{ github.token }} | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: install dependencies | |
| run: | | |
| pip install --upgrade pip | |
| pip install build hatch | |
| - name: configure git with the bot credentials | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${{ secrets.BOT_SSH_KEY }}" | |
| echo "${{ secrets.BOT_SIGNING_KEY }}" > ~/.ssh/signing.key | |
| chmod 600 ~/.ssh/signing.key | |
| git config --global user.name "Merschbotmann" | |
| git config --global user.email "bot.merschformann@gmail.com" | |
| git config --global gpg.format ssh | |
| git config --global user.signingkey ~/.ssh/signing.key | |
| git clone git@github.com:merschformann/brickmos.git | |
| - name: upgrade version with hatch | |
| run: hatch version ${{ env.VERSION }} | |
| working-directory: ./brickmos | |
| - name: commit new version | |
| run: | | |
| git add brickmos/__about__.py | |
| git commit -S -m "Bump version to $VERSION" | |
| git push | |
| git tag $VERSION | |
| git push origin $VERSION | |
| working-directory: ./brickmos | |
| - name: create release | |
| run: | | |
| PRERELEASE_FLAG="" | |
| if [ ${{ inputs.IS_PRE_RELEASE }} = true ]; then | |
| PRERELEASE_FLAG="--prerelease" | |
| fi | |
| gh release create $VERSION \ | |
| --verify-tag \ | |
| --generate-notes \ | |
| --title $VERSION $PRERELEASE_FLAG | |
| working-directory: ./brickmos | |
| - name: ensure passing build | |
| run: python -m build | |
| working-directory: ./brickmos | |
| publish: # This job is used to publish the release to PyPI/TestPyPI | |
| runs-on: ubuntu-latest | |
| needs: bump | |
| strategy: | |
| matrix: | |
| include: | |
| - target-env: pypi | |
| target-url: https://pypi.org/p/brickmos | |
| - target-env: testpypi | |
| target-url: https://test.pypi.org/p/brickmos | |
| environment: | |
| name: ${{ matrix.target-env }} | |
| url: ${{ matrix.target-url }} | |
| permissions: | |
| contents: read | |
| id-token: write # This is required for trusted publishing to PyPI | |
| steps: | |
| - name: git clone main | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: install dependencies | |
| run: | | |
| pip install --upgrade pip | |
| pip install build hatch | |
| - name: build binary wheel and source tarball | |
| run: python -m build | |
| - name: Publish package distributions to PyPI | |
| if: ${{ matrix.target-env == 'pypi' }} | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: ./dist | |
| - name: Publish package distributions to TestPyPI | |
| if: ${{ matrix.target-env == 'testpypi' }} | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| packages-dir: ./dist |