New publish workflows (#109)

* Add new version workflows

* Use PYPI_TOKEN as secret

.github/actions/setup/action.yml

@@ -0,0 +1,60 @@
+---
+name: Setup
+description: Setup Python and install dependencies.
+
+inputs:
+  python_version:
+    description: The Python version.
+    required: false
+    default: '3.11'
+  poetry_version:
+    description: The Poetry version.
+    required: false
+    default: '1.5.1'
+  install_dependencies:
+    description: Install dependencies.
+    required: false
+    default: 'true'
+
+runs:
+  using: composite
+  steps:
+    - name: Setup Poetry cache on Linux
+      uses: actions/cache@v3
+      if: runner.os == 'Linux'
+      with:
+        key: poetry-${{ inputs.poetry_version }}-${{ inputs.python_version }}-${{ runner.os }}-${{ runner.arch }}
+        path: |
+          ~/.local/bin
+          ~/.local/share/pypoetry
+    - name: Setup Poetry cache on macOS
+      uses: actions/cache@v3
+      if: runner.os == 'macOS'
+      with:
+        key: poetry-${{ inputs.poetry_version }}-${{ inputs.python_version }}-${{ runner.os }}-${{ runner.arch }}
+        path: |
+          ~/.local/bin
+          ~/.local/share/pypoetry
+          ~/Library/Application Support/pypoetry
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ inputs.python_version }}
+    - name: Setup Poetry
+      uses: Gr1N/setup-poetry@v8
+      with:
+        poetry-version: ${{ inputs.poetry_version }}
+    - name: Setup Python with cache
+      uses: actions/setup-python@v4
+      if: inputs.install_dependencies == 'true'
+      with:
+        cache: poetry
+        python-version: ${{ inputs.python_version }}
+    - name: Check lockfile
+      if: inputs.install_dependencies == 'true'
+      shell: bash
+      run: poetry lock --check
+    - name: Install dependencies
+      if: inputs.install_dependencies == 'true'
+      shell: bash
+      run: poetry install --sync

.github/workflows/_build.yml

@@ -0,0 +1,41 @@
+---
+name: _build
+
+on:
+  workflow_call:
+    inputs:
+      python_version:
+        description: The Python version.
+        type: string
+        required: false
+        default: '3.11'
+      runs_on:
+        description: The runner environment.
+        type: string
+        required: false
+        default: ubuntu-latest
+    outputs:
+      artifact_name:
+        description: The artifact name.
+        value: build-${{ github.sha }}
+
+jobs:
+  build:
+    name: Package
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          python_version: ${{ inputs.python_version }}
+      - name: Build
+        run: make build
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-${{ github.sha }}
+          if-no-files-found: error
+          path: dist/

.github/workflows/_publish.yml

@@ -0,0 +1,37 @@
+---
+name: _publish
+
+on:
+  workflow_call:
+    inputs:
+      artifact_name:
+        description: The artifact name.
+        type: string
+        required: true
+    secrets:
+      registry_token:
+        description: The package registry token.
+        required: true
+
+jobs:
+  publish:
+    name: Publish package
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          install_dependencies: 'false'
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: dist/
+      - name: Publish
+        run: poetry publish --skip-existing -u $USERNAME -p $PASSWORD
+        env:
+          USERNAME: __token__
+          PASSWORD: ${{ secrets.registry_token }}

.github/workflows/publish.yml

@@ -0,0 +1,42 @@
+---
+name: Publish
+
+run-name: Publish ${{ github.ref_name }}
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build:
+    name: Build
+    uses: ./.github/workflows/_build.yml
+  release:
+    name: GitHub Releases
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    needs: build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ needs.build.outputs.artifact_name }}
+          path: dist/
+      - name: Create GitHub release
+        uses: softprops/action-gh-release@v1
+        with:
+          token: ${{ secrets.GH_TOKEN }}
+          fail_on_unmatched_files: true
+          prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
+          files: dist/*
+  pypi:
+    name: PyPI
+    uses: ./.github/workflows/_publish.yml
+    needs: build
+    with:
+      artifact_name: ${{ needs.build.outputs.artifact_name }}
+    secrets:
+      registry_token: ${{ secrets.PYPI_TOKEN }}

.github/workflows/version.yml

@@ -0,0 +1,37 @@
+---
+name: Version
+
+run-name: Cut ${{ github.event.inputs.version }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version to cut
+        required: true
+
+jobs:
+  tag:
+    name: Tag
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GH_TOKEN }}
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_committer_name: ${{ secrets.GIT_USER_NAME }}
+          git_committer_email: ${{ secrets.GIT_USER_EMAIL }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: Setup
+        uses: ./.github/actions/setup
+      - name: Cut ${{ github.event.inputs.version }} version
+        run: |
+          poetry version "${{ github.event.inputs.version }}"
+          make version

Makefile

@@ -0,0 +1,13 @@
+all: build
+
+build:
+	@rm -rf dist
+	@poetry build
+
+version:
+	@git add pyproject.toml
+	@git commit -m "$$(poetry version -s)"
+	@git tag --sign "v$$(poetry version -s)" -m "$(poetry version -s)"
+	@git push --follow-tags
+
+.PHONY: build version