-
Notifications
You must be signed in to change notification settings - Fork 10
126 lines (109 loc) · 3.35 KB
/
Copy pathrelease.yml
File metadata and controls
126 lines (109 loc) · 3.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Release
on:
push:
tags:
- "v*"
workflow_dispatch:
inputs:
publish_to_pypi:
description: "Publish built distributions to PyPI"
required: true
default: false
type: boolean
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
build:
name: Build release artifacts
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
cache-dependency-path: pyproject.toml
- name: Install packaging dependencies
run: |
python -m pip install --upgrade pip
python -m pip install build twine
- name: Build source and wheel distributions
run: python -m build
- name: Validate distribution metadata
run: twine check dist/*
- name: Verify tag matches built version
if: github.event_name == 'push'
run: |
python - <<'PY'
import re
from pathlib import Path
tag = "${{ github.ref_name }}"
expected = tag[1:] if tag.startswith("v") else tag
artifact = next(Path("dist").glob("infty-*.tar.gz"))
match = re.match(r"infty-(.+)\.tar\.gz$", artifact.name)
built_version = match.group(1) if match else None
if built_version != expected:
raise SystemExit(
f"Release tag {tag} does not match built package version {built_version}."
)
print(f"Verified release tag {tag} matches built package version {built_version}.")
PY
- name: Upload release artifacts
uses: actions/upload-artifact@v4
with:
name: release-dist
path: dist/*
publish:
name: Publish to PyPI
needs: build
if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.publish_to_pypi)
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/infty
steps:
- name: Download release artifacts
uses: actions/download-artifact@v4
with:
name: release-dist
path: dist
- name: Ensure PyPI token is configured
env:
PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
run: |
if [ -z "${PYPI_API_TOKEN}" ]; then
echo "PYPI_API_TOKEN secret is not configured for the 'pypi' environment." >&2
echo "Add your existing project-scoped PyPI token as the environment secret PYPI_API_TOKEN." >&2
exit 1
fi
- name: Publish distributions
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
github-release:
name: Create GitHub release
needs:
- build
- publish
if: github.event_name == 'push'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download release artifacts
uses: actions/download-artifact@v4
with:
name: release-dist
path: dist
- name: Publish GitHub release
uses: softprops/action-gh-release@v2
with:
files: dist/*
generate_release_notes: true