-
Notifications
You must be signed in to change notification settings - Fork 2
130 lines (110 loc) · 3.54 KB
/
Copy pathpublish.yml
File metadata and controls
130 lines (110 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Sources:
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#workflow-definition
# https://github.com/marketplace/actions/pypi-publish
name: Publish package and docs
on:
push:
branches: [ release ]
jobs:
build-and-test:
uses: ./.github/workflows/build-and-test.yml
create-tag:
name: Create Git Tag
needs: build-and-test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Create Git Tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.build-and-test.outputs.version }}
run: |
git config --global user.name 'github-actions'
git config --global user.email 'github-actions@github.com'
git tag "v${VERSION}"
git push origin "v${VERSION}"
publish-to-pypi:
name: Publish to PyPI
needs: [build-and-test, create-tag]
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/paradigma
permissions:
id-token: write # mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
github-release:
name: Sign distribution and create GitHub release
needs: [build-and-test, create-tag]
runs-on: ubuntu-latest
permissions:
contents: write # mandatory for making GitHub Releases
id-token: write # mandatory for sigstore
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: List files before signing
run: ls -lh dist/
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: List files after signing
run: ls -lh dist/
- name: Verify dist files before GitHub release
run: ls -lh dist/ && sha256sum dist/*
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
VERSION: ${{ needs.build-and-test.outputs.version }}
run: >-
gh release create
"v${VERSION}"
--repo '${{ github.repository }}'
--notes ""
- name: Verify uploaded files on GitHub release
env:
GITHUB_TOKEN: ${{ github.token }}
VERSION: ${{ needs.build-and-test.outputs.version }}
run: gh release view "v${VERSION}" --repo '${{ github.repository }}' --json assets
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
VERSION: ${{ needs.build-and-test.outputs.version }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
"v${VERSION}" dist/**
--repo '${{ github.repository }}'
publish-docs:
name: Publish documentation
needs: build-and-test
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download the documentation
uses: actions/download-artifact@v4
with:
name: docs-html
path: docs/
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: docs/