Fix variable #70
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish package | |
| # based on https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| - "!latest" | |
| jobs: | |
| test-and-build: | |
| uses: ./.github/workflows/test.yml | |
| check_version: | |
| name: Check version | |
| if: startsWith(github.ref, 'refs/tags/') # only publish on tag pushes | |
| needs: test-and-build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.13' | |
| - name: Read version from pyproject.toml | |
| run: echo VERSION=$(python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])") >> "$GITHUB_ENV" | |
| - run: echo $GITHUB_REF_NAME | |
| - run: echo $VERSION | |
| - name: Check that version and tag are identical | |
| run: test $GITHUB_REF_NAME = $VERSION | |
| check_changelog: | |
| name: Check changelog is up-to-date | |
| needs: check_version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check that changes/ is empty | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Count every *.md file except README.md in changes/ | |
| count=$(find changes -type f -name '*.md' ! -name 'README.md' | wc -l) | |
| if [ "$count" -ne 0 ]; then | |
| echo "::error::There are still $count news fragment(s) in 'changes/'." | |
| echo "Run 'towncrier build' and commit the updated CHANGELOG.md." | |
| exit 1 | |
| fi | |
| echo "No news fragments left in changes/" | |
| - name: Check CHANGELOG.md heading | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Extract the first level 2 heading | |
| first_h2=$(grep -o -m1 -E "^## \[blaupause .*\]" CHANGELOG.md || true) | |
| if [ -z "$first_h2" ]; then | |
| echo "::error::No level-2 (##) heading found in CHANGELOG.md." | |
| exit 1 | |
| fi | |
| echo "First heading in CHANGELOG.md: '$first_h2'" | |
| expected="## [blaupause $GITHUB_REF_NAME]" | |
| if [ "$first_h2" != "$expected" ]; then | |
| echo "::error::First heading must be '$expected'" | |
| exit 1 | |
| fi | |
| echo "✔ CHANGELOG heading matches the pushed tag ($GITHUB_REF_NAME)" | |
| publish-to-pypi: | |
| name: Publish to PyPI | |
| if: startsWith(github.ref, 'refs/tags/') # only publish on tag pushes | |
| needs: | |
| - check_changelog | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/blaupause | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download all the dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| github-release: | |
| name: GitHub Release | |
| needs: | |
| - publish-to-pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: Download all the dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| - name: Sign the dists with Sigstore | |
| uses: sigstore/gh-action-sigstore-python@v3.0.0 | |
| with: | |
| inputs: >- | |
| ./dist/*.tar.gz | |
| ./dist/*.whl | |
| - name: Create GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: >- | |
| gh release create | |
| "$GITHUB_REF_NAME" | |
| --repo "$GITHUB_REPOSITORY" | |
| --notes "" | |
| - name: Upload artifact signatures to GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # Upload to GitHub Release using the `gh` CLI. | |
| # `dist/` contains the built packages, and the | |
| # sigstore-produced signatures and certificates. | |
| run: >- | |
| gh release upload | |
| "$GITHUB_REF_NAME" dist/** | |
| --repo "$GITHUB_REPOSITORY" | |
| latest-tag: | |
| needs: | |
| - publish-to-pypi | |
| name: Update latest tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Run latest-tag | |
| uses: EndBug/latest-tag@latest |