Skip to content

ci: add reusable workflows #7

ci: add reusable workflows

ci: add reusable workflows #7

Workflow file for this run

name: "Release: Publish"
run-name: "Release: ${{ github.event.head_commit.message }}"
on:
push:
branches:
- mainline
paths:
- CHANGELOG.md
concurrency:
group: release
jobs:
Publish:
name: Publish Release
permissions:
id-token: write
contents: read
<<<<<<< Updated upstream

Check failure on line 20 in .github/workflows/release_publish.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release_publish.yml

Invalid workflow file

You have an error in your yaml syntax on line 20
env:
CODEARTIFACT_REGION: "us-west-2"
CODEARTIFACT_DOMAIN: ${{ secrets.CODEARTIFACT_DOMAIN }}
CODEARTIFACT_ACCOUNT_ID: ${{ secrets.CODEARTIFACT_ACCOUNT_ID }}
CODEARTIFACT_REPOSITORY: ${{ secrets.CODEARTIFACT_REPOSITORY }}
CUSTOMER_DOMAIN: ${{ secrets.CUSTOMER_DOMAIN }}
CUSTOMER_REPOSITORY: ${{ secrets.CUSTOMER_REPOSITORY }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: release
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Install dependencies
run: |
pip install --upgrade hatch
pip install --upgrade twine
- name: Build
run: hatch build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_CODEARTIFACT_ROLE }}
aws-region: us-west-2
mask-aws-account-id: true
- name: Publish to Repository
run: |
export TWINE_USERNAME=aws
export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain ${{ secrets.CODEARTIFACT_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --query authorizationToken --output text`
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain ${{ secrets.CODEARTIFACT_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --repository ${{ secrets.CODEARTIFACT_REPOSITORY }} --format pypi --query repositoryEndpoint --output text`
twine upload dist/*
- name: Publish to Customer Repository
run: |
export TWINE_USERNAME=aws
export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain ${{ secrets.CUSTOMER_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --query authorizationToken --output text`
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain ${{ secrets.CUSTOMER_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --repository ${{ secrets.CUSTOMER_REPOSITORY }} --format pypi --query repositoryEndpoint --output text`
twine upload dist/*
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
PublishToInternal:
needs: Release
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_CODEBUILD_RELEASE_PUBLISH_ROLE }}
aws-region: us-west-2
mask-aws-account-id: true
- name: Run CodeBuild
uses: aws-actions/aws-codebuild-run-build@v1
with:
project-name: ${{ github.event.repository.name }}-release-Publish
hide-cloudwatch-logs: true
=======
uses: OpenJobDescription/.github/.github/workflows/reusable_publish.yml@mainline
secrets: inherit
>>>>>>> Stashed changes