diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ac254c4..f1b4356 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,12 +1,11 @@ --- -name: "🐍📦 Production build and release" +name: "🐍📦 Old Production build and release" # GitHub/PyPI trusted publisher documentation: # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ # yamllint disable-line rule:truthy on: - # workflow_dispatch: push: # Only invoked on release tag pushes branches: @@ -25,11 +24,12 @@ jobs: build: name: "🐍 Build packages" # Only publish on tag pushes - if: startsWith(github.ref, 'refs/tags/') + # if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest permissions: - # IMPORTANT: mandatory for Sigstore + contents: write id-token: write + steps: ### BUILDING ### @@ -44,10 +44,20 @@ jobs: - name: "Setup PDM for build commands" uses: pdm-project/setup-pdm@v4 + - name: "Fetch current semantic tag" + id: fetch-tags + # yamllint disable-line rule:line-length + uses: os-climate/devops-reusable-workflows/.github/actions/latest-semantic-tag@main + - name: "Update version from tags for production release" run: | - echo "Github versioning: ${{ github.ref_name }}" - scripts/release-versioning.sh + echo "Github tag/versioning: ${{ github.ref_name }}" + if (grep 'dynamic = \[\"version\"\]' pyproject.toml > /dev/null); then + echo "Proceeding build with dynamic versioning" + else + echo "Using legacy script to bump release version" + scripts/release-versioning.sh + fi - name: "Build with PDM backend" run: | @@ -56,7 +66,8 @@ jobs: ### SIGNING ### - name: "Sign packages with Sigstore" - uses: sigstore/gh-action-sigstore-python@v2 + # Use new action + uses: sigstore/gh-action-sigstore-python@v3.0.0 with: inputs: >- ./dist/*.tar.gz @@ -73,7 +84,7 @@ jobs: github: name: "📦 Publish to GitHub" # Only publish on tag pushes - if: startsWith(github.ref, 'refs/tags/') + # if: startsWith(github.ref, 'refs/tags/') needs: - build runs-on: ubuntu-latest @@ -94,20 +105,19 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} prerelease: false tag_name: ${{ github.ref_name }} - name: "Test/Development Build \ - ${{ github.ref_name }}" + name: ${{ github.ref_name }}" # body_path: ${{ github.workspace }}/CHANGELOG.rst files: | dist/*.tar.gz dist/*.whl - dist/*.sigstore + dist/*.sigstore* ### PUBLISH PYPI TEST ### testpypi: - name: "📦 Publish to PyPi Test" + name: "📦 Test publishing to PyPI" # Only publish on tag pushes - if: startsWith(github.ref, 'refs/tags/') + # if: startsWith(github.ref, 'refs/tags/') needs: - build runs-on: ubuntu-latest @@ -128,9 +138,9 @@ jobs: if [ -f dist/buildvars.txt ]; then rm dist/buildvars.txt fi - rm dist/*.sigstore + rm dist/*.sigstore* - - name: Publish distribution to Test PyPI + - name: "Test publishing to PyPI" uses: pypa/gh-action-pypi-publish@release/v1 with: repository-url: https://test.pypi.org/legacy/ @@ -141,7 +151,7 @@ jobs: pypi: name: "📦 Publish to PyPi" # Only publish on tag pushes - if: startsWith(github.ref, 'refs/tags/') + # if: startsWith(github.ref, 'refs/tags/') needs: - testpypi runs-on: ubuntu-latest @@ -162,7 +172,7 @@ jobs: if [ -f dist/buildvars.txt ]; then rm dist/buildvars.txt fi - rm dist/*.sigstore + rm dist/*.sigstore* - name: "Setup PDM for build commands" uses: pdm-project/setup-pdm@v4