os-climate · ModeSevenIndustrialSolutions · Jul 19, 2024 · Jul 19, 2024
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,12 +1,11 @@
 ---
-name: "🐍📦 Production build and release"
+name: "🐍📦 Old Production build and release"
 
 # GitHub/PyPI trusted publisher documentation:
 # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
 
 # yamllint disable-line rule:truthy
 on:
-  # workflow_dispatch:
   push:
     # Only invoked on release tag pushes
     branches:
@@ -25,11 +24,12 @@ jobs:
   build:
     name: "🐍 Build packages"
     # Only publish on tag pushes
-    if: startsWith(github.ref, 'refs/tags/')
+    # if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     permissions:
-      # IMPORTANT: mandatory for Sigstore
+      contents: write
       id-token: write
+
     steps:
       ### BUILDING ###
 
@@ -44,10 +44,20 @@ jobs:
       - name: "Setup PDM for build commands"
         uses: pdm-project/setup-pdm@v4
 
+      - name: "Fetch current semantic tag"
+        id: fetch-tags
+        # yamllint disable-line rule:line-length
+        uses: os-climate/devops-reusable-workflows/.github/actions/latest-semantic-tag@main
+
       - name: "Update version from tags for production release"
         run: |
-          echo "Github versioning: ${{ github.ref_name }}"
-          scripts/release-versioning.sh
+          echo "Github tag/versioning: ${{ github.ref_name }}"
+          if (grep 'dynamic = \[\"version\"\]' pyproject.toml > /dev/null); then
+            echo "Proceeding build with dynamic versioning"
+          else
+            echo "Using legacy script to bump release version"
+            scripts/release-versioning.sh
+          fi
 
       - name: "Build with PDM backend"
         run: |
@@ -56,7 +66,8 @@ jobs:
       ### SIGNING ###
 
       - name: "Sign packages with Sigstore"
-        uses: sigstore/gh-action-sigstore-python@v2
+        # Use new action
+        uses: sigstore/[email protected]
         with:
           inputs: >-
             ./dist/*.tar.gz
@@ -73,7 +84,7 @@ jobs:
   github:
     name: "📦 Publish to GitHub"
     # Only publish on tag pushes
-    if: startsWith(github.ref, 'refs/tags/')
+    # if: startsWith(github.ref, 'refs/tags/')
     needs:
       - build
     runs-on: ubuntu-latest
@@ -94,20 +105,19 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           prerelease: false
           tag_name: ${{ github.ref_name }}
-          name: "Test/Development Build \
-            ${{ github.ref_name }}"
+          name: ${{ github.ref_name }}"
           # body_path: ${{ github.workspace }}/CHANGELOG.rst
           files: |
             dist/*.tar.gz
             dist/*.whl
-            dist/*.sigstore
+            dist/*.sigstore*
 
   ### PUBLISH PYPI TEST ###
 
   testpypi:
-    name: "📦 Publish to PyPi Test"
+    name: "📦 Test publishing to PyPI"
     # Only publish on tag pushes
-    if: startsWith(github.ref, 'refs/tags/')
+    # if: startsWith(github.ref, 'refs/tags/')
     needs:
       - build
     runs-on: ubuntu-latest
@@ -128,9 +138,9 @@ jobs:
           if [ -f dist/buildvars.txt ]; then
             rm dist/buildvars.txt
           fi
-          rm dist/*.sigstore
+          rm dist/*.sigstore*
 
-      - name: Publish distribution to Test PyPI
+      - name: "Test publishing to PyPI"
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
           repository-url: https://test.pypi.org/legacy/
@@ -141,7 +151,7 @@ jobs:
   pypi:
     name: "📦 Publish to PyPi"
     # Only publish on tag pushes
-    if: startsWith(github.ref, 'refs/tags/')
+    # if: startsWith(github.ref, 'refs/tags/')
     needs:
       - testpypi
     runs-on: ubuntu-latest
@@ -162,7 +172,7 @@ jobs:
           if [ -f dist/buildvars.txt ]; then
             rm dist/buildvars.txt
           fi
-          rm dist/*.sigstore
+          rm dist/*.sigstore*
 
       - name: "Setup PDM for build commands"
         uses: pdm-project/setup-pdm@v4