Skip to content

chore: Refer to renamed secrets in build.yml (#56) #55

chore: Refer to renamed secrets in build.yml (#56)

chore: Refer to renamed secrets in build.yml (#56) #55

Workflow file for this run

# Release workflow
# - When there is a push to 'main', it detects if the local version has changed and is higher than the remote (PyPI) version.
# - Generates a new nada-dsl release, signes it and pushes it to PyPI when a PR is merged that updates the version number in pyproject.toml.
# - Generates a new nada-dsl Github release
name: Create a new release
on:
push:
branches: ["main"]
workflow_dispatch:
permissions:
contents: read
jobs:
checkversion:
runs-on: ubuntu-latest
outputs:
local_version_is_higher: ${{ steps.versioncheck.outputs.local_version_is_higher }}
local_version: ${{ steps.versioncheck.outputs.local_version }}
remote_version: ${{ steps.versioncheck.outputs.public_version }}
local_nada_mir_version_is_higher: ${{ steps.versioncheck_nada_mir.outputs.local_version_is_higher }}
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "0.4.24"
- name: Install dependencies
run: uv sync --all-extras --dev
- name: Check pypi versions
id: versioncheck
run: >-
python scripts/version_checker.py "./pyproject.toml"
- name: Check pypi versions
id: versioncheck_nada_mir
run: >-
python scripts/version_checker.py "nada_mir/pyproject.toml"
- name: check output
run: |
echo "Output: ${{ steps.versioncheck.outputs.local_version_is_higher }}" # 'true' or 'false
echo "Local version: ${{ steps.versioncheck.outputs.local_version }}" # e.g., 0.1.1
echo "Public version: ${{ steps.versioncheck.outputs.public_version }}" # e.g., 0.1.0
echo "nada_mir Output: ${{ steps.versioncheck_nada_mir.outputs.local_version_is_higher }}" # 'true' or 'false"
# Build distribution files
build-distribution:
needs: checkversion
if: needs.checkversion.outputs.local_version_is_higher == 'true'
name: Build distribution 📦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "^3.10"
- name: Install pypa/build
run: >-
python3 -m
pip install
build
--user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
build-nada-mir-distribution:
needs: checkversion
if: needs.checkversion.outputs.local_nada_mir_version_is_higher == 'true'
name: Build distribution 📦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "^3.10"
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "0.4.24"
- name: Build package
run: >-
uv build --package nada-mir-proto -o nada_mir/dist
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: nada-mir-python-package-distributions
path: nada_mir/dist/
# Generates a Github release with the version taken from the one in pyproject.toml
github-release:
needs: [checkversion, build-distribution]
if: needs.checkversion.outputs.local_version_is_higher == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Print release message
run: |
echo "Creating release: ${{ needs.checkversion.outputs.local_version }}"
- name: Checkout code
uses: actions/checkout@v4
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create Release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
run: |
gh release create v${{ needs.checkversion.outputs.local_version }} --generate-notes
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'v${{ needs.checkversion.outputs.local_version }}' dist/**
# Publishes released artifact to PyPI
publish-to-pypi:
needs: [checkversion, build-distribution]
if: needs.checkversion.outputs.local_version_is_higher == 'true'
name: >-
Publish Python 🐍 distribution 📦 to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/nada-dsl/
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
# Publishes using trusted publishers
uses: pypa/gh-action-pypi-publish@release/v1
publish-to-pypi-nada-mir:
needs: [checkversion, build-distribution]
if: needs.checkversion.outputs.local_nada_mir_version_is_higher == 'true'
name: >-
Publish nada-mir-proto Python 🐍 distribution 📦 to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/nada-mir-proto/
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: nada-mir-python-package-distributions
path: nada_mir/dist/
- name: Publish distribution 📦 to PyPI
# Publishes using trusted publishers
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages-dir: nada_mir/dist/