Modifie le job de déploiement dans la CI pour autoriser le trusted publishing #88
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenFisca Paris | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| openfisca-dependencies: [minimal, maximal] | |
| python-version: ["3.9.9", "3.10.6"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache build | |
| id: restore-build | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.pythonLocation }} | |
| key: build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| restore-keys: | # in case of a cache miss (systematically unless the same commit is built repeatedly), the keys below will be used to restore dependencies from previous builds, and the cache will be stored at the end of the job, making up-to-date dependencies available for all jobs of the workflow; see more at https://docs.github.com/en/actions/advanced-guides/caching-dependencies-to-speed-up-workflows#example-using-the-cache-action | |
| build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }} | |
| build-${{ env.pythonLocation }}- | |
| - name: Install test dependancies | |
| run: make install-test | |
| - name: Build package | |
| run: make build | |
| - name: Minimal version | |
| if: matrix.openfisca-dependencies == 'minimal' | |
| run: | # Installs the OpenFisca dependencies minimal version from setup.py | |
| pip install $(python ${GITHUB_WORKSPACE}/.github/get_minimal_version.py) | |
| - name: Cache release | |
| id: restore-release | |
| uses: actions/cache@v3 | |
| with: | |
| path: dist | |
| key: release-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| test-yaml: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| openfisca-dependencies: [minimal, maximal] | |
| needs: [ build ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9.9 | |
| - name: Cache build | |
| id: restore-build | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.pythonLocation }} | |
| key: build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| - name: Run YAML test | |
| run: | | |
| openfisca test tests --country-package openfisca_france --extensions openfisca_paris | |
| check-version: | |
| runs-on: ubuntu-20.04 | |
| needs: [ test-yaml ] # Last job to run | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all the tags | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9.9 | |
| - name: Check version number has been properly updated | |
| run: "${GITHUB_WORKSPACE}/.github/is-version-number-acceptable.sh" | |
| # GitHub Actions does not have a halt job option, to stop from deploying if no functional changes were found. | |
| # We build a separate job to substitute the halt option. | |
| # The `deploy` job is dependent on the output of the `check-for-functional-changes` job. | |
| check-for-functional-changes: | |
| runs-on: ubuntu-20.04 | |
| if: github.ref == 'refs/heads/master' # Only triggered for the `master` branch | |
| needs: [ check-version ] | |
| outputs: | |
| status: ${{ steps.stop-early.outputs.status }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all the tags | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9.9 | |
| - id: stop-early | |
| run: if "${GITHUB_WORKSPACE}/.github/has-functional-changes.sh" ; then echo "::set-output name=status::success" ; fi | |
| deploy: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| openfisca-dependencies: [maximal] | |
| needs: [ check-for-functional-changes ] | |
| if: needs.check-for-functional-changes.outputs.status == 'success' | |
| permissions: | |
| #id-token is mandatory for trusted publishing | |
| id-token: write | |
| #contents is mandatory for git tag publishing | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all the tags | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9.9 | |
| - name: Cache build | |
| id: restore-build | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.pythonLocation }} | |
| key: build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| - name: Cache release | |
| id: restore-release | |
| uses: actions/cache@v3 | |
| with: | |
| path: dist | |
| key: release-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| - name: Upload a Python package to PyPi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| - name: Publish a git tag | |
| run: "${GITHUB_WORKSPACE}/.github/publish-git-tag.sh" |