-
Notifications
You must be signed in to change notification settings - Fork 11
87 lines (76 loc) · 2.76 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Release
concurrency: release
on:
push:
tags:
- v*
permissions: {}
jobs:
build-signer:
name: Build tuf-on-ci signer
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: '3.12'
- name: Install build dependencies
run: python3 -m pip install -c build/build-constraints.txt build
- name: Build release changelog, signer wheel & source tarball
run: |
PIP_CONSTRAINT=build/build-constraints.txt python3 -m build --sdist --wheel --outdir dist/ signer/
awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
- name: Store build artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: build-artifacts
path: |
dist
changelog
release-pypi:
name: Release Signer on PyPI
runs-on: ubuntu-latest
needs: build-signer
environment: release
permissions:
id-token: write # to authenticate as Trusted Publisher to pypi.org
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: build-artifacts
- name: Publish binary wheel and source tarball on PyPI
if: github.repository == 'theupdateframework/tuf-on-ci'
uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
release-gh:
name: Release
runs-on: ubuntu-latest
needs: release-pypi
permissions:
contents: write # to modify GitHub releases
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: build-artifacts
- name: Make a GitHub release
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
fs = require('fs')
res = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
name: '${{ github.ref_name }}',
tag_name: '${{ github.ref }}',
body: fs.readFileSync('changelog', 'utf8'),
})
fs.readdirSync('dist/').forEach(file => {
github.rest.repos.uploadReleaseAsset({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: res.data.id,
name: file,
data: fs.readFileSync('dist/' + file),
});
});