-
Notifications
You must be signed in to change notification settings - Fork 5
251 lines (222 loc) · 8.27 KB
/
_package-publish.yml
File metadata and controls
251 lines (222 loc) · 8.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
name: "> Publish Package"
on:
workflow_call:
inputs:
commit_message:
description: 'Commit message to check for skip markers'
required: false
type: string
secrets:
UV_PUBLISH_TOKEN:
required: true
SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT:
required: true
SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT:
required: true
SENTRY_AUTH_TOKEN:
required: true
env:
# https://gist.github.com/NodeJSmith/e7e37f2d3f162456869f015f842bcf15
PYTHONIOENCODING: "utf8"
jobs:
build_native:
runs-on: ${{ matrix.runner }}
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
matrix:
runner: [ubuntu-latest]
experimental: [false]
include:
- runner: ubuntu-24.04-arm
experimental: false
- runner: macos-latest
experimental: false
- runner: macos-15-intel
experimental: false
- runner: windows-latest
experimental: false
permissions:
attestations: write
contents: read
id-token: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Install uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
with:
version-file: "pyproject.toml"
enable-cache: true
cache-dependency-glob: uv.lock
- name: Install Python, venv and dependencies
shell: bash
run: uv sync --all-extras --frozen --link-mode=copy
- name: Validate installation
shell: bash
run: |
OUTPUT=$(uv run --all-extras --no-dev aignostics --help)
if [[ "$OUTPUT" != *"built with love in Berlin"* ]]; then
echo "Output does not contain 'built with love in Berlin'"
exit 1
fi
- name: Install upx for native Windows version
if: ${{ matrix.runner == 'windows-latest' || matrix.runner == 'windows-11-arm' }}
shell: bash
run: |
choco install upx --no-progress
- name: Build native distribution into dist_native/
shell: bash
run: make dist_native
- name: Upload dist_native artifacts
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
if: ${{ always() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
with:
name: dist_native-${{ matrix.runner }}
path: dist_native/aignostics.7z
retention-days: 1
package_publish:
runs-on: ubuntu-latest
needs: build_native
permissions:
contents: write
packages: read
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Install uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
with:
version-file: "pyproject.toml"
cache-dependency-glob: uv.lock
enable-cache: true
- name: Install dev tools
shell: bash
run: .github/workflows/_install_dev_tools.bash
- name: Download native distribution artifacts
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
pattern: dist_native-*
path: dist_native_all/
merge-multiple: false
- name: Create zip archives for native executables
shell: bash
run: |
VERSION=$(cat VERSION | tr -d '\n')
mkdir -p dist_native_zipped/
cd dist_native_all/
for dir in */; do
if [ -d "$dir" ]; then
platform_name=${dir%/}
echo "Processing platform: $platform_name"
cd "$dir"
if [ -f "aignostics.7z" ]; then
echo "Extracting aignostics.7z for $platform_name"
7z x aignostics.7z -o"extracted/"
cd extracted/
zip -ryX "../../../dist_native_zipped/aignostics-$VERSION-$platform_name.zip" .
cd ..
else
echo "Warning: aignostics.7z not found in $platform_name"
fi
cd ..
fi
done
cd ..
ls -la dist_native_zipped/
- name: Final smoke test
shell: bash
run: |
uv run --no-dev aignostics --help
- name: Docs
shell: bash
run: make docs
- name: Generate release notes
uses: orhun/git-cliff-action@e16f179f0be49ecdfe63753837f20b9531642772 # v4.7.0
id: git-cliff
with:
config: pyproject.toml
args: --verbose --latest --strip header
env:
OUTPUT: RELEASE_NOTES.md
GITHUB_REPO: ${{ github.repository }}
- name: Print the release notes
shell: bash
run: cat "${{ steps.git-cliff.outputs.changelog }}"
- name: Build distribution into dist/
shell: bash
run: make dist
- name: Publish distribution to Python Package Index at pypi.org
shell: bash
env:
UV_PUBLISH_TOKEN: ${{ secrets.UV_PUBLISH_TOKEN }}
run: |
# Use uv's credential storage - uv will read from UV_PUBLISH_TOKEN env var automatically
uv publish
- name: Download test results for ubuntu-latest generated in _test.yml
if: |
(!contains(inputs.commit_message, 'skip:test:all')) &&
(!contains(github.event.pull_request.labels.*.name, 'skip:test:all'))
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: test-results-ubuntu-latest
path: test-results
- name: Download audit results generated in _audit.yml
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: audit-results
path: audit-results
- name: Create GitHub release
if: |
(!contains(inputs.commit_message, 'skip:test:all')) &&
(!contains(github.event.pull_request.labels.*.name, 'skip:test:all'))
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
rm -rf ./test-results/coverage_html
gh release create ${{ github.ref_name }} ./dist/* ./dist_native_zipped/* ./test-results/* ./audit-results/* \
--notes-file ${{ steps.git-cliff.outputs.changelog }}
- name: Create GitHub release (no test results)
if: |
(contains(inputs.commit_message, 'skip:test:all')) ||
(contains(github.event.pull_request.labels.*.name, 'skip:test:all'))
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
rm -rf ./test-results/coverage_html
gh release create ${{ github.ref_name }} ./dist/* ./dist_native_zipped/* ./audit-results/* \
--notes-file ${{ steps.git-cliff.outputs.changelog }}
- name: Inform Sentry about release
uses: getsentry/action-release@dab6548b3c03c4717878099e43782cf5be654289 # v3.5.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ vars.SENTRY_ORG }}
SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
with:
environment: production
release: ${{ github.ref_name }}
- name: Release Announcement
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT }}
webhook-type: webhook-trigger
payload: |
"repository": "${{ github.repository }}",
"version": "${{ steps.git-cliff.outputs.version }}",
"release_notes": ${{ toJSON(steps.git-cliff.outputs.content) }},
"channel_id": "${{ secrets.SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT }}"
- name: Allow other workflows to trigger on release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
# See https://github.com/cli/cli/discussions/10696
gh api repos/aignostics/python-sdk/dispatches \
-f event_type=release_created_programatically