Chore: Prepare for next release, bump version (#249) #41
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # SPDX-FileCopyrightText: 2024 The Linux Foundation | |
| # Performs a build, runs tests, performs a release | |
| name: "🤖 Build/Test/Release [Tag Push]" | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+' | |
| permissions: {} | |
| jobs: | |
| repository: | |
| name: "Repository" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/workflows/reuse-inspect-repository.yaml@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| permissions: | |
| contents: read | |
| python-build: | |
| name: "Python build" | |
| needs: repository | |
| if: needs.repository.outputs.python_project == 'true' | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| matrix_json: ${{ steps.python-project-build.outputs.matrix_json }} | |
| artefact_path: ${{ steps.python-project-build.outputs.artefact_path }} | |
| permissions: | |
| contents: write | |
| # Required by SigStore signing action | |
| id-token: write | |
| # Required for attestations | |
| attestations: write | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: "Build Python project" | |
| id: python-project-build | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/python-project-build-action@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| with: | |
| github_attest: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| sigstore_sign: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| build_tag: ${{ needs.repository.outputs.build_tag }} | |
| python-test: | |
| name: "Test" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/workflows/reuse-python-tests.yaml@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| needs: | |
| - repository | |
| - python-build | |
| # Matrix job | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }} | |
| with: | |
| python_version: ${{ matrix.python-version }} | |
| permissions: | |
| contents: read | |
| python-audit: | |
| name: "Audit" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/workflows/reuse-python-audit.yaml@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| needs: | |
| - repository | |
| - python-build | |
| # Matrix job | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }} | |
| with: | |
| python_version: ${{ matrix.python-version }} | |
| permissions: | |
| contents: read | |
| notebooks: | |
| name: "Notebooks" | |
| if: needs.repository.outputs.jupyter_notebooks == 'true' | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/workflows/reuse-notebook-tests.yaml@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| needs: | |
| - repository | |
| - python-build | |
| # Matrix job | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }} | |
| with: | |
| python_version: ${{ matrix.python-version }} | |
| permissions: | |
| contents: read | |
| pypi-test: | |
| name: "Test Package Publishing" | |
| needs: | |
| - repository | |
| - python-build | |
| - python-audit | |
| - python-test | |
| runs-on: "ubuntu-24.04" | |
| permissions: | |
| contents: read | |
| # Needed for trusted publishing; must also be passed from parent workflows | |
| id-token: write | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: "Test Package Publishing" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/python-pypi-publish-action@main | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| environment: development | |
| build_tag: ${{ needs.repository.outputs.build_tag }} | |
| one_password_item: "op://hdiyadcjno2knqgvcy4wj5ulya/tm2ffuusrynfivtcsnamginhm4/password" | |
| op_service_account_token: ${{ secrets.ONE_PASSWORD_PRODUCTION }} | |
| pypi_credential: ${{ secrets.PYPI_PRODUCTION }} | |
| github-release: | |
| name: "Release: GitHub" | |
| # yamllint disable-line rule:line-length | |
| if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[release]') | |
| needs: | |
| - repository | |
| - pypi-test | |
| runs-on: "ubuntu-24.04" | |
| permissions: | |
| contents: write | |
| steps: | |
| # yamllint disable-line rule:line-length | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: "Extract project/repository naming" | |
| id: naming | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/python-get-project-name-action@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| - name: "⬇ Download build artefacts" | |
| # yamllint disable-line rule:line-length | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: ${{ env.python_project_name }} | |
| path: "dist" | |
| - name: "Check project version matches pushed tags" | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/python-project-version-vs-tag-action@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| - name: "GitHub Release" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/github-release-action@24097e8d73176a7eeb512dd1654726edbb3fc5f6 # 2024-01-20 | |
| with: | |
| project_name: ${{ env.python_project_name }} | |
| artefact_location: "dist" | |
| build_tag: ${{ needs.repository.outputs.build_tag }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| pypi-release: | |
| name: "Release: PyPI" | |
| if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[release]') | |
| needs: | |
| - repository | |
| - pypi-test | |
| runs-on: "ubuntu-24.04" | |
| permissions: | |
| contents: read | |
| # Needed for trusted publishing; must also be passed from parent workflows | |
| id-token: write | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: "Release to PyPI" | |
| # yamllint disable-line rule:line-length | |
| uses: os-climate/osc-github-devops/.github/actions/python-pypi-publish-action@main | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| environment: production | |
| build_tag: ${{ needs.repository.outputs.build_tag }} | |
| one_password_item: "op://hdiyadcjno2knqgvcy4wj5ulya/vds5rebqxeqfrjqwpszxxicmzq/password" | |
| op_service_account_token: ${{ secrets.ONE_PASSWORD_PRODUCTION }} | |
| pypi_credential: ${{ secrets.PYPI_PRODUCTION }} |