-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #442 from powerapi-ng/ci/rework-release-python-build
ci(release): Rework python package build/publish steps
- Loading branch information
Showing
1 changed file
with
104 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,61 +16,99 @@ jobs: | |
| contents: read | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
|
|
||
| - name: Check if package version corresponds to git tag | ||
| shell: python | ||
| env: | ||
| PYTHONPATH: ${{ github.workspace }}/src | ||
| run: | | ||
| import os | ||
| import sys | ||
| from powerapi import __version__ | ||
| git_tag = os.environ['GITHUB_REF_NAME'].removeprefix('v') | ||
| pkg_version = __version__ | ||
| if git_tag != pkg_version: | ||
| title = 'Invalid version' | ||
| file = 'src/powerapi/__init__.py' | ||
| msg = f'Version mismatch between python package ({pkg_version}) and git tag ({git_tag})' | ||
| print(f'::error title={title},file={file}::{msg}') | ||
| sys.exit(1) | ||
| pypi-package: | ||
| name: Publish Pypi package | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
|
|
||
| - name: Check if package version corresponds to git tag | ||
| shell: python | ||
| env: | ||
| PYTHONPATH: ${{ github.workspace }}/src | ||
| run: | | ||
| import os | ||
| import sys | ||
| from powerapi import __version__ | ||
| git_tag = os.environ['GITHUB_REF_NAME'].removeprefix('v') | ||
| pkg_version = __version__ | ||
| if git_tag != pkg_version: | ||
| title = 'Invalid version' | ||
| file = 'src/powerapi/__init__.py' | ||
| msg = f'Version mismatch between python package ({pkg_version}) and git tag ({git_tag})' | ||
| print(f'::error title={title},file={file}::{msg}') | ||
| sys.exit(1) | ||
| build-python-package: | ||
| name: Build Python Package | ||
| runs-on: ubuntu-latest | ||
| needs: pre-checks | ||
| needs: [pre-checks] | ||
| outputs: | ||
| dist-hashes: ${{ steps.dist-hashes.outputs.hash }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | ||
| with: | ||
| python-version: "3.x" | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | ||
| with: | ||
| python-version: "3.x" | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@f731690a1dacb2f6393acc910887b8cda1a97789 # v3.1.6 | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install build | ||
| - name: Build sdist and wheel | ||
| run: | | ||
| uv build --sdist --wheel --out-dir dist/ | ||
| - name: Build package | ||
| run: python -m build | ||
| - name: Compute SHA256 hashes of build artifacts | ||
| id: dist-hashes | ||
| shell: bash | ||
| run: | | ||
| cd ./dist && echo "hash=$(sha256sum -- * | base64 -w0)" >> $GITHUB_OUTPUT | ||
| - name: Publish package | ||
| uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3 | ||
| with: | ||
| print-hash: true | ||
| attestations: true | ||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: "python-build-dist" | ||
| path: ./dist | ||
| if-no-files-found: error | ||
|
|
||
| slsa-provenance: | ||
| name: Generate artifacts provenance attestation | ||
| needs: [build-python-package] | ||
| permissions: | ||
| contents: read | ||
| actions: read | ||
| id-token: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| base64-subjects: "${{ needs.build-python-package.outputs.dist-hashes }}" | ||
|
|
||
| publish-python-package: | ||
| name: Publish Pypi Package | ||
| runs-on: ubuntu-latest | ||
| needs: [build-python-package, slsa-provenance] | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Download build artifacts | ||
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: "python-build-dist" | ||
|
|
||
| - name: Publish package | ||
| uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3 | ||
| with: | ||
| print-hash: true | ||
| attestations: true | ||
|
|
||
| docker-image: | ||
| name: Publish Docker image | ||
| runs-on: ubuntu-latest | ||
| needs: pre-checks | ||
| needs: [pre-checks] | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
@@ -118,26 +156,33 @@ jobs: | |
| github-release: | ||
| name: Publish GitHub release | ||
| runs-on: ubuntu-latest | ||
| needs: [pre-checks, pypi-package, docker-image] | ||
| needs: [publish-python-package, docker-image] | ||
| permissions: | ||
| contents: write | ||
| env: | ||
| CHGLOG_VERSION: "0.15.4" | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Generate version changelog | ||
| run: | | ||
| set -euo pipefail | ||
| export BASE_URL="https://github.com/git-chglog/git-chglog/releases/download" | ||
| export FILENAME="git-chglog_${CHGLOG_VERSION}_linux_amd64.tar.gz" | ||
| curl -fsSL "${BASE_URL}/v${CHGLOG_VERSION}/${FILENAME}" |sudo tar xz --no-same-owner -C /usr/local/bin git-chglog | ||
| git-chglog --config .github/chglog/config.yml --output CHANGELOG.md "${GITHUB_REF_NAME}" | ||
| - name: Create GitHub release | ||
| uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 | ||
| with: | ||
| body_path: CHANGELOG.md | ||
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Generate version changelog | ||
| run: | | ||
| set -euo pipefail | ||
| export BASE_URL="https://github.com/git-chglog/git-chglog/releases/download" | ||
| export FILENAME="git-chglog_${CHGLOG_VERSION}_linux_amd64.tar.gz" | ||
| curl -fsSL "${BASE_URL}/v${CHGLOG_VERSION}/${FILENAME}" |sudo tar xz --no-same-owner -C /usr/local/bin git-chglog | ||
| git-chglog --config .github/chglog/config.yml --output CHANGELOG.md "${GITHUB_REF_NAME}" | ||
| - name: Download build artifacts | ||
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
|
|
||
| - name: Create GitHub release | ||
| uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 | ||
| with: | ||
| body_path: CHANGELOG.md | ||
| files: | | ||
| dist/powerapi-*.whl | ||
| dist/powerapi-*.tar.gz | ||
| *.intoto.jsonl | ||