Update to support immutable github releases/tags
Some checks failed
Docker Build Test / build (3.12) (push) Successful in 31s
Docker Build Test / build (3.13) (push) Successful in 37s
Docker Build Test / build (3.10) (push) Successful in 26s
Docker Build Test / build (3.11) (push) Successful in 25s
Docker Build Test / build (3.9) (push) Successful in 29s
Safety / security (push) Failing after 30s
Run Tests / test (3.10) (push) Successful in 40s
Run Tests / test (3.11) (push) Successful in 31s
Run Tests / test (3.12) (push) Successful in 35s
Build and Publish Docker Image / build (push) Failing after 1m15s
Run Tests / test (3.13) (push) Successful in 25s
Run Tests / test (3.9) (push) Successful in 23s
Some checks failed
Docker Build Test / build (3.12) (push) Successful in 31s
Docker Build Test / build (3.13) (push) Successful in 37s
Docker Build Test / build (3.10) (push) Successful in 26s
Docker Build Test / build (3.11) (push) Successful in 25s
Docker Build Test / build (3.9) (push) Successful in 29s
Safety / security (push) Failing after 30s
Run Tests / test (3.10) (push) Successful in 40s
Run Tests / test (3.11) (push) Successful in 31s
Run Tests / test (3.12) (push) Successful in 35s
Build and Publish Docker Image / build (push) Failing after 1m15s
Run Tests / test (3.13) (push) Successful in 25s
Run Tests / test (3.9) (push) Successful in 23s
This commit is contained in:
36
.github/workflows/publish.yml
vendored
36
.github/workflows/publish.yml
vendored
@@ -1,5 +1,14 @@
|
|||||||
name: Publish Python 🐍 distribution 📦 to PyPI
|
name: Publish Python 🐍 distribution 📦 to PyPI
|
||||||
|
|
||||||
|
# This workflow creates immutable releases:
|
||||||
|
# 1. Build packages
|
||||||
|
# 2. Publish to PyPI (only on tag push)
|
||||||
|
# 3. After successful PyPI publish:
|
||||||
|
# - Sign artifacts
|
||||||
|
# - Check if GitHub release exists (idempotent)
|
||||||
|
# - Create release with all artifacts atomically
|
||||||
|
# This ensures releases cannot be modified once published.
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
tags:
|
tags:
|
||||||
@@ -83,18 +92,27 @@ jobs:
|
|||||||
inputs: >-
|
inputs: >-
|
||||||
./dist/*.tar.gz
|
./dist/*.tar.gz
|
||||||
./dist/*.whl
|
./dist/*.whl
|
||||||
- name: Create GitHub Release
|
- name: Check if release exists
|
||||||
|
id: check_release
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ github.token }}
|
||||||
|
run: |
|
||||||
|
if gh release view "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
|
||||||
|
echo "exists=true" >> $GITHUB_OUTPUT
|
||||||
|
echo "Release $GITHUB_REF_NAME already exists, skipping creation"
|
||||||
|
else
|
||||||
|
echo "exists=false" >> $GITHUB_OUTPUT
|
||||||
|
echo "Release $GITHUB_REF_NAME does not exist, will create"
|
||||||
|
fi
|
||||||
|
continue-on-error: true
|
||||||
|
- name: Create GitHub Release with artifacts
|
||||||
|
if: steps.check_release.outputs.exists != 'true'
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
GITHUB_TOKEN: ${{ github.token }}
|
||||||
run: >-
|
run: >-
|
||||||
gh release create
|
gh release create
|
||||||
"$GITHUB_REF_NAME"
|
"$GITHUB_REF_NAME"
|
||||||
--repo "$GITHUB_REPOSITORY"
|
--repo "$GITHUB_REPOSITORY"
|
||||||
--notes ""
|
--title "Release $GITHUB_REF_NAME"
|
||||||
- name: Upload artifact signatures to GitHub Release
|
--notes "PyPI: https://pypi.org/project/rns-page-node/$GITHUB_REF_NAME/"
|
||||||
env:
|
dist/*
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
|
||||||
run: >-
|
|
||||||
gh release upload
|
|
||||||
"$GITHUB_REF_NAME" dist/**
|
|
||||||
--repo "$GITHUB_REPOSITORY"
|
|
||||||
Reference in New Issue
Block a user