RNS-Things/rns-page-node
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
rns-page-node/.github/workflows/publish.yml
Ivan 382413dc08
Some checks failed
Docker Build Test / build (3.12) (push) Successful in 31s
Details
Docker Build Test / build (3.13) (push) Successful in 37s
Details
Docker Build Test / build (3.10) (push) Successful in 26s
Details
Docker Build Test / build (3.11) (push) Successful in 25s
Details
Docker Build Test / build (3.9) (push) Successful in 29s
Details
Safety / security (push) Failing after 30s
Details
Run Tests / test (3.10) (push) Successful in 40s
Details
Run Tests / test (3.11) (push) Successful in 31s
Details
Run Tests / test (3.12) (push) Successful in 35s
Details
Build and Publish Docker Image / build (push) Failing after 1m15s
Details
Run Tests / test (3.13) (push) Successful in 25s
Details
Run Tests / test (3.9) (push) Successful in 23s
Details
Update to support immutable github releases/tags
2025-11-23 11:45:41 -06:00

118 lines
3.5 KiB
YAML
Raw Permalink Blame History

name: Publish Python 🐍 distribution 📦 to PyPI
# This workflow creates immutable releases:
# 1. Build packages
# 2. Publish to PyPI (only on tag push)
# 3. After successful PyPI publish:
# - Sign artifacts
# - Check if GitHub release exists (idempotent)
# - Create release with all artifacts atomically
# This ensures releases cannot be modified once published.
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version to release (e.g., 0.6.8)'
required: true
type: string
permissions:
contents: read
id-token: write
jobs:
build:
name: Build distribution 📦
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: "3.13"
- name: Install pypa/build
run: python3 -m pip install build --user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Store the distribution packages
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: python-package-distributions
path: dist/
publish-to-pypi:
name: Publish Python 🐍 distribution 📦 to PyPI
if: startsWith(github.ref, 'refs/tags/')
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/rns-page-node
permissions:
id-token: write
contents: read
steps:
- name: Download all the dists
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
github-release:
name: Sign the Python 🐍 distribution 📦 and create GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Download all the dists
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@f7ad0af51a5648d09a20d00370f0a91c3bdf8f84 # v3.0.1
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Check if release exists
id: check_release
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
if gh release view "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
echo "exists=true" >> $GITHUB_OUTPUT
echo "Release $GITHUB_REF_NAME already exists, skipping creation"
else
echo "exists=false" >> $GITHUB_OUTPUT
echo "Release $GITHUB_REF_NAME does not exist, will create"
fi
continue-on-error: true
- name: Create GitHub Release with artifacts
if: steps.check_release.outputs.exists != 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
"$GITHUB_REF_NAME"
--repo "$GITHUB_REPOSITORY"
--title "Release $GITHUB_REF_NAME"
--notes "PyPI: https://pypi.org/project/rns-page-node/$GITHUB_REF_NAME/"
dist/*
Reference in New Issue View Git Blame Copy Permalink