From fd5a89641c07bd3e87610c2c8a0d3f4b66e2b98d Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 15:58:24 -0500 Subject: [PATCH 1/6] Push to PyPI on release --- .github/workflows/release.yaml | 138 +++++++++------------------------ 1 file changed, 37 insertions(+), 101 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c53b832..285394d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,114 +1,50 @@ name: Release + on: - push: - branches: [ release ] + release: + types: [published] + workflow_dispatch: concurrency: group: ${{ github.workflow }} cancel-in-progress: false -env: - PYTHON_RUNTIME_VERSION: "3.11" - PYTHON_PACKAGE_NAME: netboxlabs-netbox-branching - jobs: - get-package-name: - name: Get package name - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - uses: actions/checkout@v4 - - name: Python package name - id: package-name - run: echo "package-name=${{ env.PYTHON_PACKAGE_NAME }}" >> "$GITHUB_OUTPUT" - outputs: - package-name: ${{ steps.package-name.outputs.package-name }} - get-next-version: - name: Get next version - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - uses: actions/checkout@v4 - - name: Set short sha output - id: short-sha - run: echo "short-sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" - - name: Set release version - id: release-version - run: | - pip install toml-cli - release_version=`toml get --toml-path pyproject.toml project.version` - echo "Release version: $release_version" - echo "release-version=$release_version" >> "$GITHUB_OUTPUT" - outputs: - short-sha: ${{ steps.short-sha.outputs.short-sha }} - release-version: ${{ steps.release-version.outputs.release-version }} - get-release-notes: - name: Get release notes - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - uses: actions/checkout@v4 - - name: Set release notes - id: release-notes - env: - PR_BODY: ${{ github.event.pull_request.body }} - run: | - echo 'release-notes<> $GITHUB_OUTPUT - echo $PR_BODY >> $GITHUB_OUTPUT - echo 'EOF' >> $GITHUB_OUTPUT - outputs: - release-notes: ${{ steps.release-notes.outputs.release-notes }} build: - name: Build - needs: [ get-package-name, get-next-version, get-release-notes ] + name: Build distribution runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - id-token: write - contents: read - env: - BUILD_VERSION: ${{ needs.get-next-version.outputs.release-version }} - BUILD_TRACK: release - BUILD_COMMIT: ${{ needs.get-next-version.outputs.short-sha }} - OUTPUT_FILENAME: ${{ needs.get-package-name.outputs.package-name }}-${{ needs.get-next-version.outputs.release-version }}.tar.gz steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHON_RUNTIME_VERSION }} - - name: Build sdist package - run: | - python3 -m pip install --upgrade build - python3 -m build --sdist --outdir dist/ - - name: Replace underscores with hyphens in build filename - run: | - BUILD_FILENAME=$(ls dist/ | grep tar.gz) - mv dist/$BUILD_FILENAME dist/${{ env.OUTPUT_FILENAME }} - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ env.OUTPUT_FILENAME }} - path: dist/${{ env.OUTPUT_FILENAME }} - retention-days: 30 - if-no-files-found: error - - name: Publish release distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - packages-dir: dist - release: - name: Release - needs: [ get-next-version, get-release-notes, build ] + - uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: actions/setup-python@v5 + with: + python-version: "3.x" + - name: Install pypa/build + run: | + python3 -m pip install build + - name: Build distribution package + run: | + python3 -m build + - name: Upload distribution package + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + if-no-files-found: error + + publish: + name: Publish to Test PyPI + needs: + - build runs-on: ubuntu-latest - timeout-minutes: 5 steps: - - uses: actions/checkout@v4 - - name: Create release - id: create_release - uses: actions/create-release@latest - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ needs.get-next-version.outputs.release-version }} - release_name: ${{ needs.get-next-version.outputs.release-version }} - body: ${{ needs.get-release-notes.outputs.release-notes }} - draft: false + - name: Download distribution package + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ From 6701ec7449902c8968606b83e61f9db9c7116dce Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 16:14:55 -0500 Subject: [PATCH 2/6] Set id-token: write --- .github/workflows/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 285394d..e2e19f9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,6 +38,8 @@ jobs: needs: - build runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Download distribution package uses: actions/download-artifact@v4 From 9c79d028065f02b81e01a6f0d889650561adc27e Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 16:27:00 -0500 Subject: [PATCH 3/6] Change release type; use real PyPI --- .github/workflows/release.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e2e19f9..706b42b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -2,12 +2,7 @@ name: Release on: release: - types: [published] - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: false + types: [released] jobs: build: @@ -34,7 +29,7 @@ jobs: if-no-files-found: error publish: - name: Publish to Test PyPI + name: Publish to PyPI needs: - build runs-on: ubuntu-latest @@ -48,5 +43,3 @@ jobs: path: dist/ - name: Publish distribution to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - repository-url: https://test.pypi.org/legacy/ From bdc24f75888d45cb1e4d70e4572390ae604122f5 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 16:36:00 -0500 Subject: [PATCH 4/6] Pin gh-action-pypi-publish to v1.12.4 --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 706b42b..3768753 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,4 +42,4 @@ jobs: name: python-package-distributions path: dist/ - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1.12.4 From a9ff94d9d17d984344ff4448dc712330f58f9797 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 16:36:40 -0500 Subject: [PATCH 5/6] Declare explicit read permissions for workflow --- .github/workflows/release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3768753..6fe32a7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,6 +4,9 @@ on: release: types: [released] +permissions: + contents: read + jobs: build: name: Build distribution From a7f6d5bec0e46c16645d6633b1e8d8fbeab62d46 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 5 Feb 2025 16:58:57 -0500 Subject: [PATCH 6/6] Pin pypa/gh-action-pypi-publish to commit hash --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6fe32a7..c99bc2d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -45,4 +45,4 @@ jobs: name: python-package-distributions path: dist/ - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@v1.12.4 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4