From 7ac1bf1c4019c3fef8c868371af2255b4ceef56f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Randy=20D=C3=B6ring?= <30527984+radoering@users.noreply.github.com> Date: Sat, 7 Dec 2024 13:04:37 +0100 Subject: [PATCH] ci: update release workflow and use hashes for actions --- .github/workflows/main.yaml | 6 +-- .github/workflows/release.yaml | 76 +++++++++++++++++++--------------- 2 files changed, 46 insertions(+), 36 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index e5a80f4..2166b0b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -30,10 +30,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} allow-prereleases: true @@ -58,7 +58,7 @@ jobs: run: poetry config virtualenvs.in-project true - name: Set up cache - uses: actions/cache@v3 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: cache with: path: .venv diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 78efacc..b9d3638 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,48 +1,58 @@ name: Release on: - push: - tags: - - '*.*.*' + release: + types: [published] jobs: - release: - name: Release + build: + name: Build runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up Python 3.9 - uses: actions/setup-python@v4 - with: - python-version: "3.9" + - run: pipx run build - - name: Install Poetry - run: | - curl -sL https://install.python-poetry.org | python - -y ${{ matrix.bootstrap-args }} + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: distfiles + path: dist/ + if-no-files-found: error - - name: Update PATH - run: echo "$HOME/.local/bin" >> $GITHUB_PATH + upload-github: + name: Upload (GitHub) + runs-on: ubuntu-latest + permissions: + contents: write + needs: build + steps: + # We need to be in a git repo for gh to work. + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Build project for distribution - run: poetry build + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: distfiles + path: dist/ - - name: Check Version - id: check-version - run: | - [[ "$(poetry version --short)" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] \ - || echo "prerelease=true" >> $GITHUB_OUTPUT + - run: gh release upload ${{ github.event.release.tag_name }} dist/*.{tar.gz,whl} + env: + GH_TOKEN: ${{ github.token }} - - name: Create Release - uses: ncipollo/release-action@v1 + upload-pypi: + name: Upload (PyPI) + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/project/poetry-plugin-export/ + permissions: + id-token: write + needs: build + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - artifacts: "dist/*" - token: ${{ secrets.GITHUB_TOKEN }} - draft: false - prerelease: steps.check-version.outputs.prerelease == 'true' + name: distfiles + path: dist/ - - name: Publish to PyPI - env: - POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }} - run: poetry publish + - uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2 + with: + print-hash: true