fix: Release process #776
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # From https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries | |
| name: "Publish" | |
| on: | |
| push: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| tests: | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install devbox | |
| uses: jetpack-io/[email protected] | |
| - name: Run linting | |
| run: devbox run lint | |
| - name: Check code formatting | |
| run: devbox run format-check | |
| - name: Run type checks | |
| run: devbox run typecheck | |
| - name: Run tests | |
| run: devbox run test | |
| env: | |
| # Unit tests actually run against the GH API for 'real integration testing', | |
| # and providing a token will increase the otherwise too-low rate limit. | |
| # The `GITHUB_TOKEN` failed (https://github.com/alexpovel/ancv/actions/runs/4093416643/jobs/7063406195): | |
| # | |
| # body = b'{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/reference/gists#list-gists-for-a-user"}' | |
| # | |
| # So use a personal token. | |
| GH_TOKEN: ${{ secrets.GH_PERMISSIONLESS_FGAT }} | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| # Docs say a token isn't required for public GitHub repositories using GH | |
| # Actions, but it didn't work and failed with: | |
| # | |
| # [2022-08-08T19:50:41.725Z] ['error'] There was an error running the | |
| # uploader: Error uploading to https://codecov.io: Error: There was an error | |
| # fetching the storage URL during POST: 404 - {'detail': | |
| # ErrorDetail(string='Unable to locate build via Github Actions API. Please | |
| # upload with the Codecov repository upload token to resolve issue.', | |
| # code='not_found')} | |
| # | |
| # See also: https://github.com/alexpovel/ancv/runs/7733256776?check_suite_focus=true#step:7:37 | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: coverage.xml | |
| release-please: | |
| name: Execute release chores | |
| runs-on: ubuntu-latest | |
| needs: tests | |
| outputs: | |
| created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| # https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| with: | |
| # Token needs: `contents: write`, `pull-requests: write` | |
| token: ${{ steps.app-token.outputs.token }} | |
| publish: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.created }} | |
| # https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ | |
| environment: pypi | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install devbox | |
| uses: jetpack-io/[email protected] | |
| with: | |
| enable-cache: true | |
| - name: Build package | |
| run: devbox run uv build | |
| - name: Publish package | |
| uses: pypa/[email protected] | |
| build-and-push-image: | |
| name: Build Docker image and push to GitHub Container Registry | |
| runs-on: ubuntu-latest | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.created }} | |
| environment: container-registry | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to the container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{version}} | |
| type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}}.{{minor}} | |
| type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}},enable=${{ !startsWith(needs.release-please.outputs.tag_name, 'v0.') }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |