Prepare new release (#698) #23
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| concurrency: release | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| permissions: {} | |
| jobs: | |
| build-signer: | |
| name: Build tuf-on-ci signer | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install build dependencies | |
| run: python3 -m pip install -c build/build-constraints.txt build | |
| - name: Build release changelog, signer wheel & source tarball | |
| run: | | |
| PIP_CONSTRAINT=build/build-constraints.txt python3 -m build --sdist --wheel --outdir dist/ signer/ | |
| awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog | |
| - name: Store build artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| dist | |
| changelog | |
| release-pypi: | |
| name: Release Signer on PyPI | |
| runs-on: ubuntu-latest | |
| needs: build-signer | |
| environment: release | |
| permissions: | |
| id-token: write # to authenticate as Trusted Publisher to pypi.org | |
| steps: | |
| - name: Fetch build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: build-artifacts | |
| - name: Publish binary wheel and source tarball on PyPI | |
| if: github.repository == 'theupdateframework/tuf-on-ci' | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| release-gh: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: release-pypi | |
| permissions: | |
| contents: write # to modify GitHub releases | |
| steps: | |
| - name: Fetch build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: build-artifacts | |
| - name: Make a GitHub release | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| script: | | |
| fs = require('fs') | |
| res = await github.rest.repos.createRelease({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| name: process.env.GITHUB_REF_NAME, | |
| tag_name: process.env.GITHUB_REF, | |
| body: fs.readFileSync('changelog', 'utf8'), | |
| }) | |
| fs.readdirSync('dist/').forEach(file => { | |
| github.rest.repos.uploadReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: res.data.id, | |
| name: file, | |
| data: fs.readFileSync('dist/' + file), | |
| }); | |
| }); |