chore: bumping dependency for pip-audit warning fix (#322) #282
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Delivery of Python package | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
production_release: | |
description: "Production release?" | |
required: true | |
default: "true" | |
concurrency: release | |
permissions: | |
contents: write | |
packages: read | |
jobs: | |
ci-check-python: | |
name: Check Python | |
uses: ./.github/workflows/check-python.yaml | |
ci-build-python: | |
name: Build Python | |
uses: ./.github/workflows/build-python.yaml | |
needs: ci-check-python | |
release: | |
name: Release Library | |
needs: ci-build-python | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# Fetch entire repository history so we can determine version number from it | |
fetch-depth: 0 | |
- name: Install poetry | |
run: pipx install poetry | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
cache: "poetry" | |
- name: Install dependencies | |
run: poetry install --no-interaction --no-root | |
- name: Get branch name | |
shell: bash | |
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT | |
id: get_branch | |
- name: Set Git user as GitHub actions | |
run: git config --global user.email "actions@github.com" && git config --global user.name "github-actions" | |
- name: Create Continuous Deployment - Feature Branch | |
if: steps.get_branch.outputs.branch != 'main' && inputs.production_release != 'true' | |
run: | | |
poetry run semantic-release \ | |
-v DEBUG \ | |
--prerelease \ | |
--patch \ | |
--define=prerelease_tag=beta+${{ steps.get_branch.outputs.branch }} \ | |
--define=branch=${{ steps.get_branch.outputs.branch }} \ | |
publish | |
gh release edit --prerelease "$(git describe $(git rev-list --tags --max-count=1))" | |
# --define=upload_to_repository=true \ | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
REPOSITORY_USERNAME: __token__ | |
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }} | |
- name: Create Continuous Deployment - Beta (non-prod) | |
if: steps.get_branch.outputs.branch == 'main' && inputs.production_release != 'true' | |
run: | | |
poetry run semantic-release \ | |
-v DEBUG \ | |
--prerelease \ | |
--define=branch=main \ | |
publish | |
gh release edit --prerelease "v$(poetry run semantic-release print-version --current)" | |
# --define=upload_to_repository=true \ | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
REPOSITORY_USERNAME: __token__ | |
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }} | |
- name: Create Continuous Deployment - Production | |
if: steps.get_branch.outputs.branch == 'main' && inputs.production_release == 'true' | |
run: | | |
poetry run semantic-release \ | |
-v DEBUG \ | |
--define=version_source="commit" \ | |
--define=patch_without_tag=true \ | |
--define=upload_to_repository=true \ | |
--define=branch=main \ | |
publish | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
REPOSITORY_USERNAME: __token__ | |
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: algokit-cli | |
path: dist/algokit*-py3-none-any.whl | |
if-no-files-found: error | |
cd-publish-release-packages: | |
name: Publish Release Packages | |
needs: release | |
# if: ${{ github.ref_name == 'chocolatey-package' }} && inputs.production_release != 'true' # used to test manual release from a branch | |
if: ${{ github.ref_name == 'main' && inputs.production_release == 'true' }} # Might want to adjust this to publish (pre-release) on merge as well. | |
uses: ./.github/workflows/publish-release-packages.yaml | |
with: | |
artifactName: algokit-cli | |
secrets: inherit |