Merge pull request #305 from tpvasconcelos/contrib #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow automates the build, publish, and release process for the Python 🐍 package 📦 | |
# | |
# It builds both source (sdist) and binary (wheel) distributions, | |
# on every tag push to the main branch, or pull request event. | |
# | |
# If the event is a push to the main branch, the distributions | |
# are published to TestPyPI. This should be a good indicator | |
# that the build and publishing process is always working | |
# correctly, as opposed to only finding out when we try | |
# to actually publish a new release to the real PyPI. | |
# | |
# Only when a new tag push, the distributions are then published to | |
# the "real" PyPI, and a new GitHub Release is created containing | |
# the latest release notes and Sigstore-certified distributions. | |
# | |
name: Release workflow 🚀 | |
on: | |
push: | |
branches: [ main ] | |
tags: [ '*' ] | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: Build distributions | |
runs-on: ubuntu-latest | |
timeout-minutes: 6 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# TODO: This can be very expensive for large repos. Is there a better way to do this? | |
# Fetch all history and tags for setuptools_scm to work | |
fetch-depth: 0 | |
- uses: ./.github/actions/setup-python | |
with: | |
python-version: "3.9" | |
requirements: tox | |
- name: Build source (sdist) and binary (wheel) distributions | |
run: tox -e build-dists | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
publish-to-testpypi: | |
name: Publish distribution to TestPyPI | |
if: github.ref == 'refs/heads/main' | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
timeout-minutes: 2 | |
environment: | |
name: testpypi | |
url: https://test.pypi.org/p/ridgeplot | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
verbose: true | |
print-hash: true | |
publish-to-pypi: | |
name: Publish distribution to PyPI | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
timeout-minutes: 2 | |
environment: | |
name: pypi | |
url: https://pypi.org/p/ridgeplot | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
verbose: true | |
print-hash: true | |
github-release: | |
name: Publish a GitHub Release | |
needs: | |
- publish-to-pypi | |
runs-on: ubuntu-latest | |
timeout-minutes: 2 | |
permissions: | |
contents: write # IMPORTANT: mandatory for making GitHub Releases | |
id-token: write # IMPORTANT: mandatory for sigstore | |
steps: | |
# Generate the release notes | |
- uses: actions/checkout@v4 | |
with: | |
# TODO: This can be very expensive for large repos. Is there a better way to do this? | |
# Fetch all history and tags for setuptools_scm to work | |
fetch-depth: 0 | |
- uses: ./.github/actions/setup-python | |
with: | |
python-version: "3.9" | |
requirements: tox | |
- name: Generate release notes | |
run: tox -e release-notes | |
# Sign the package distributions with Sigstore | |
# https://github.com/marketplace/actions/gh-action-sigstore-python | |
- uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Sign the dists with Sigstore | |
uses: sigstore/gh-action-sigstore-python@v3.0.0 | |
with: | |
inputs: >- | |
./dist/*.tar.gz | |
./dist/*.whl | |
- name: Create GitHub Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
body_path: LATEST_RELEASE_NOTES.md | |
# `dist/` contains the built distributions, and the | |
# Sigstore-produced signatures and certificates. | |
files: dist/** |