FilesExpand file tree

 develop

/

cd.yml

Copy path

View Runs

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

104 lines (90 loc) · 3.25 KB

 develop

/

cd.yml

Top

File metadata and controls

• Code
• Blame

104 lines (90 loc) · 3.25 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

name: CD

concurrency: cd

on:

push:

tags:

- v*

permissions: {}

jobs:

test:

uses: ./.github/workflows/_test.yml

build:

name: Build

runs-on: ubuntu-latest

needs: test

steps:

- name: Checkout release tag

uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8

with:

ref: ${{ github.event.workflow_run.head_branch }}

- name: Set up Python

uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984

with:

python-version: '3.x'

- name: Install build dependency

run: python3 -m pip install --upgrade pip build

- name: Build binary wheel and source tarball

run: python3 -m build --sdist --wheel --outdir dist/ .

- name: Store build artifacts

uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb

# NOTE: The GitHub release page contains the release artifacts too, but using

# GitHub upload/download actions seems robuster: there is no need to compute

# download URLs and tampering with artifacts between jobs is more limited.

with:

name: build-artifacts

path: dist

candidate_release:

name: Release candidate on Github for review

runs-on: ubuntu-latest

needs: build

permissions:

contents: write # to modify GitHub releases

outputs:

release_id: ${{ steps.gh-release.outputs.id }}

steps:

- name: Fetch build artifacts

uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7

with:

name: build-artifacts

path: dist

- id: gh-release

name: Publish GitHub release candidate

uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5

with:

name: ${{ github.ref_name }}-rc

tag_name: ${{ github.ref }}

body: "Release waiting for review..."

files: dist/*

release:

name: Release

runs-on: ubuntu-latest

needs: candidate_release

environment: release

permissions:

contents: write # to modify GitHub releases

steps:

- name: Fetch build artifacts

uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7

with:

name: build-artifacts

path: dist

- name: Publish binary wheel and source tarball on PyPI

# Only attempt pypi upload in upstream repository

if: github.repository == 'theupdateframework/python-tuf'

uses: pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f

with:

user: __token__

password: ${{ secrets.PYPI_API_TOKEN }}

- name: Finalize GitHub release

uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0

with:

script: |

await github.rest.repos.updateRelease({

owner: context.repo.owner,

repo: context.repo.repo,

release_id: '${{ needs.candidate_release.outputs.release_id }}',

name: '${{ github.ref_name }}',

body: 'See [CHANGELOG.md](https://github.com/' +

context.repo.owner + '/' + context.repo.repo +

'/blob/${{ github.ref_name }}/docs/CHANGELOG.md) for details.'

})