Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Let us create lightweight pre-release tags #2581

Merged
merged 3 commits into from
Aug 13, 2024
Merged

ci: Let us create lightweight pre-release tags #2581

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
73e2fc1
ci: Let us create lightweight pre-release tags
edgarrmondragon Jul 31, 2024
54d7017
Merge branch 'main' into lightweight-prerelease-tags
edgarrmondragon Aug 13, 2024
88c6cfe
Merge branch 'main' into lightweight-prerelease-tags
edgarrmondragon Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 48 additions & 10 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,52 @@ on:

jobs:
build:
name: Build artifacts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hynek/build-and-inspect-python-package@v2

check-tag:
name: Check tag
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
outputs:
is_final: ${{ steps.check.outputs.is_final }}
steps:
- name: Check if tag is a pre-release
id: check
run: |
echo "is_final=$(echo '${{ github.ref }}' | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$' && echo 'true' || echo 'false')" >> $GITHUB_OUTPUT

provenance:
name: Provenance
runs-on: ubuntu-latest
needs: [build]
if: startsWith(github.ref, 'refs/tags/')
permissions:
id-token: write # Needed for attestations
attestations: write # Needed for attestations
outputs:
bundle-path: ${{ steps.attest.outputs.bundle-path }}
steps:
- uses: actions/download-artifact@v4
with:
name: Packages
path: dist
- uses: actions/attest-build-provenance@v1
id: attest
with:
subject-path: "./dist/singer_sdk*"
- uses: actions/upload-artifact@v4
with:
name: Attestations
path: ${{ steps.attest.outputs.bundle-path }}

publish:
name: Publish to PyPI
name: PyPI
runs-on: ubuntu-latest
needs: [build]
environment:
Expand All @@ -33,33 +70,34 @@ jobs:
upload-to-release:
name: Upload files to release
runs-on: ubuntu-latest
needs: [build]
if: startsWith(github.ref, 'refs/tags/')
needs: [build, check-tag, provenance]
if: ${{ startsWith(github.ref, 'refs/tags/') && needs.check-tag.outputs.is_final == 'true' }}
permissions:
contents: write # Needed for uploading files to the release
id-token: write # Needed for attestations
attestations: write # Needed for attestations

steps:
- uses: actions/download-artifact@v4
with:
name: Packages
path: dist

- uses: actions/download-artifact@v4
with:
name: Attestations
path: attestations

- name: Upload wheel and sdist to release
uses: svenstaro/upload-release-action@v2
with:
file: dist/singer_sdk*
tag: ${{ github.ref }}
overwrite: true
file_glob: true
- uses: actions/attest-build-provenance@v1
id: attest
with:
subject-path: "./dist/singer_sdk*"

- name: Upload attestations to release
uses: svenstaro/upload-release-action@v2
with:
file: ${{ steps.attest.outputs.bundle-path }}
file: attestations/attestation.jsonl
tag: ${{ github.ref }}
overwrite: true
asset_name: attestations.intoto.jsonl