Skip to content

Commit 7dc4a04

Browse files
committed
[ci][clean] Use reusable workflow to deploy Python package
1 parent 06a8249 commit 7dc4a04

File tree

1 file changed

+8
-94
lines changed

1 file changed

+8
-94
lines changed

.github/workflows/build_and_tests.yml

Lines changed: 8 additions & 94 deletions
Original file line numberDiff line numberDiff line change
@@ -59,98 +59,12 @@ jobs:
5959

6060

6161
package_and_deploy:
62-
name: Build and deploy Ledgered Python package
63-
runs-on: public-ledgerhq-shared-small
62+
name: Build and deploy the Ledgered Python package
6463
needs: [build_install_test]
65-
permissions:
66-
id-token: write
67-
attestations: write
68-
contents: write
69-
steps:
70-
71-
- name: Clone
72-
uses: actions/checkout@v4
73-
with:
74-
fetch-depth: 0
75-
76-
- name: Build Ledgered Python package
77-
run: |
78-
# Needed to workaround this bug https://github.com/pypa/setuptools/issues/4759
79-
# To be removed when it's fixed
80-
pip install -U packaging
81-
pip install --upgrade pip build twine
82-
python -m build
83-
pip install .
84-
python -m twine check dist/*
85-
echo "TAG_VERSION=$(python -c 'from ledgered import __version__; print(__version__)')" >> "$GITHUB_ENV"
86-
87-
- name: Display current status
88-
run: |
89-
echo "Current status is:"
90-
if [[ ${{ github.ref }} == "refs/tags/"* ]];
91-
then
92-
echo "- Triggered from tag, package will be a release";
93-
else
94-
echo "- Not triggered from tag, package will be a pre-release";
95-
fi
96-
echo "- Tag version: ${{ env.TAG_VERSION }}"
97-
98-
- name: Check version against CHANGELOG
99-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
100-
run: |
101-
CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
102-
if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \
103-
then \
104-
exit 0; \
105-
else \
106-
echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \
107-
exit 1; \
108-
fi
109-
110-
- name: Publish Python package on pypi.org
111-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
112-
run: python -m twine upload dist/*
113-
env:
114-
TWINE_USERNAME: __token__
115-
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
116-
TWINE_NON_INTERACTIVE: 1
117-
118-
- name: Login to Ledger Artifactory
119-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
120-
timeout-minutes: 10
121-
id: jfrog-login
122-
uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
123-
124-
- name: Publish Python package on Ledger Artifactory
125-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
126-
run: python -m twine upload dist/*
127-
env:
128-
TWINE_REPOSITORY_URL: https://jfrog.ledgerlabs.net/artifactory/api/pypi/embedded-apps-pypi-prod-green
129-
TWINE_USERNAME: ${{ steps.jfrog-login.outputs.oidc-user }}
130-
TWINE_PASSWORD: ${{ steps.jfrog-login.outputs.oidc-token }}
131-
TWINE_NON_INTERACTIVE: 1
132-
133-
- name: Generate library build attestations
134-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
135-
timeout-minutes: 10
136-
uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
137-
with:
138-
subject-path: dist/*
139-
140-
- name: Sign library artifacts
141-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
142-
timeout-minutes: 10
143-
uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
144-
with:
145-
path: dist
146-
147-
- name: Publish a release on the repo
148-
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
149-
uses: "marvinpinto/action-automatic-releases@latest"
150-
with:
151-
automatic_release_tag: "v${{ env.TAG_VERSION }}"
152-
repo_token: "${{ secrets.GITHUB_TOKEN }}"
153-
prerelease: false
154-
files: |
155-
LICENSE
156-
dist/
64+
uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_pypi_deployment.yml@v1
65+
with:
66+
package_name: ledgered
67+
check_changelog_version: ${{ startsWith(github.ref, 'refs/tags/') }}
68+
publish: ${{ startsWith(github.ref, 'refs/tags/') }}
69+
secrets:
70+
pypi_token: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}

0 commit comments

Comments
 (0)