@@ -59,98 +59,12 @@ jobs:
59
59
60
60
61
61
package_and_deploy :
62
- name : Build and deploy Ledgered Python package
63
- runs-on : public-ledgerhq-shared-small
62
+ name : Build and deploy the Ledgered Python package
64
63
needs : [build_install_test]
65
- permissions :
66
- id-token : write
67
- attestations : write
68
- contents : write
69
- steps :
70
-
71
- - name : Clone
72
- uses : actions/checkout@v4
73
- with :
74
- fetch-depth : 0
75
-
76
- - name : Build Ledgered Python package
77
- run : |
78
- # Needed to workaround this bug https://github.com/pypa/setuptools/issues/4759
79
- # To be removed when it's fixed
80
- pip install -U packaging
81
- pip install --upgrade pip build twine
82
- python -m build
83
- pip install .
84
- python -m twine check dist/*
85
- echo "TAG_VERSION=$(python -c 'from ledgered import __version__; print(__version__)')" >> "$GITHUB_ENV"
86
-
87
- - name : Display current status
88
- run : |
89
- echo "Current status is:"
90
- if [[ ${{ github.ref }} == "refs/tags/"* ]];
91
- then
92
- echo "- Triggered from tag, package will be a release";
93
- else
94
- echo "- Not triggered from tag, package will be a pre-release";
95
- fi
96
- echo "- Tag version: ${{ env.TAG_VERSION }}"
97
-
98
- - name : Check version against CHANGELOG
99
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
100
- run : |
101
- CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
102
- if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \
103
- then \
104
- exit 0; \
105
- else \
106
- echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \
107
- exit 1; \
108
- fi
109
-
110
- - name : Publish Python package on pypi.org
111
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
112
- run : python -m twine upload dist/*
113
- env :
114
- TWINE_USERNAME : __token__
115
- TWINE_PASSWORD : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
116
- TWINE_NON_INTERACTIVE : 1
117
-
118
- - name : Login to Ledger Artifactory
119
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
120
- timeout-minutes : 10
121
- id : jfrog-login
122
- uses : LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
123
-
124
- - name : Publish Python package on Ledger Artifactory
125
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
126
- run : python -m twine upload dist/*
127
- env :
128
- TWINE_REPOSITORY_URL : https://jfrog.ledgerlabs.net/artifactory/api/pypi/embedded-apps-pypi-prod-green
129
- TWINE_USERNAME : ${{ steps.jfrog-login.outputs.oidc-user }}
130
- TWINE_PASSWORD : ${{ steps.jfrog-login.outputs.oidc-token }}
131
- TWINE_NON_INTERACTIVE : 1
132
-
133
- - name : Generate library build attestations
134
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
135
- timeout-minutes : 10
136
- uses : LedgerHQ/actions-security/actions/attest@actions/attest-1
137
- with :
138
- subject-path : dist/*
139
-
140
- - name : Sign library artifacts
141
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
142
- timeout-minutes : 10
143
- uses : LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
144
- with :
145
- path : dist
146
-
147
- - name : Publish a release on the repo
148
- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
149
- uses : " marvinpinto/action-automatic-releases@latest"
150
- with :
151
- automatic_release_tag : " v${{ env.TAG_VERSION }}"
152
- repo_token : " ${{ secrets.GITHUB_TOKEN }}"
153
- prerelease : false
154
- files : |
155
- LICENSE
156
- dist/
64
+ uses : LedgerHQ/ledger-app-workflows/.github/workflows/reusable_pypi_deployment.yml@v1
65
+ with :
66
+ package_name : ledgered
67
+ check_changelog_version : ${{ startsWith(github.ref, 'refs/tags/') }}
68
+ publish : ${{ startsWith(github.ref, 'refs/tags/') }}
69
+ secrets :
70
+ pypi_token : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
0 commit comments