@@ -59,98 +59,12 @@ jobs:
5959
6060
6161 package_and_deploy :
62- name : Build and deploy Ledgered Python package
63- runs-on : public-ledgerhq-shared-small
62+ name : Build and deploy the Ledgered Python package
6463 needs : [build_install_test]
65- permissions :
66- id-token : write
67- attestations : write
68- contents : write
69- steps :
70-
71- - name : Clone
72- uses : actions/checkout@v4
73- with :
74- fetch-depth : 0
75-
76- - name : Build Ledgered Python package
77- run : |
78- # Needed to workaround this bug https://github.com/pypa/setuptools/issues/4759
79- # To be removed when it's fixed
80- pip install -U packaging
81- pip install --upgrade pip build twine
82- python -m build
83- pip install .
84- python -m twine check dist/*
85- echo "TAG_VERSION=$(python -c 'from ledgered import __version__; print(__version__)')" >> "$GITHUB_ENV"
86-
87- name : Display current status
88- run : |
89- echo "Current status is:"
90- if [[ ${{ github.ref }} == "refs/tags/"* ]];
91- then
92- echo "- Triggered from tag, package will be a release";
93- else
94- echo "- Not triggered from tag, package will be a pre-release";
95- fi
96- echo "- Tag version: ${{ env.TAG_VERSION }}"
97-
98- name : Check version against CHANGELOG
99- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
100- run : |
101- CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
102- if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \
103- then \
104- exit 0; \
105- else \
106- echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \
107- exit 1; \
108- fi
109-
110- name : Publish Python package on pypi.org
111- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
112- run : python -m twine upload dist/*
113- env :
114- TWINE_USERNAME : __token__
115- TWINE_PASSWORD : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
116- TWINE_NON_INTERACTIVE : 1
117-
118- - name : Login to Ledger Artifactory
119- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
120- timeout-minutes : 10
121- id : jfrog-login
122- uses : LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
123-
124- - name : Publish Python package on Ledger Artifactory
125- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
126- run : python -m twine upload dist/*
127- env :
128- TWINE_REPOSITORY_URL : https://jfrog.ledgerlabs.net/artifactory/api/pypi/embedded-apps-pypi-prod-green
129- TWINE_USERNAME : ${{ steps.jfrog-login.outputs.oidc-user }}
130- TWINE_PASSWORD : ${{ steps.jfrog-login.outputs.oidc-token }}
131- TWINE_NON_INTERACTIVE : 1
132-
133- - name : Generate library build attestations
134- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
135- timeout-minutes : 10
136- uses : LedgerHQ/actions-security/actions/attest@actions/attest-1
137- with :
138- subject-path : dist/*
139-
140- - name : Sign library artifacts
141- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
142- timeout-minutes : 10
143- uses : LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
144- with :
145- path : dist
146-
147- - name : Publish a release on the repo
148- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
149- uses : " marvinpinto/action-automatic-releases@latest"
150- with :
151- automatic_release_tag : " v${{ env.TAG_VERSION }}"
152- repo_token : " ${{ secrets.GITHUB_TOKEN }}"
153- prerelease : false
154- files : |
155- LICENSE
156- dist/
64+ uses : LedgerHQ/ledger-app-workflows/.github/workflows/reusable_pypi_deployment.yml@v1
65+ with :
66+ package_name : ledgered
67+ check_changelog_version : ${{ startsWith(github.ref, 'refs/tags/') }}
68+ publish : ${{ startsWith(github.ref, 'refs/tags/') }}
69+ secrets :
70+ pypi_token : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
0 commit comments