@@ -100,100 +100,11 @@ jobs:
100100 name : codecov-ragger
101101
102102 package_and_deploy :
103- name : Build and deploy Ragger Python Package
103+ name : Build and deploy the Ragger Python package
104104 needs : [build_install_test]
105- runs-on : public-ledgerhq-shared-small
106- permissions :
107- id-token : write
108- attestations : write
109- contents : write
110- steps :
111-
112- - name : Clone
113- uses : actions/checkout@v4
114- with :
115- fetch-depth : 0
116-
117- - name : Build Ragger Python package
118- run : |
119- # Needed to workaround this bug https://github.com/pypa/setuptools/issues/4759
120- # To be removed when it's fixed
121- pip install -U packaging
122-
123- pip install --upgrade pip build twine
124- python -m build
125- pip install .
126- python -m twine check dist/*
127- echo "TAG_VERSION=$(python -c 'from ragger import __version__; print(__version__)')" >> "$GITHUB_ENV"
128-
129- name : Display current status
130- run : |
131- echo "Current status is:"
132- if [[ ${{ github.ref }} == "refs/tags/"* ]];
133- then
134- echo "- Triggered from tag, package will be a release";
135- else
136- echo "- Not triggered from tag, package will be a pre-release";
137- fi
138- echo "- Tag version: ${{ env.TAG_VERSION }}"
139-
140- name : Check version against CHANGELOG
141- if : startsWith(github.ref, 'refs/tags/')
142- run : |
143- CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
144- if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ];
145- then
146- exit 0;
147- else
148- echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!";
149- exit 1;
150- fi
151-
152- name : Publish Python package on pypi.org
153- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
154- run : python -m twine upload dist/*
155- env :
156- TWINE_USERNAME : __token__
157- TWINE_PASSWORD : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
158- TWINE_NON_INTERACTIVE : 1
159-
160- - name : Login to Ledger Artifactory
161- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
162- timeout-minutes : 10
163- id : jfrog-login
164- uses : LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
165-
166- - name : Publish Python package on Ledger Artifactory
167- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
168- run : python -m twine upload dist/*
169- env :
170- TWINE_REPOSITORY_URL : https://jfrog.ledgerlabs.net/artifactory/api/pypi/embedded-apps-pypi-prod-green
171- TWINE_USERNAME : ${{ steps.jfrog-login.outputs.oidc-user }}
172- TWINE_PASSWORD : ${{ steps.jfrog-login.outputs.oidc-token }}
173- TWINE_NON_INTERACTIVE : 1
174-
175- - name : Generate library build attestations
176- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
177- timeout-minutes : 10
178- uses : LedgerHQ/actions-security/actions/attest@actions/attest-1
179- with :
180- subject-path : dist/*
181-
182- - name : Sign library artifacts
183- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
184- timeout-minutes : 10
185- uses : LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
186- with :
187- path : dist
188-
189- - name : Publish a release on the repo
190- if : success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
191- uses : " marvinpinto/action-automatic-releases@latest"
192- with :
193- automatic_release_tag : " v${{ env.TAG_VERSION }}"
194- repo_token : " ${{ secrets.GITHUB_TOKEN }}"
195- prerelease : false
196- files : |
197- LICENSE
198- CHANGELOG.md
199- dist/
105+ uses : LedgerHQ/ledger-app-workflows/.github/workflows/reusable_pypi_deployment.yml@v1
106+ with :
107+ package_name : ragger
108+ publish : ${{ startsWith(github.ref, 'refs/tags/') }}
109+ secrets :
110+ pypi_token : ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
0 commit comments