ci: use nix for workflows #23
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CD: Build & Publish to PyPI, GitHub, and Cachix" | |
| # TODO: Notify | |
| # TODO: Publish to PyPI | |
| # TODO: Generate provenance/hashes | |
| on: | |
| workflow_dispatch: | |
| # TODO: Remove after finished; for testing purposes only | |
| pull_request: | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "[INIT] Checkout repository" | |
| uses: actions/checkout@v5 | |
| - name: "[INIT] Install Nix" | |
| uses: cachix/install-nix-action@v31 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "[INIT] Setup Cachix" | |
| uses: cachix/cachix-action@v15 | |
| with: | |
| name: amperser | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: "[BUILD] Build wheel" | |
| run: | | |
| nix build -L .#wheel | |
| cp result/*.whl ./ | |
| - name: "[BUILD] Build sdist" | |
| run: | | |
| nix build -L .#sdist | |
| cp result/*.tar.gz ./ | |
| - name: "[CHANGELOG] Generate changelog" | |
| run: | | |
| nix develop --command git-cliff -c cliff.toml -o CHANGELOG.md --verbose | |
| - name: "[VERIFY] List built artifacts" | |
| run: | | |
| ls -la *.whl *.tar.gz | |
| echo "Built artifacts:" | |
| echo "- CHANGELOG.md" | |
| echo "- $(ls *.whl)" | |
| echo "- $(ls *.tar.gz)" | |
| - name: "[UPLOAD] Store built artifacts" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-artifacts | |
| path: | | |
| *.whl | |
| *.tar.gz | |
| CHANGELOG.md | |
| if-no-files-found: error | |
| github-release: | |
| name: Create Github Release | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: "[INIT] Checkout repository" | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: "[DOWNLOAD] Get built artifacts" | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-artifacts | |
| path: dist/ | |
| - name: "[EXTRACT] Get tag version" | |
| id: version | |
| run: | | |
| echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT | |
| echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| - name: "[CHANGELOG] Commit changelog" | |
| run: | | |
| git checkout main | |
| git config user.name 'github-actions[bot]' | |
| git config user.email 'github-actions[bot]@users.noreply.github.com' | |
| set +e | |
| mv ./dist/CHANGELOG.md ./CHANGELOG.md | |
| git add CHANGELOG.md | |
| git commit -m 'chore(release): update changelog for ${{ steps.version.outputs.tag }}' | |
| git push https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git main | |
| - name: "[RELEASE] Create GitHub release" | |
| uses: softprops/action-gh-release@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ steps.version.outputs.tag }} | |
| name: Release ${{ steps.version.outputs.tag }} | |
| prerelease: ${{ contains(steps.version.outputs.version, 'alpha') || contains(steps.version.outputs.version, 'beta') || contains(steps.version.outputs.version, 'rc') }} | |
| draft: false | |
| body_path: CHANGELOG.md | |
| files: | | |
| dist/*.whl | |
| dist/*.tar.gz |