Skip to content
πŸš€ Build & release

Update docs #3111

Sign in to view logs

Update docs

Update docs #3111

Workflow file for this run

.github/workflows/release.yaml at ba930c7
---
name: πŸš€ Build & release
"on":
workflow_dispatch:
push:
branches:
- main
jobs:
build:
uses: kdeldycke/repomatic/.github/workflows/_release-build.yaml@ea6835e39a5977a617e7d5c0309b9a6fdd2e9386 # v6.24.0
publish-pypi:
name: 🐍 Publish to PyPI (${{ matrix.short_sha }})
needs: build
# Gate decoupled from the run's overall result: always() lets this job run even when an unrelated job (like binary
# tests in the engine lane) failed the run, and package_built confirms the wheel actually built, so a cleanly-built
# wheel still publishes. Both signals come from the build lane (_release-build.yaml).
if: >-
always()
&& needs.build.outputs.package_built == 'true'
&& needs.build.outputs.release_commits_matrix
strategy:
# GitHub evaluates `strategy.matrix` during job setup even when `if:` will skip the job. On a non-release push
# the build lane emits an empty string for `release_commits_matrix` (not "null": see its output description for
# why). A bare `fromJSON('')` aborts the whole run with "Unexpected value ''", so we fall back to an empty
# `{"include":[]}` matrix, which expands the job to zero runs and skips it cleanly.
matrix: ${{ fromJSON(needs.build.outputs.release_commits_matrix || '{"include":[]}') }}
runs-on: ubuntu-slim
permissions:
id-token: write
# Lets the admonition step below edit the published release notes.
contents: write
steps:
- uses: kdeldycke/repomatic/.github/actions/publish-pypi@ea6835e39a5977a617e7d5c0309b9a6fdd2e9386 # v6.24.0
with:
artifact-name: ${{ github.event.repository.name }}-${{ matrix.short_sha }}
# Backfill the "available on PyPI" admonition onto the release notes after a successful OIDC upload. The engine
# lane publishes the GitHub release without it (it cannot yet know the PyPI outcome). continue-on-error keeps a
# notes-edit hiccup from failing an upload that already succeeded.
- name: Add PyPI admonition to release notes
continue-on-error: true
env:
GH_TOKEN: ${{ secrets.REPOMATIC_PAT || github.token }}
CURRENT_VERSION: ${{ matrix.current_version }}
RELEASE_NOTES: ${{ needs.build.outputs.release_notes_with_admonition }}
run: >
gh release edit "v${CURRENT_VERSION}"
--notes-file -
--repo "${{ github.repository }}" <<< "${RELEASE_NOTES}"
release:
uses: kdeldycke/repomatic/.github/workflows/_release-engine.yaml@ea6835e39a5977a617e7d5c0309b9a6fdd2e9386 # v6.24.0
needs: build
secrets:
REPOMATIC_PAT: ${{ secrets.REPOMATIC_PAT }}
VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
# Prepare a Guix package definition after the release job. Unlike Homebrew, Scoop,
# NixOS, and AUR, the Guix definition is maintained in this repo (see packaging/guix/).
# Guix packages live on Codeberg and require reviewed PRs, so this job only updates the
# local definition and opens a PR.
guix:
name: πŸ‚ Guix
needs: release
runs-on: ubuntu-24.04
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check for new release
id: check
run: |
latest=$(
curl --silent --fail \
https://api.github.com/repos/kdeldycke/meta-package-manager/releases/latest \
| python3 -c "import json, sys; print(json.load(sys.stdin)['tag_name'].lstrip('v'))"
)
current=$(
grep --only-matching --perl-regexp '\(version "\K[^"]+' \
packaging/guix/meta-package-manager.scm
)
if [ "${latest}" = "${current}" ]; then
echo "Latest release ${latest} already matches definition. Skipping."
echo "skip=true" >> "${GITHUB_OUTPUT}"
else
echo "New release found: ${latest} (definition has ${current})."
echo "skip=false" >> "${GITHUB_OUTPUT}"
echo "version=${latest}" >> "${GITHUB_OUTPUT}"
fi
- name: Update package definition to latest release
if: steps.check.outputs.skip != 'true'
run: python3 packaging/guix/update.py
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
if: steps.check.outputs.skip != 'true'
- name: Render PR body
if: steps.check.outputs.skip != 'true'
env:
VERSION: ${{ steps.check.outputs.version }}
run: >
uvx --no-progress 'repomatic==6.17.0' pr-body
--template-file .github/pr-templates/update-package-spec.md
--template-arg channel=Guix
--template-arg version="${VERSION}"
--template-arg spec_path=packaging/guix/
--output body.md
- name: Open PR with updated packaging files
if: steps.check.outputs.skip != 'true'
env:
VERSION: ${{ steps.check.outputs.version }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
branch="guix/release"
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B "${branch}"
git add --update packaging/guix/
git commit --message "Update Guix package definition to v${VERSION}"
git push --force --set-upstream origin "${branch}"
existing=$(gh pr list --head "${branch}" --state open --json number --jq '.[0].number')
if [ -n "${existing}" ]; then
gh pr edit "${existing}" \
--title "Update Guix package definition to v${VERSION}" \
--body-file body.md \
--add-label "πŸ“¦ manager: guix"
else
gh pr create \
--title "Update Guix package definition to v${VERSION}" \
--body-file body.md \
--label "πŸ“¦ manager: guix"
fi
# Prepare a Nix package definition after the release job. Unlike Homebrew, Scoop,
# and AUR, the Nix definition is maintained in this repo (see packaging/nix/) while
# NixOS/nixpkgs#506145 is pending review. This job only updates the local definition
# and opens a PR.
nix:
name: ❄️ Nix
needs: release
runs-on: ubuntu-24.04
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: cachix/install-nix-action@v31
- name: Check for new release
id: check
run: |
latest=$(
curl --silent --fail \
https://api.github.com/repos/kdeldycke/meta-package-manager/releases/latest \
| python3 -c "import json, sys; print(json.load(sys.stdin)['tag_name'].lstrip('v'))"
)
current=$(
grep --only-matching --perl-regexp 'version = "\K[^"]+' \
packaging/nix/package.nix \
| head --lines=1
)
if [ "${latest}" = "${current}" ]; then
echo "Latest release ${latest} already matches definition. Skipping."
echo "skip=true" >> "${GITHUB_OUTPUT}"
else
echo "New release found: ${latest} (definition has ${current})."
echo "skip=false" >> "${GITHUB_OUTPUT}"
echo "version=${latest}" >> "${GITHUB_OUTPUT}"
fi
- name: Update package definition to latest release
if: steps.check.outputs.skip != 'true'
run: python3 packaging/nix/update.py
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
if: steps.check.outputs.skip != 'true'
- name: Render PR body
if: steps.check.outputs.skip != 'true'
env:
VERSION: ${{ steps.check.outputs.version }}
run: >
uvx --no-progress 'repomatic==6.17.0' pr-body
--template-file .github/pr-templates/update-package-spec.md
--template-arg channel=Nix
--template-arg version="${VERSION}"
--template-arg spec_path=packaging/nix/
--output body.md
- name: Open PR with updated packaging files
if: steps.check.outputs.skip != 'true'
env:
VERSION: ${{ steps.check.outputs.version }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
branch="nix/release"
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B "${branch}"
git add --update packaging/nix/
git commit --message "Update Nix package definition to v${VERSION}"
git push --force --set-upstream origin "${branch}"
existing=$(gh pr list --head "${branch}" --state open --json number --jq '.[0].number')
if [ -n "${existing}" ]; then
gh pr edit "${existing}" \
--title "Update Nix package definition to v${VERSION}" \
--body-file body.md \
--add-label "πŸ“¦ manager: nix"
else
gh pr create \
--title "Update Nix package definition to v${VERSION}" \
--body-file body.md \
--label "πŸ“¦ manager: nix"
fi