Merge pull request #36 from sdsc-ordes/develop #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| # Force JS actions onto Node 24 ahead of the June 2026 GHA default flip. | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" | |
| # Match the project's lower bound (pyproject: requires-python >=3.11). | |
| BUILD_PYTHON_VERSION: "3.11" | |
| # Pin the wheel-builder so release artifacts are reproducible. | |
| PYTHON_BUILD_VERSION: "1.2.2" | |
| jobs: | |
| build-release-assets: | |
| name: Build release assets | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Validate semver tag | |
| run: | | |
| if [[ ! "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Tag ${GITHUB_REF_NAME} is not a stable semver tag (vX.Y.Z)." | |
| exit 1 | |
| fi | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.BUILD_PYTHON_VERSION }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build open-pulse image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: tools/images/Dockerfile-open-pulse | |
| load: true | |
| tags: open-pulse/open-pulse:${{ github.ref_name }} | |
| - name: Build devcontainer image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: .devcontainer | |
| file: .devcontainer/Dockerfile | |
| load: true | |
| tags: open-pulse/devcontainer:${{ github.ref_name }} | |
| - name: Export image archives | |
| run: | | |
| mkdir -p release-artifacts | |
| docker save "open-pulse/open-pulse:${GITHUB_REF_NAME}" -o "release-artifacts/open-pulse-${GITHUB_REF_NAME}.tar" | |
| docker save "open-pulse/devcontainer:${GITHUB_REF_NAME}" -o "release-artifacts/devcontainer-${GITHUB_REF_NAME}.tar" | |
| (cd release-artifacts && sha256sum *.tar > SHA256SUMS.txt) | |
| - name: Build open-pulse wheel + sdist artifact | |
| run: | | |
| python -m pip install "build==${{ env.PYTHON_BUILD_VERSION }}" | |
| mkdir -p release-artifacts/python | |
| python -m build --sdist --wheel --outdir release-artifacts/python | |
| - name: Upload Python distributions for downstream jobs | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-dist | |
| path: release-artifacts/python/* | |
| - name: Create draft GitHub release | |
| uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 | |
| with: | |
| draft: true | |
| generate_release_notes: true | |
| files: | | |
| release-artifacts/*.tar | |
| release-artifacts/SHA256SUMS.txt | |
| release-artifacts/python/* | |
| publish-pypi: | |
| name: Publish to PyPI | |
| needs: build-release-assets | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/open-pulse-science | |
| permissions: | |
| id-token: write # OIDC token for Trusted Publisher; no API key needed. | |
| steps: | |
| - name: Download Python distributions | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-dist | |
| path: dist | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist |