trobz-python-template/template/{% if enable_github_action %}.github{% endif%}/workflows/release.yaml.jinja at f47b4a0b12d1176ed4065a32eacc0e4d13c3c21d · trobz/trobz-python-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: release

on:
  push:
    branches:
      - main

{# default: least privileged permissions across all jobs #}
permissions:
  contents: read

jobs:
  release:
    runs-on: ubuntu-latest

    permissions:
      contents: write

    outputs:
      released: {% raw %}${{ steps.release.outputs.released }}{% endraw %}
      tag: {% raw %}${{ steps.release.outputs.tag }}{% endraw %}

    steps:
      {#
      Note: We checkout the repository at the branch that triggered the workflow
      with the entire history to ensure to match PSR's release branch detection
      and history evaluation.
      However, we forcefully reset the branch to the workflow sha because it is
      possible that the branch was updated while the workflow was running. This
      prevents accidentally releasing un-evaluated changes.
      #}
      - name: Checkout Repository on Release Branch
        uses: actions/checkout@v4
        with:
          ref: {% raw %}${{ github.ref_name }}{% endraw %}

      - name: Force release branch to be at workflow sha
        run: |
          git reset --hard {% raw %}${{ github.sha }}{% endraw %}

      - name: Semantic Version Release
        id: release
        uses: python-semantic-release/python-semantic-release@v10.5.2
        with:
          github_token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
          git_committer_name: "github-actions"
          git_committer_email: "actions@users.noreply.github.com"

{% if publish_to_pypi %}
  publish:
    needs: release
    if: needs.release.outputs.released == 'true'
    runs-on: ubuntu-latest

    permissions:
      contents: write
      {# IMPORTANT: this permission is mandatory for Trusted Publishing #}
      id-token: write

    environment:
      name: pypi
      url: https://pypi.org/p/{{ project_name }}

    steps:
      - name: Check out at new tag
        uses: actions/checkout@v4
        with:
          ref: {% raw %}${{ needs.release.outputs.tag }}{% endraw %}

      - name: Set up the environment
        uses: ./.github/actions/setup-python-env

      - name: Build Package
        run: make build

      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@v1.13.0
        with:
          packages-dir: dist
{% endif %}