Skip to content

Release Pypi, Docker and GitHub #14

Release Pypi, Docker and GitHub

Release Pypi, Docker and GitHub #14

Workflow file for this run

---
name: "Release Pypi, Docker and GitHub"
on:
workflow_dispatch:
inputs:
tag:
description: "The version to tag, without the leading 'v'. If omitted, will initiate a dry run (no uploads)."
type: string
sha:
description: "The full sha of the commit to be released. If omitted, the latest commit on the default branch will be used."
default: ""
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
PYTHON_VERSION: "3.13"
jobs:
sdist_wheels:
name: Build Python sdist and wheel
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.sha }}
- name: Set local tag for version
if: ${{ inputs.tag }}
run: |
# Set to Github Actor
git config user.email "${{ github.actor }}@users.noreply.github.com"
git config user.name "${{ github.actor }} (GitHub Actions)"
git tag -m "v${{ inputs.tag }}" "v${{ inputs.tag }}"
- name: Setup Python & PDM
uses: pdm-project/setup-pdm@main
id: setup-pdm
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: true
allow-python-prereleases: true
- name: "Build wheel and sdist"
run: pdm build
- name: "Upload wheel and sdist"
uses: actions/upload-artifact@v4
with:
name: dist
path: dist
validate-tag:
name: Validate tag
runs-on: ubuntu-latest
# If you don't set an input tag, it's a dry run (no uploads).
if: ${{ inputs.tag }}
steps:
- uses: actions/checkout@v4
with:
ref: main # We checkout the main branch to check for the commit
- name: Check main branch
if: ${{ inputs.sha }}
run: |
# Fetch the main branch since a shallow checkout is used by default
git fetch origin main --unshallow
if ! git branch --contains ${{ inputs.sha }} | grep -E '(^|\s)main$'; then
echo "The specified sha is not on the main branch" >&2
exit 1
fi
upload-release:
name: Upload to PyPI
runs-on: ubuntu-latest
needs:
- sdist_wheels
# If you don't set an input tag, it's a dry run (no uploads).
if: ${{ inputs.tag }}
environment:
name: release
permissions:
# For pypi trusted publishing
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
name: dist
path: dist
- name: Publish to PyPi
uses: pypa/gh-action-pypi-publish@release/v1
with:
skip-existing: true
verbose: true
tag-release:
name: Tag release
runs-on: ubuntu-latest
needs: upload-release
# If you don't set an input tag, it's a dry run (no uploads).
if: ${{ inputs.tag }}
permissions:
# For git tag
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.sha }}
- name: git tag
run: |
git config user.email "${{ github.actor }}@users.noreply.github.com"
git config user.name "${{ github.actor }} (GitHub Actions)"
git tag -m "v${{ inputs.tag }}" "v${{ inputs.tag }}"
# If there is duplicate tag, this will fail. The publish to pypi action will have been a noop (due to skip
# existing), so we make a non-destructive exit here
git push --tags
publish-release:
name: Publish to GitHub
runs-on: ubuntu-latest
needs: tag-release
# If you don't set an input tag, it's a dry run (no uploads).
if: ${{ inputs.tag }}
permissions:
# For GitHub release publishing
contents: write
steps:
- uses: actions/download-artifact@v4
with:
name: dist
path: dist
- name: "Publish to GitHub"
uses: softprops/action-gh-release@v2
with:
draft: true
files: dist/*
tag_name: v${{ inputs.tag }}
docker-publish:
# This action doesn't need to wait on any other task, it's easy to re-tag if something failed and we're validating
# the tag here also
name: Push Docker image to ghcr.io
runs-on: ubuntu-latest
needs:
- sdist_wheels
environment:
name: release
permissions:
# For the docker push and the git clone
packages: write
contents: read
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.sha }}
- uses: actions/download-artifact@v4
name: Download Python artifacts
with:
name: dist
path: dist
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository}}
tags: |
type=pep440,value=${{ inputs.tag }},pattern={{version}}
- name: "Build and push Docker image"
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
# Reuse the builder
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ inputs.tag != '' && inputs.tag != 'dry-run'}}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}