Deploy and Publish #87
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support documentation. | |
| # This workflow will download a prebuilt Python version, install dependencies, build and deploy/publish a new release | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
| name: Deploy and Publish | |
| on: | |
| workflow_run: | |
| workflows: ["Build and Test"] | |
| branches: [ master ] | |
| types: | |
| - completed | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # default: least privileged permissions across all jobs | |
| permissions: | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| concurrency: | |
| group: ${{ github.workflow }}-release-${{ github.ref_name }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| steps: | |
| # Note: We checkout the repository at the branch that triggered the workflow. | |
| # Python Semantic Release will automatically convert shallow clones to full clones | |
| # if needed to ensure proper history evaluation. However, we forcefully reset the | |
| # branch to the workflow sha because it is possible that the branch was updated | |
| # while the workflow was running, which prevents accidentally releasing un-evaluated | |
| # changes. | |
| - name: Setup | Checkout Repository on Release Branch | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| - name: Setup | Force release branch to be at workflow sha | |
| run: | | |
| git reset --hard ${{ github.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.13" | |
| - name: Action | Semantic Version Release | |
| id: release | |
| # Adjust tag with desired version if applicable. | |
| uses: python-semantic-release/python-semantic-release@v10.5.3 | |
| with: | |
| github_token: ${{ secrets.GH_TOKEN }} | |
| git_committer_name: "Watson Github Bot" | |
| git_committer_email: "watdevex@us.ibm.com" | |
| - name: Build a binary wheel and a source tarball | |
| run: pip3 install setuptools wheel twine build && python setup.py sdist | |
| - name: Publish | Upload to GitHub Release Assets | |
| uses: python-semantic-release/publish-action@v10.5.3 | |
| if: steps.release.outputs.released == 'true' | |
| with: | |
| github_token: ${{ secrets.GH_TOKEN }} | |
| tag: ${{ steps.release.outputs.tag }} | |
| - name: Upload | Distribution Artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: distribution-artifacts | |
| path: dist/ | |
| if-no-files-found: error | |
| outputs: | |
| released: ${{ steps.release.outputs.released || 'false' }} | |
| deploy: | |
| # 1. Separate out the deploy step from the publish step to run each step at | |
| # the least amount of token privilege | |
| # 2. Also, deployments can fail, and its better to have a separate job if you need to retry | |
| # and it won't require reversing the release. | |
| runs-on: ubuntu-latest | |
| needs: release | |
| if: ${{ needs.release.outputs.released == 'true' }} | |
| permissions: | |
| contents: read | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - name: Download all the dists | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: distribution-artifacts | |
| path: dist/ | |
| - name: Publish distribution 📦 to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |