-
Notifications
You must be signed in to change notification settings - Fork 41
176 lines (149 loc) · 5.1 KB
/
EVENT_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: release
run-name: Release
on:
release:
types: [released]
workflow_call:
inputs:
release_id:
type: string
description: "The id of the release"
required: false
release_tag:
type: string
description: "The tag of the release"
required: false
is_draft:
type: boolean
description: "Is the release a draft"
required: false
permissions:
contents: read
env:
release_id: ${{ inputs.release_id || github.event.release.id }}
release_tag: ${{ inputs.release_tag || github.event.release.tag_name }}
is_draft: ${{ inputs.is_draft || github.event.release.draft }}
is_scheduled: ${{ github.event_name == 'schedule' }}
jobs:
validate_tag:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.ref }}
- name: Fail early if tag schema is invalid
run: |
if [[ ! ${{ env.release_tag }} =~ ^refs/tags/(v[0-9]+\.[0-9]+\.[0-9]+)$ && ${{ env.release_tag }} =~ ^refs/tags/test-.*$ ]]; then
echo "Tag ${{ env.release_tag }} is not a valid semver tag"
exit 1
fi
run_tests:
needs: validate_tag
uses: ./.github/workflows/JOB_tests.yml
run_e2e:
uses: ./.github/workflows/JOB_e2e.yml
secrets:
E2E_API_KEY: ${{ secrets.E2E_API_KEY }}
E2E_ENVIRONMENT: ${{ secrets.E2E_ENVIRONMENT }}
E2E_TEAM: ${{ secrets.E2E_TEAM }}
release:
needs: [run_tests, run_e2e]
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.ref }}
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.9"
- run: pip install pip --upgrade
- name: Setup Poetry
uses: abatilo/actions-poetry@fd0e6716a0de25ef6ade151b8b53190b0376acfd
with:
poetry-version: "1.3.1"
- name: Build package
run: poetry build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc
test_release:
needs: [run_tests, run_e2e]
if: startsWith(github.ref, 'refs/tags/test-')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.ref }}
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.9"
- run: pip install pip --upgrade
- name: Setup Poetry
uses: abatilo/actions-poetry@fd0e6716a0de25ef6ade151b8b53190b0376acfd
with:
poetry-version: "1.3.1"
- name: Build package
run: |
poetry build
- name: Publish to Test PyPI
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc
with:
repository-url: https://test.pypi.org/legacy/
notify_release:
needs: [release]
if: success()
uses: ./.github/workflows/JOB_slack_message.yml
secrets: inherit
with:
icon: ":rocket:"
at_team: true
message: |
:tada: *${{ inputs.release_tag || github.event.release.tag_name }}* has been released!
:link:
- https://pypi.org/project/darwin-py
- ${{ github.event.release.html_url }}
notify_failed_release:
needs: [release]
if: failure()
uses: ./.github/workflows/JOB_slack_message.yml
secrets: inherit
with:
icon: ":warning:"
at_team: true
message: |
:warning: *${{ inputs.release_tag || github.event.release.tag_name }}* Release has failed to be released!
*An error occurred performing release, and you may need to release manually.*
:link:
- ${{ github.event.release.html_url }}