-
Notifications
You must be signed in to change notification settings - Fork 2
121 lines (108 loc) · 4.32 KB
/
release-sdk-python.yml
File metadata and controls
121 lines (108 loc) · 4.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release Python SDK
# Triggered on any push to main that touches sdk/python/**. The workflow
# only publishes when the version string in sdk/python/pyproject.toml
# actually changed in the push range — a changelog-only or test-only
# edit runs the workflow and exits cleanly without publishing. Uses
# PyPI trusted publishing (OIDC, no token). The PyPI project needs a
# one-time configuration pointing at this workflow — see
# docs/release-automation.md.
on:
push:
branches: [main]
paths:
- 'sdk/python/**'
- '.github/workflows/release-sdk-python.yml'
- 'scripts/extract-changelog.sh'
- 'scripts/read-version.sh'
workflow_dispatch:
permissions:
contents: write
id-token: write
concurrency:
group: release-sdk-python-${{ github.ref }}
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Resolve version
id: version
run: |
CURRENT=$(bash scripts/read-version.sh sdk/python/pyproject.toml)
TAG="py-v$CURRENT"
# Decide whether to publish. Two idempotency layers, in order:
# 1. Manifest-change-in-push: skip when the triggering push did
# not touch the SDK manifest. Range-based so multi-commit
# pushes work (HEAD~1 is wrong when the version bump is the
# first of several commits in the push).
# 2. Tag-exists: skip when the target tag already exists on
# origin. Catches reruns of a successful release.
# Manual workflow_dispatch runs have no push range; fall through
# to the tag check so the tag acts as the only gate.
BEFORE="${{ github.event.before }}"
AFTER="${{ github.sha }}"
MANIFEST_CHANGED="unknown"
if [ -n "$BEFORE" ] && [ "$BEFORE" != "0000000000000000000000000000000000000000" ]; then
if git diff --name-only "$BEFORE" "$AFTER" -- sdk/python/pyproject.toml | grep -Fxq sdk/python/pyproject.toml; then
MANIFEST_CHANGED="true"
else
MANIFEST_CHANGED="false"
fi
fi
if [ "$MANIFEST_CHANGED" = "false" ]; then
echo "manifest sdk/python/pyproject.toml not touched in push $BEFORE..$AFTER; skipping" >&2
echo "should_run=false" >> "$GITHUB_OUTPUT"
elif git rev-parse "refs/tags/$TAG" >/dev/null 2>&1; then
echo "tag $TAG already exists on origin; skipping" >&2
echo "should_run=false" >> "$GITHUB_OUTPUT"
else
echo "should_run=true" >> "$GITHUB_OUTPUT"
fi
echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Verify spec hash parity
if: steps.version.outputs.should_run == 'true'
uses: ./.github/actions/verify-spec-hash
with:
sdk: python
- name: Extract changelog for version
if: steps.version.outputs.should_run == 'true'
run: |
bash scripts/extract-changelog.sh \
"${{ steps.version.outputs.current }}" \
sdk/python/CHANGELOG.md \
/tmp/release-notes.md
- uses: actions/setup-python@v6
if: steps.version.outputs.should_run == 'true'
with:
python-version: '3.12'
- name: pip install + test + build
if: steps.version.outputs.should_run == 'true'
working-directory: sdk/python
run: |
python -m pip install --upgrade pip build
pip install -e '.[dev]'
pytest
python -m build
- name: Publish to PyPI
if: steps.version.outputs.should_run == 'true'
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages-dir: sdk/python/dist
- name: Create and push tag
if: steps.version.outputs.should_run == 'true'
run: |
TAG="${{ steps.version.outputs.tag }}"
git tag "$TAG"
git push origin "$TAG"
- name: Create GitHub release
if: steps.version.outputs.should_run == 'true'
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create "${{ steps.version.outputs.tag }}" \
--title "${{ steps.version.outputs.tag }}" \
--notes-file /tmp/release-notes.md