Test release libs/ai-endpoints by @mattf #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test-release | |
| run-name: Test release ${{ inputs.working-directory }} by @${{ github.actor }} | |
| on: | |
| workflow_call: | |
| inputs: | |
| working-directory: | |
| required: true | |
| type: string | |
| description: "From which folder this pipeline executes" | |
| workflow_dispatch: | |
| inputs: | |
| working-directory: | |
| required: true | |
| type: string | |
| default: 'libs/ai-endpoints' | |
| env: | |
| POETRY_VERSION: "1.7.1" | |
| PYTHON_VERSION: "3.10" | |
| jobs: | |
| build: | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| pkg-name: ${{ steps.check-version.outputs.pkg-name }} | |
| version: ${{ steps.check-version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python + Poetry ${{ env.POETRY_VERSION }} | |
| uses: "./.github/actions/poetry_setup" | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| poetry-version: ${{ env.POETRY_VERSION }} | |
| working-directory: ${{ inputs.working-directory }} | |
| cache-key: release | |
| # We want to keep this build stage *separate* from the release stage, | |
| # so that there's no sharing of permissions between them. | |
| # The release stage has trusted publishing and GitHub repo contents write access, | |
| # and we want to keep the scope of that access limited just to the release job. | |
| # Otherwise, a malicious `build` step (e.g. via a compromised dependency) | |
| # could get access to our GitHub or PyPI credentials. | |
| # | |
| # Per the trusted publishing GitHub Action: | |
| # > It is strongly advised to separate jobs for building [...] | |
| # > from the publish job. | |
| # https://github.com/pypa/gh-action-pypi-publish#non-goals | |
| - name: Build project for distribution | |
| run: poetry build | |
| working-directory: ${{ inputs.working-directory }} | |
| - name: Upload build | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: test-dist | |
| path: ${{ inputs.working-directory }}/dist/ | |
| - name: Check Version | |
| id: check-version | |
| shell: bash | |
| working-directory: ${{ inputs.working-directory }} | |
| run: | | |
| echo pkg-name="$(poetry version | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT | |
| echo version="$(poetry version --short)" >> $GITHUB_OUTPUT | |
| publish: | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # This permission is used for trusted publishing: | |
| # https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ | |
| # | |
| # Trusted publishing has to also be configured on PyPI for each package: | |
| # https://docs.pypi.org/trusted-publishers/adding-a-publisher/ | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: test-dist | |
| path: ${{ inputs.working-directory }}/dist/ | |
| - name: Publish to test PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: ${{ inputs.working-directory }}/dist/ | |
| verbose: true | |
| print-hash: true | |
| repository-url: https://test.pypi.org/legacy/ | |
| # We overwrite any existing distributions with the same name and version. | |
| # This is *only for CI use* and is *extremely dangerous* otherwise! | |
| # https://github.com/pypa/gh-action-pypi-publish#tolerating-release-package-file-duplicates | |
| skip-existing: true |