.github/workflows/publish.yml
name: Publish
on:
workflow_run:
workflows: Test
branches: master
types: completed
permissions: read-all
jobs:
deploy:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: write
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
persist-credentials: false
- name: Set Up Git Identity
run: |
git fetch -v -v -v --all --unshallow
git config --global user.email "$(git log -1 --pretty=format:'%ae' | xargs)"
git config --global user.name "${{ github.actor }}"
git remote set-url origin "https://${{ github.actor }}:${{ secrets.PUSH_TOKEN }}@github.com/${{ github.repository }}"
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.8"
- name: Install dependencies
run: |
pip install pipx==1.2.1
- name: Build package
run: |
pipx run build
- name: Determine Target Version
id: version
run: |
pipx install python-semantic-release==8.3.0
package_version=$(semantic-release -v version --print)
echo "PACKAGE_VERSION=$package_version" >> $GITHUB_ENV
- name: Publish package
uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
- name: Create Git Tag
run: |
git tag "v${{ env.PACKAGE_VERSION }}" $(git log -1 --pretty=format:"%H" --no-merges)
git push origin --tags
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
- name: Extract Changelog for current version
run: |
npm install -g changelog-parser
changelog-parser CHANGELOG.md | jq -r ".versions[0].body" >> changelog_body.md
- name: Create Github release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
tag: "v${{ env.PACKAGE_VERSION }}"
bodyFile: "changelog_body.md"
artifacts: "dist/*"