Remove prep release action and combine it with the release action and update the logic as well as update the release readme.

MOmarMiraj · MOmarMiraj · commit 2e6d5e5acf26 · 2025-05-12T18:26:26.000-04:00
diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,20 +1,66 @@
-name: Release SDK
+name: Release Python SDKs
 
 on:
   workflow_dispatch:
+    inputs:
+      version:
+        description: "Version number"
+        required: true
+        type: string
+      build_number:
+        description: "Build number "
+        required: true
+        type: string
 
 jobs:
-  build_wheels:
+  prepare-release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Parse and Validate Inputs
+        run: |
+          # Get inputs passed to the workflow
+          VERSION="${{ github.event.inputs.version }}"
+          BUILD_NUMBER="${{ github.event.inputs.build_number }}"
+
+          # Save the parsed values for future steps
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Run the Prep Release Script
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER"
+        shell: bash
+
+  build-wheels:
     name: Build wheels for Python SDK on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     if: startsWith(github.ref, 'refs/heads/sdk-core/')
+    needs: [prepare-release]
     strategy:
       fail-fast: false
       matrix:
         # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner
         os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14]
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
       - name: Upgrade build dependencies
         run: python -m pip install --upgrade pip setuptools wheel
 
@@ -32,7 +78,7 @@ jobs:
           CIBW_SKIP: pp* *-musllinux_*
           CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64"
           CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64"
-          CIBW_ARCHS: "native" # Equivalent to python's platform.machine()
+          CIBW_ARCHS: "native"
           CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel"
           CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}"
           CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio"
@@ -52,9 +98,12 @@ jobs:
     name: Build source distribution for Python SDK
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/heads/sdk-core/')
+    needs: [prepare-release]
     steps:
       - uses: actions/checkout@v4
-
+        with:
+          ref: ${{ github.ref }}
+        # Need to grab the SDK version for the wheel name
       - name: Extract SDK Version
         run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV"
         shell: bash
@@ -77,14 +126,15 @@ jobs:
           name: onepassword-sdk-${{ env.SDK_VERSION }}
           path: ./dist/*.tar.gz
 
-  release-sdk:
+  Release-SDK:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    needs: [build-wheels, build-sdist]
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.PAT }}
+          ref: ${{ github.ref }}
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v6
@@ -110,7 +160,7 @@ jobs:
       url: https://pypi.org/project/onepassword-sdk/
     permissions:
       id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
-    needs: [build_wheels, build-sdist]
+    needs: [Release-SDK]
     steps:
       - uses: actions/download-artifact@v4
         with:
diff --git a/src/release/README.md b/src/release/README.md
@@ -1,5 +1,15 @@
-## How to Prepare a Release for the Python SDK
+# How to Release the Python SDK
 
+## Release off an Release Candidate Branch in Github Actions
+To release the Python SDK via Github Action, you must do the following:
+1. SDK core opens a new PR with the latest generated code and latest core. This branch should start off with `sdk-core/...`
+2. Add the release notes for the RC as well as update the examples if needed.
+3. Run the `Release Python SDKs` action and input the correct build and version number while referencing the RC branch.
+4. After the action is completed, the Python SDK is released on Github and PyPi, you can merge the PR branch.
+
+If the Github Action isn't working, you can follow the manual steps below to release the Python SDK.
+
+## Manual Steps to release a Python SDK
 Before running this script, the user must make sure that they have the write permissions to the Python SDK repository.
 
 Run this make command to install all dependencies required for the Python SDK release process.
@@ -10,7 +20,7 @@ release/install-dependencies
 Step 1. Make any changes to the SDK as required on a feature branch or main branch.
 NOTE: If ran on a main branch, a release branch will be created.
 
-Step 2. Go to the root of the repo and run 
+Step 2. Go to the root of the repo and run
 ```
 make prep-release
 ```
