diff --git a/.github/workflows/publish-on-semrel.yml b/.github/workflows/publish-on-semrel.yml index 8a5553f..85ad9f8 100644 --- a/.github/workflows/publish-on-semrel.yml +++ b/.github/workflows/publish-on-semrel.yml @@ -1,4 +1,5 @@ name: publish-on-semrel + on: workflow_run: workflows: ["semantic-release"] @@ -6,96 +7,70 @@ on: workflow_dispatch: inputs: tag: - description: "Tag a publicar (p.ej. v0.4.35). Vacío = último release" + description: "Tag a publicar (ej. v0.4.35)" required: false - default: "" -permissions: - contents: read - packages: write - id-token: write -concurrency: - group: publish-${{ github.event_name }}-${{ github.run_id }} - cancel-in-progress: false + type: string + jobs: publish: - if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} + if: > + (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || + (github.event_name == 'workflow_dispatch') runs-on: ubuntu-latest - environment: pypi + permissions: + contents: read + packages: write + id-token: write steps: - - uses: actions/checkout@v4 + - name: Checkout (con tags) + uses: actions/checkout@v4 with: fetch-depth: 0 - # Obtener tag del último release - - uses: actions/github-script@v7 - id: latest - with: - script: | - const { data } = await github.repos.getLatestRelease({ owner: context.repo.owner, repo: context.repo.repo }); - core.setOutput('tag', data.tag_name); - - - name: Resolver TAG de publicación + - name: Resolver TAG id: tag shell: bash run: | - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] && [[ -n "${{ github.event.inputs.tag }}" ]]; then + if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" && -n "${{ github.event.inputs.tag }}" ]]; then TAG="${{ github.event.inputs.tag }}" else - TAG="${{ steps.latest.outputs.tag }}" + git fetch --tags --force + TAG="$(git tag -l 'v*' --sort=-v:refname | head -n1)" fi - echo "TAG=$TAG" >> "$GITHUB_ENV" + echo "TAG=$TAG" | tee -a "$GITHUB_ENV" echo "tag=$TAG" >> "$GITHUB_OUTPUT" - echo "Publicando tag: $TAG" + echo "Publicando TAG=$TAG" - - name: Sincronizar version de pyproject.toml con TAG - shell: bash + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + + - name: Build sdist & wheel run: | - python - <<'PY' - import os, re, pathlib - tag = os.environ["TAG"].lstrip('v') - p = pathlib.Path("pyproject.toml") - t = p.read_text() - t = re.sub(r'(?m)^(\s*version\s*=\s*")\d+\.\d+\.\d+(")', rf"\1{tag}\2", t) - p.write_text(t) - print("Set version ->", tag) - PY + python -m pip install -U pip build + python -m build - # Build & push GHCR - - name: Set IMAGE - run: echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV" + - name: Publish to PyPI (OIDC) + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: dist + skip-existing: true - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 + - name: Login GHCR + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build & Push container - uses: docker/build-push-action@v6 + - name: Setup Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build & Push image + uses: docker/build-push-action@v5 with: context: . - file: ./Dockerfile - platforms: linux/amd64 push: true - provenance: false - tags: ${{ env.IMAGE }}:${{ steps.tag.outputs.tag }},${{ env.IMAGE }}:latest - - # Build & publish PyPI (OIDC) - - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - - name: Build sdist/wheel - run: | - python -m pip install -U pip build - python -m build - - - name: Publish to PyPI (Trusted Publisher) - uses: pypa/gh-action-pypi-publish@release/v1 - with: - skip-existing: true - verbose: true - env: - PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring + tags: ghcr.io/${{ github.repository }}:${{ env.TAG }} + platforms: linux/amd64