diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 6f7bfab..8d18b5d 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -1,74 +1,88 @@ name: publish-pypi on: - workflow_run: - workflows: ["publish-on-semrel"] - types: [completed] workflow_dispatch: inputs: tag: - description: Tag to publish (e.g. v0.4.36) + description: "Tag a publicar (por defecto: Ășltimo v*)" required: false - type: string + workflow_run: + workflows: ["semantic-release"] + types: [completed] permissions: - contents: read id-token: write + contents: read packages: write + attestations: write jobs: publish: - if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} + if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' environment: pypi runs-on: ubuntu-latest steps: - - name: Checkout with tags + - name: Checkout con tags uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true + with: { fetch-depth: 0 } - - name: Resolve TAG + - name: Resolver TAG id: tag shell: bash run: | if [[ -n "${{ github.event.inputs.tag }}" ]]; then - echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV + TAG="${{ github.event.inputs.tag }}" + elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then + TAG="${GITHUB_REF#refs/tags/}" else - git fetch --tags --force - TAG=$(git describe --tags --abbrev=0) - echo "TAG=$TAG" >> $GITHUB_ENV + TAG="$(git tag -l 'v*' --sort=-v:refname | head -n1)" fi - echo "Resolved TAG=$TAG" - - - name: Sync version from TAG into pyproject.toml - shell: bash - env: - TAG: ${{ env.TAG }} - run: | - VER="${TAG#v}" - python - <<'PY' -import os,re,pathlib -ver=os.environ["VER"] -p=pathlib.Path("pyproject.toml") -t=p.read_text() -t=re.sub(r'(?m)^(\s*version\s*=\s*")\d+\.\d+\.\d+(")', rf'\1{ver}\2', t) -p.write_text(t) -print("synced version:", ver) -PY + echo "tag=${TAG}" >> "$GITHUB_OUTPUT" + echo "TAG=${TAG}" - name: Setup Python uses: actions/setup-python@v5 - with: - python-version: '3.x' + with: { python-version: '3.x' } - name: Build sdist & wheel run: | python -m pip install -U pip build python -m build - - name: Publish to PyPI via OIDC + - name: Verificar version == tag + shell: bash + run: | + WANT="${{ steps.tag.outputs.tag#v }}" + ACTUAL=$(python - <<'PY' +import re, pathlib +t=pathlib.Path("pyproject.toml").read_text() +print(re.search(r'(?m)^\s*version\s*=\s*"([0-9.]+)"', t).group(1)) +PY +) + echo "want=$WANT actual=$ACTUAL" + test "$WANT" = "$ACTUAL" + + - name: Publicar en PyPI (OIDC) uses: pypa/gh-action-pypi-publish@release/v1 with: - packages-dir: dist - verbose: true + skip-existing: true + + - name: Login GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build & Push image + shell: bash + run: | + REPO="${GITHUB_REPOSITORY,,}" + TAG="${{ steps.tag.outputs.tag }}" + docker buildx build --platform linux/amd64,linux/arm64 \ + -t ghcr.io/$REPO:$TAG \ + -t ghcr.io/$REPO:latest \ + --push .