diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 8d18b5d..99e96b9 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -1,88 +1,76 @@ name: publish-pypi - on: workflow_dispatch: inputs: tag: - description: "Tag a publicar (por defecto: último v*)" + description: "Release tag (vX.Y.Z). Dejar vacío para detectar último." required: false + type: string workflow_run: - workflows: ["semantic-release"] + workflows: [semantic-release] types: [completed] + branches: [main] permissions: - id-token: write contents: read + id-token: write packages: write - attestations: write jobs: publish: - if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' - environment: pypi + if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} runs-on: ubuntu-latest + environment: pypi steps: - name: Checkout con tags uses: actions/checkout@v4 - with: { fetch-depth: 0 } + with: {fetch-depth: 0} - name: Resolver TAG id: tag shell: bash run: | - if [[ -n "${{ github.event.inputs.tag }}" ]]; then - TAG="${{ github.event.inputs.tag }}" - elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then - TAG="${GITHUB_REF#refs/tags/}" + git fetch --tags --force --prune >/dev/null 2>&1 + if [[ -n "${{ inputs.tag }}" ]]; then + T="${{ inputs.tag }}" + elif [[ -n "${{ github.event.workflow_run.head_branch }}" ]]; then + T="$(git tag -l 'v*' --sort=-v:refname | head -n1)" else - TAG="$(git tag -l 'v*' --sort=-v:refname | head -n1)" + T="$(git tag -l 'v*' --sort=-v:refname | head -n1)" fi - echo "tag=${TAG}" >> "$GITHUB_OUTPUT" - echo "TAG=${TAG}" + echo "tag=$T" >> "$GITHUB_OUTPUT" + echo "TAG=$T" >> "$GITHUB_ENV" + echo "Using tag: $T" + + - name: Sincronizar versión de pyproject con TAG + shell: bash + run: | + want="${TAG#v}" + sed -i -E "s/^version *= *\"[^\"]+\"/version = \"$want\"/" pyproject.toml + echo "pyproject version -> $(grep -E '^version *= *\"' -m1 pyproject.toml)" - name: Setup Python uses: actions/setup-python@v5 - with: { python-version: '3.x' } + with: {python-version: '3.x'} - name: Build sdist & wheel run: | python -m pip install -U pip build python -m build - - name: Verificar version == tag - shell: bash - run: | - WANT="${{ steps.tag.outputs.tag#v }}" - ACTUAL=$(python - <<'PY' -import re, pathlib -t=pathlib.Path("pyproject.toml").read_text() -print(re.search(r'(?m)^\s*version\s*=\s*"([0-9.]+)"', t).group(1)) -PY -) - echo "want=$WANT actual=$ACTUAL" - test "$WANT" = "$ACTUAL" - - - name: Publicar en PyPI (OIDC) + - name: Publish to PyPI (OIDC) uses: pypa/gh-action-pypi-publish@release/v1 with: skip-existing: true - name: Login GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Buildx - uses: docker/setup-buildx-action@v3 + run: echo "${{ github.token }}" | docker login ghcr.io -u $ --password-stdin - - name: Build & Push image + - name: Build & Push image (amd64,arm64) shell: bash run: | - REPO="${GITHUB_REPOSITORY,,}" - TAG="${{ steps.tag.outputs.tag }}" + repo_lower="$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')" + docker buildx create --use --name drd-builder || true docker buildx build --platform linux/amd64,linux/arm64 \ - -t ghcr.io/$REPO:$TAG \ - -t ghcr.io/$REPO:latest \ + -t "ghcr.io/${repo_lower}:${TAG}" \ --push .