PYSCAN-38: Publish PR artifacts to Repox (#32)

joke1196 · joke1196 · commit 4650db70a065 · 2024-01-15T16:19:09.000+01:00
diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
@@ -127,7 +127,9 @@ jobs:
       with:
         python-version: |
           3.12
-        cache: "poetry"
+    - name: Install Poetry
+      run: |
+        pipx install poetry
     - name: Install its dependencies
       working-directory: ./its
       env:
@@ -142,3 +144,37 @@ jobs:
       working-directory: ./its
       run: |
         poetry run pytest 
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write     # required by SonarSource/vault-action-wrapper
+      contents: read      # required by actions/checkout
+    strategy:
+      fail-fast: false
+    steps:
+    - name: Get vault secrets
+      id: secrets
+      uses: SonarSource/vault-action-wrapper@v2
+      with:
+        secrets: |
+          development/artifactory/token/{REPO_OWNER_NAME_DASH}-qa-deployer access_token | ARTIFACTORY_PASSWORD_QA;
+    - uses: actions/checkout@v3
+    - name: Set up Python 
+      uses: actions/setup-python@v4
+      with:
+        python-version: |
+          3.12
+    - name: Install Poetry
+      run: |
+        pipx install poetry
+    - name: Configure pypi repo
+      run: poetry config repositories.sonarsource https://repox.jfrog.io/artifactory/api/pypi/sonarsource-pypi-builds
+    - name: Build and publish
+      env:
+        ARTIFACTORY_PYPI_DEPLOYER_USER: vault-SonarSource-sonar-scanner-python-qa-deployer
+        ARTIFACTORY_PYPI_DEPLOYER_API_KEY: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_PASSWORD_QA }}
+      run: |
+        poetry version patch
+        poetry version $(poetry version -s).dev${{ github.run_number }}
+        poetry build
+        poetry publish -r sonarsource --username $ARTIFACTORY_PYPI_DEPLOYER_USER --password $ARTIFACTORY_PYPI_DEPLOYER_API_KEY --verbose
