1- name : Publish Python Package
1+ name : Continuous Delivery
22
33on :
44 push :
5- tags :
6- - " v*.*.*"
5+ branches :
6+ - main
7+ - rc
78
89jobs :
910 publish :
1011 runs-on : ubuntu-latest
12+ concurrency :
13+ group : ${{ github.workflow }}-release-${{ github.ref_name }}
14+ cancel-in-progress : false
1115 environment : pypi
1216 permissions :
1317 id-token : write
1620 steps :
1721 - name : Checkout repository
1822 uses : actions/checkout@v4
23+ with :
24+ ref : ${{ github.ref_name }}
25+ fetch-depth : 0
26+
27+ - name : Setup | Force release branch to be at workflow sha
28+ run : |
29+ git reset --hard ${{ github.sha }}
1930
2031name : Set up Python
2132 uses : actions/setup-python@v5
@@ -26,25 +37,61 @@ jobs:
2637 - name : Install libpcsclite-dev
2738 run : sudo apt-get update && sudo apt-get install -y libpcsclite-dev
2839
29- - name : Install and configure Poetry
30- uses : snok/install-poetry@v1
40+ - name : Evaluate | Verify upstream has NOT changed
41+ # Last chance to abort before causing an error as another PR/push was applied to
42+ # the upstream branch while this workflow was running. This is important
43+ # because we are committing a version change (--commit). You may omit this step
44+ # if you have 'commit: false' in your configuration.
45+ #
46+ # You may consider moving this to a repo script and call it from this step instead
47+ # of writing it in-line.
48+ shell : bash
49+ run : |
50+ set +o pipefail
51+
52+ UPSTREAM_BRANCH_NAME="$(git status -sb | head -n 1 | cut -d' ' -f2 | grep -E '\.{3}' | cut -d'.' -f4)"
53+ printf '%s\n' "Upstream branch name: $UPSTREAM_BRANCH_NAME"
54+
55+ set -o pipefail
56+
57+ if [ -z "$UPSTREAM_BRANCH_NAME" ]; then
58+ printf >&2 '%s\n' "::error::Unable to determine upstream branch name!"
59+ exit 1
60+ fi
61+
62+ git fetch "${UPSTREAM_BRANCH_NAME%%/*}"
63+
64+ if ! UPSTREAM_SHA="$(git rev-parse "$UPSTREAM_BRANCH_NAME")"; then
65+ printf >&2 '%s\n' "::error::Unable to determine upstream branch sha!"
66+ exit 1
67+ fi
68+
69+ HEAD_SHA="$(git rev-parse HEAD)"
70+
71+ if [ "$HEAD_SHA" != "$UPSTREAM_SHA" ]; then
72+ printf >&2 '%s\n' "[HEAD SHA] $HEAD_SHA != $UPSTREAM_SHA [UPSTREAM SHA]"
73+ printf >&2 '%s\n' "::error::Upstream has changed, aborting release..."
74+ exit 1
75+ fi
76+
77+ printf '%s\n' "Verified upstream branch has not changed, continuing with release..."
78+
79+ name : Action | Semantic Version Release
80+ id : release
81+ # Adjust tag with desired version if applicable.
82+ uses :
python-semantic-release/[email protected] 3183 with :
32- virtualenvs-create : false
33- installer-parallel : true
84+ github_token : ${{ secrets.GITHUB_TOKEN }}
85+ git_committer_name : " github-actions"
86+ git_committer_email :
" [email protected] " 3487
35- - name : Build package
36- run : poetry build
88+ - name : Publish | Upload to GitHub Release Assets
89+ uses :
python-semantic-release/[email protected] 90+ if : steps.release.outputs.released == 'true'
91+ with :
92+ github_token : ${{ secrets.GITHUB_TOKEN }}
93+ tag : ${{ steps.release.outputs.tag }}
3794
3895 - name : Publish to PyPI
3996 uses : pypa/gh-action-pypi-publish@release/v1
40-
41- - name : Upload package to GitHub Releases
42- uses : softprops/action-gh-release@v1
43- with :
44- tag_name : ${{ github.ref }}
45- generate_release_notes : true
46- files : |
47- dist/*.tar.gz
48- dist/*.whl
49- env :
50- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
97+ if : steps.release.outputs.released == 'true'
0 commit comments