From f40b01d2221797543a8f6af58a46146c8cd69a41 Mon Sep 17 00:00:00 2001
From: Anwesha Das <anwesha@das.community>
Date: Thu, 3 Jul 2025 10:07:56 +0200
Subject: [PATCH 1/2] Adds workflow to upload to test.pypi

This is a workflow to help the release managers to get accustomed
with the release process.
This gives us the ability to run tests without messing the real
PyPI.
---
 .github/workflows/test-pypi-release.yml | 231 ++++++++++++++++++++++++
 1 file changed, 231 insertions(+)
 create mode 100644 .github/workflows/test-pypi-release.yml

diff --git a/.github/workflows/test-pypi-release.yml b/.github/workflows/test-pypi-release.yml
new file mode 100644
index 0000000000..6a65f15def
--- /dev/null
+++ b/.github/workflows/test-pypi-release.yml
@@ -0,0 +1,231 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: Release Ansible package
+'on':
+  workflow_dispatch:
+    inputs:
+      ansible-version:
+        description: >-
+          Release Version. Example: 11.1.0
+        required: true
+      preserve-deps:
+        description: >-
+          Whether to preserve existing `.deps` files.
+        type: boolean
+        default: false
+      allow-reset-build-deps:
+        description: >-
+          Whether to allow resetting existing .build files during alpha and beta-1 releases.
+          Only set to false for special alpha or beta-1 releases if the deps and build files
+          have been prepared manually!
+        type: boolean
+        default: true
+      existing-branch:
+        description: >-
+          If provided, assumes that a branch of this name exists in the ansible-build-data
+          repository. Changes will be pushed to this branch, and the PR will be created from
+          it.
+        type: string
+        default: ''
+env:
+  CI_COMMIT_MESSAGE: >-
+    Ansible ${{ inputs.ansible-version }}:
+    Dependencies, changelog and porting guide
+  ANSIBLE_VERSION: ${{ inputs.ansible-version }}
+  ANSIBLE_BRANCH_NAME: ${{ inputs.existing-branch || format('publish-{0}', inputs.ansible-version) }}
+
+jobs:
+  build:
+    name: Build Ansible (${{ inputs.ansible-version }})
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    outputs:
+      pr_url: ${{ steps.create-pr.outputs.pr_url }}
+
+    steps:
+      - name: Check out antsibull-build
+        uses: actions/checkout@v4
+        with:
+          repository: ansible-community/antsibull-build
+          ref: main
+          path: antsibull-build
+
+      - name: Pre-create build directory
+        run: mkdir -p antsibull-build/build
+
+      - name: Check out ansible-build-data under antsibull-build build directory
+        uses: actions/checkout@v4
+        with:
+          # This is where the antsibull-build build-release role expects it by default
+          path: antsibull-build/build/ansible-build-data
+          ref: ${{ inputs.existing-branch || '' }}
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install dependencies
+        working-directory: antsibull-build
+        run: |
+          python3 -m pip install packaging ansible-core antsibull-build
+          ansible-galaxy install -r requirements.yml
+
+      - name: Validate version and extract major version
+        shell: python
+        id: extract-version
+        run: |
+          import os
+          import pathlib
+          import sys
+
+          from packaging.version import Version
+
+          FILE_APPEND_MODE = 'a'
+          OUTPUTS_FILE_PATH = pathlib.Path(os.environ['GITHUB_OUTPUT'])
+          VERSION = os.environ['ANSIBLE_VERSION']
+
+          def set_output(name, value):
+              with OUTPUTS_FILE_PATH.open(FILE_APPEND_MODE) as outputs_file:
+                  outputs_file.writelines(f'{name}={value}{os.linesep}')
+
+          try:
+              version = Version(VERSION)
+          except Exception as exc:
+              sys.exit(
+                  f'::error ::The version {VERSION!r} cannot be parsed: {exc}.'
+              )
+
+          set_output('major-version', version.major)
+
+      - name: Checking out to a new branch
+        if: inputs.existing-branch == ''
+        working-directory: antsibull-build/build/ansible-build-data
+        run: |
+          git checkout -b "${ANSIBLE_BRANCH_NAME}"
+
+      - name: Setting the user details
+        run: |
+          git config --global user.name "Github Actions"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+      # Run the playbook according to the current release process
+
+      - name: Building a release with the defaults
+        working-directory: antsibull-build
+        env:
+          PRESERVE_DEPS: ${{ inputs.preserve-deps }}
+          ALLOW_RESET_BUILD_DEPS: ${{ inputs.allow-reset-build-deps }}
+          # Make result better readable
+          ANSIBLE_CALLBACK_RESULT_FORMAT: yaml
+        run: >-
+          ansible-playbook -vv playbooks/build-single-release.yaml
+          -e antsibull_data_reset=false
+          -e "antsibull_build_reset=${ALLOW_RESET_BUILD_DEPS}"
+          -e "antsibull_ansible_version=${ANSIBLE_VERSION}"
+          -e "antsibull_preserve_deps=${PRESERVE_DEPS}"
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        id: upload-artifact
+        with:
+          name: sdist-and-wheel
+          path: antsibull-build/build/ansible-*.*
+
+      - name: Commit ansible-build-data and push the changes to github
+        working-directory: >-
+          antsibull-build/build/ansible-build-data/${{ steps.extract-version.outputs.major-version }}
+        run: |
+          git add .
+          git commit -m "${CI_COMMIT_MESSAGE}"
+          git push origin "${ANSIBLE_BRANCH_NAME}"
+
+      - name: Create PR to the ansible-build-data
+        id: create-pr
+        working-directory: antsibull-build/build/ansible-build-data
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_URL: ${{ steps.upload-artifact.outputs.artifact-url }}
+        run: |
+          body="$(echo -e "${CI_COMMIT_MESSAGE}\nRelease artifacts: <${ARTIFACT_URL}>")"
+          echo -n "pr_url=" >> "${GITHUB_OUTPUT}"
+          gh pr create \
+          --base main \
+          --head "${ANSIBLE_BRANCH_NAME}" \
+          --title "Release Ansible ${ANSIBLE_VERSION}" \
+          --body "${body}" | tee -a "$GITHUB_OUTPUT"
+
+  # publish job downloads the arifacts and publish it to test-pypi
+
+  publish:
+    needs: build
+    name: Upload Ansible (${{ inputs.ansible-version }}) to test-pypi
+    runs-on: ubuntu-latest
+    environment:
+      name: test-pypi
+      url: https://test.pypi.org/project/ansible/${{ inputs.ansible-version }}
+    permissions:
+      id-token: write
+    outputs:
+      pr_url: ${{ needs.build.outputs.pr_url }}
+
+    steps:
+      - name: Ensure that the PR was merged
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ needs.build.outputs.pr_url }}
+        run: |
+          STATE="$(gh pr view "${PR_URL}" --json state --template "{{.state}}")"
+          if [ "${STATE}" != "MERGED" ]; then
+            echo "::error ::The state of PR ${PR_URL} must be MERGED, not ${STATE}"
+            exit 1
+          fi
+
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: sdist-and-wheel
+          path: dist/
+
+      - name: Upload Ansible sdist and wheel to test-PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  # git-tag job creates the git tag
+
+  git-tag:
+    needs: publish
+    name: Creates git tag for Ansible (${{ inputs.ansible-version }})
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Figure out merge commit
+        id: merge-commit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ needs.publish.outputs.pr_url }}
+        run: |
+          MERGE_COMMIT="$(gh pr view "${PR_URL}" --json mergeCommit --template "{{.mergeCommit.oid}}")"
+          echo "merge_commit=${MERGE_COMMIT}" >> "${GITHUB_OUTPUT}"
+
+      - name: Check out ansible-build-data
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.repository.default_branch }}
+          fetch-depth: 0
+
+      - name: Create (fake) git tag
+        env:
+          MERGE_COMMIT: ${{steps.merge-commit.outputs.merge_commit}}
+        run: |
+          echo git config --global user.name "Github Actions"
+          echo git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          echo git tag -a "${ANSIBLE_VERSION}" "${MERGE_COMMIT}" -m "Ansible ${ANSIBLE_VERSION}: Changelog, Porting Guide and Dependent Collection Details"
+          echo git push origin "${ANSIBLE_VERSION}"

From fa830c10be7ef6a0541f5e7c0b371e489f4283a3 Mon Sep 17 00:00:00 2001
From: Anwesha Das <anwesha@das.community>
Date: Fri, 4 Jul 2025 15:49:55 +0200
Subject: [PATCH 2/2] Updates test workflow name for training

---
 .github/workflows/test-pypi-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test-pypi-release.yml b/.github/workflows/test-pypi-release.yml
index 6a65f15def..96139e7ab8 100644
--- a/.github/workflows/test-pypi-release.yml
+++ b/.github/workflows/test-pypi-release.yml
@@ -3,7 +3,7 @@
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-name: Release Ansible package
+name: Test Ansible package Release Process
 'on':
   workflow_dispatch:
     inputs: