Skip to content

Commit 8426759

Browse files
spoorccspoorcc
committed
reorder workflows
1 parent 3c146a7 commit 8426759

File tree

8 files changed

+116
-65
lines changed

8 files changed

+116
-65
lines changed

.github/workflows/build.yml

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,18 @@
11
name: Build
22

33
on:
4-
push:
5-
branches:
6-
- main
7-
pull_request:
8-
types: [opened, synchronize, reopened]
4+
workflow_call:
5+
inputs:
6+
release_id:
7+
required: true
8+
type: string
99

1010
permissions:
1111
contents: read
1212

1313
jobs:
1414

1515
build:
16-
needs: prepare-release
1716
strategy:
1817
matrix:
1918
platform: [ubuntu-latest, macos-latest, windows-latest]
@@ -96,6 +95,21 @@ jobs:
9695
build/dfetch-package/*.msi
9796
build/dfetch-package/*.cdx.json
9897
98+
- name: Upload artifacts to release
99+
if: ${{ inputs.release_id }} != ''
100+
uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0
101+
with:
102+
tag_name: ${{ inputs.release_id }}
103+
files: |
104+
build/dfetch-package/*.deb
105+
build/dfetch-package/*.rpm
106+
build/dfetch-package/*.pkg
107+
build/dfetch-package/*.msi
108+
build/dfetch-package/*.cdx.json
109+
overwrite_files: false
110+
env:
111+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
112+
99113
test-binary:
100114
name: test binary
101115
needs:

.github/workflows/ci.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: CI & Release Orchestration
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- automate-release
8+
tags:
9+
- '*.*.*'
10+
pull_request:
11+
types: [opened, synchronize, reopened]
12+
13+
# Allows to run this workflow manually
14+
workflow_dispatch:
15+
16+
permissions:
17+
contents: read
18+
19+
jobs:
20+
draft-release:
21+
uses: ./.github/workflows/release.yml
22+
permissions:
23+
contents: write
24+
security-events: write
25+
26+
build-binaries:
27+
needs: draft-release
28+
uses: ./.github/workflows/build.yml
29+
permissions:
30+
contents: read
31+
security-events: write
32+
with:
33+
release_id: ${{ needs.draft-release.outputs.release_id }}
34+
35+
run:
36+
needs: draft-release
37+
uses: ./.github/workflows/run.yml
38+
permissions:
39+
contents: read
40+
security-events: write
41+
with:
42+
release_id: ${{ needs.draft-release.outputs.release_id }}
43+
44+
python-publish:
45+
needs: draft-release
46+
uses: ./.github/workflows/python-publish.yml
47+
permissions:
48+
contents: read
49+
security-events: write
50+
with:
51+
release_id: ${{ needs.draft-release.outputs.release_id }}

.github/workflows/docs.yml

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,13 @@ jobs:
99
docs:
1010
runs-on: ubuntu-latest
1111
steps:
12-
- name: Harden the runner (Audit all outbound calls)
13-
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
12+
- uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
1413
with:
1514
egress-policy: audit
16-
1715
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.0
18-
19-
- name: Install Python
20-
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
16+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
2117
with:
22-
python-version: '3.x'
18+
python-version: '3.13'
2319

2420
- name: Install documentation requirements
2521
run: "pip install .[docs] && pip install sphinx_design"

.github/workflows/landing-page.yml

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,13 @@ jobs:
1313
publish:
1414
runs-on: ubuntu-latest
1515
steps:
16-
- name: Harden the runner (Audit all outbound calls)
17-
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
16+
- uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
1817
with:
1918
egress-policy: audit
20-
2119
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.0
22-
23-
- name: Setup Python
24-
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
20+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
2521
with:
26-
python-version: "3.13"
22+
python-version: '3.13'
2723

2824
- name: Install dependencies
2925
run: |

.github/workflows/python-publish.yml

Lines changed: 13 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,13 @@ name: Upload Python Package
55

66
on:
77
release:
8-
types: [created]
9-
pull_request:
10-
types: [opened, synchronize, reopened]
8+
types: [published]
119

12-
# Allows to run this workflow manually
13-
workflow_dispatch:
10+
workflow_call:
11+
inputs:
12+
release_id:
13+
required: true
14+
type: string
1415

1516
permissions:
1617
contents: read
@@ -95,20 +96,14 @@ jobs:
9596
uses: pypa/gh-action-pypi-publish@03f86fee9ac21f854951f5c6e2a02c2a1324aec7 # v1
9697

9798
release:
98-
if: github.ref_type == 'tag'
99-
runs-on: ubuntu-latest
100-
needs:
101-
- build
102-
permissions:
103-
contents: write
104-
security-events: write
105-
steps:
106-
- name: Upload wheels to release
99+
- name: Upload artifacts to release
100+
if: ${{ inputs.release_id }} != ''
101+
needs:
102+
- build
107103
uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0
108104
with:
109-
tag_name: ${{ github.ref_name }}
110-
name: ${{ github.ref_name }}
111-
draft: true
112-
files: dist/
105+
tag_name: ${{ inputs.release_id }}
106+
files: dist/*
107+
overwrite_files: false
113108
env:
114109
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,7 @@
11
name: Releases
22

33
on:
4-
push:
5-
branches:
6-
- main
7-
- automate-release
8-
tags:
9-
- '*.*.*'
4+
workflow_call:
105

116
permissions:
127
contents: read
@@ -18,23 +13,29 @@ jobs:
1813
contents: write
1914
security-events: write
2015

16+
outputs:
17+
release_id: ${{ steps.release_info.outputs.tag }}
18+
2119
steps:
20+
- uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
21+
with:
22+
egress-policy: audit
2223
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.0
23-
24-
- name: Setup Python
25-
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
24+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
2625
with:
2726
python-version: '3.13'
2827

2928
- name: Determine release info
3029
id: release_info
3130
run: |
32-
if [[ "${GITHUB_REF}" == "refs/heads/automate-release" ]]; then
33-
TAG="latest"
34-
else
35-
TAG="${GITHUB_REF#refs/tags/}"
36-
fi
37-
echo "tag=$TAG" >> $GITHUB_OUTPUT
31+
if [[ "${GITHUB_REF}" == "refs/heads/automate-release" ]]; then
32+
TAG="latest"
33+
elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
34+
TAG="${GITHUB_REF#refs/tags/}"
35+
else
36+
TAG=""
37+
fi
38+
echo "tag=$TAG" >> $GITHUB_OUTPUT
3839
3940
- name: Update latest tag
4041
if: github.ref == 'refs/heads/automate-release'
@@ -45,11 +46,13 @@ jobs:
4546
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4647

4748
- name: Generate release notes
49+
if: ${{ steps.release_info.outputs.tag != '' }}
4850
id: notes
4951
run: |
5052
python script/create_release_notes.py
5153
5254
- name: Create release
55+
if: ${{ steps.release_info.outputs.tag != '' }}
5356
uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0
5457
with:
5558
tag_name: ${{ steps.release_info.outputs.tag }}

.github/workflows/run.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
name: Run
22

33
on:
4-
push:
5-
branches:
6-
- main
7-
pull_request:
8-
types: [opened, synchronize, reopened]
4+
workflow_call:
5+
inputs:
6+
release_id:
7+
required: true
8+
type: string
99

1010
permissions:
1111
contents: read
@@ -58,7 +58,7 @@ jobs:
5858
dfetch update
5959
dfetch report
6060
61-
test:
61+
run:
6262
strategy:
6363
matrix:
6464
platform: [ubuntu-latest, macos-latest, windows-latest]

.github/workflows/test.yml

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,11 @@ jobs:
1414
test:
1515
runs-on: ubuntu-latest
1616
steps:
17-
- name: Harden the runner (Audit all outbound calls)
18-
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
17+
- uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
1918
with:
2019
egress-policy: audit
21-
2220
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.0
23-
24-
- name: Setup Python
25-
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
21+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
2622
with:
2723
python-version: '3.13'
2824

0 commit comments

Comments
 (0)