Release workflow

evertlammerts · evertlammerts · commit 004e5ecfe9b0 · 2025-08-21T12:57:46.000+02:00
diff --git a/.github/workflows/cleanup_pypi.yml b/.github/workflows/cleanup_pypi.yml
@@ -3,7 +3,7 @@ on:
   workflow_call:
     inputs:
       environment:
-        description: CI environment to run in (test.pypi or production.pypi)
+        description: CI environment to run in (pypi-test or pypi-prod-nightly)
         type: string
         required: true
   workflow_dispatch:
@@ -16,10 +16,9 @@ on:
         description: CI environment to run in
         type: choice
         required: true
-        default: test.pypi
         options:
-          - test.pypi
-          - production.pypi
+          - pypi-prod-nightly
+          - pypi-test
 
 jobs:
   cleanup_pypi:
diff --git a/.github/workflows/on_push_postrelease.yml b/.github/workflows/on_push_postrelease.yml
@@ -38,5 +38,5 @@ jobs:
       minimal: false
       testsuite: all
       git-ref: ${{ github.ref }}
-      duckdb-git-ref: ${{ needs.extract_duckdb_tag.outputs.duckdb_version }}
-      force-version: ${{ github.ref_name }}
+      duckdb-git-ref: ${{ github.ref_name }}
+      set-version: ${{ needs.extract_duckdb_tag.outputs.duckdb_version }}
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
@@ -1,5 +1,5 @@
 name: Packaging
-run-name: Build ${{ inputs.minimal && 'minimal set of' || 'all' }} packages (version=${{ inputs.force-version != '' && inputs.force-version || 'dev' }}, tests=${{ inputs.testsuite }}, ref=${{ inputs.git-ref }}, duckdb ref=${{ inputs.duckdb-git-ref }})
+run-name: Build ${{ inputs.minimal && 'minimal set of' || 'all' }} packages (version=${{ inputs.set-version != '' && inputs.set-version || 'dev' }}, tests=${{ inputs.testsuite }}, ref=${{ inputs.git-ref }}, duckdb ref=${{ inputs.duckdb-git-ref }})
 on:
   workflow_dispatch:
     inputs:
@@ -25,7 +25,7 @@ on:
         description: Git ref of DuckDB
         required: true
         default: refs/heads/main
-      force-version:
+      set-version:
         type: string
         description: Force version (vX.Y.Z-((rc|post)N))
         required: false
@@ -48,7 +48,7 @@ on:
         type: string
         description: Git ref of DuckDB
         required: false
-      force-version:
+      set-version:
         description: Force version (vX.Y.Z-((rc|post)N))
         required: false
         type: string
@@ -82,8 +82,8 @@ jobs:
           git checkout ${{ inputs.duckdb-git-ref }}
 
       - name: Set OVERRIDE_GIT_DESCRIBE
-        if: ${{ inputs.force-version != '' }}
-        run: echo "OVERRIDE_GIT_DESCRIBE=${{ inputs.force-version }}" >> $GITHUB_ENV
+        if: ${{ inputs.set-version != '' }}
+        run: echo "OVERRIDE_GIT_DESCRIBE=${{ inputs.set-version }}" >> $GITHUB_ENV
 
       - name: Install Astral UV
         uses: astral-sh/setup-uv@v6
@@ -149,7 +149,6 @@ jobs:
         uv run -v pytest ${{ inputs.testsuite == 'fast' && './tests/fast' || './tests' }} --verbose --ignore=./tests/stubs
 
     steps:
-
       - name: Checkout DuckDB Python
         uses: actions/checkout@v4
         with:
@@ -166,8 +165,8 @@ jobs:
 
       # Make sure that OVERRIDE_GIT_DESCRIBE is propagated to cibuildwhel's env, also when it's running linux builds
       - name: Set OVERRIDE_GIT_DESCRIBE
-        if: ${{ inputs.force-version != '' }}
-        run: echo "CIBW_ENVIRONMENT=OVERRIDE_GIT_DESCRIBE=${{ inputs.force-version }}" >> $GITHUB_ENV
+        if: ${{ inputs.set-version != '' }}
+        run: echo "CIBW_ENVIRONMENT=OVERRIDE_GIT_DESCRIBE=${{ inputs.set-version }}" >> $GITHUB_ENV
 
       # Install Astral UV, which will be used as build-frontend for cibuildwheel
       - uses: astral-sh/setup-uv@v6
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,147 @@
+# Release is called by duckdb's InvokeCI -> NotifyExternalRepositories job
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      duckdb-sha:
+        type: string
+        description: The DuckDB submodule commit to build against
+        required: true
+      stable-version:
+        type: string
+        description: Release a stable version (vX.Y.Z-((rc|post)N))
+        required: false
+      pypi-index:
+        type: choice
+        description: Which PyPI to use
+        required: true
+        options:
+          - test
+          - prod
+      store-s3:
+        type: boolean
+        description: Also store test packages in S3
+        default: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build_and_test:
+    name: Build and test releases
+    uses:  ./.github/workflows/packaging.yml
+    with:
+      minimal: false
+      testsuite: none
+      git-ref: ${{ github.ref }}
+      duckdb-git-ref: ${{ inputs.duckdb-sha }}
+      set-version: ${{ inputs.stable-version }}
+
+  upload_s3:
+    name: Upload Artifacts to S3
+    runs-on: ubuntu-latest
+    needs: [build_and_test]
+    if: ${{ github.repository_owner == 'duckdb' && ( inputs.pypi-index == 'prod' || inputs.store-s3 ) }}
+    steps:
+      - name: Fetch artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '{sdist,wheel}*'
+          path: artifacts/
+          merge-multiple: true
+
+      - name: Authenticate with AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: 'us-east-2'
+          aws-access-key-id: ${{ secrets.S3_DUCKDB_STAGING_ID }}
+          aws-secret-access-key: ${{ secrets.S3_DUCKDB_STAGING_KEY }}
+
+      - name: Upload Artifacts
+        id: s3_upload
+        run: |
+          sha=${{ github.ref }}
+          aws s3 cp artifacts s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/ --recursive
+
+      - name: S3 Upload Summary
+        run : |
+          sha=${{ github.ref }}
+          version=$(basename artifacts/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
+          echo "## S3 Upload Summary" >> $GITHUB_STEP_SUMMARY
+          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
+          echo "* SHA: ${sha:0:10}" >> $GITHUB_STEP_SUMMARY
+          echo "* S3 URL: s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/" >> $GITHUB_STEP_SUMMARY
+
+  determine_environment:
+    name: Determine the Github Actions environment to use
+    runs-on: ubuntu-latest
+    needs: build_and_test
+    outputs:
+      env_name: ${{ steps.set-env.outputs.env_name }}
+    steps:
+      - name: Set environment name
+        id: set-env
+        run: |
+          set -euo pipefail
+          case "${{ inputs.pypi-index }}" in
+            test)
+              echo "env_name=pypi-test" >> "$GITHUB_OUTPUT"
+              ;;
+            prod)
+              if [[ -n "${{ inputs.stable-version }}" ]]; then
+                echo "env_name=pypi-prod" >> "$GITHUB_OUTPUT"
+              else
+                echo "env_name=pypi-prod-nightly" >> "$GITHUB_OUTPUT"
+              fi
+              ;;
+            *)
+              echo "Error: invalid combination of inputs.pypi-index='${{ inputs.pypi-index }}' and inputs.stable-version='${{ inputs.stable-version }}'" >&2
+              exit 1
+              ;;
+          esac
+
+  publish_pypi:
+    name: Publish Artifacts to PyPI
+    runs-on: ubuntu-latest
+    needs: determine_environment
+    environment:
+      name: ${{ needs.determine_environment.outputs.env_name }}
+    permissions:
+      # this is needed for the OIDC flow that is used with trusted publishing on PyPI
+      id-token: write
+    steps:
+      - if: ${{ vars.PYPI_HOST == '' }}
+        run: |
+          echo "Error: PYPI_HOST is not set in CI environment '${{ needs.determine_environment.outputs.env_name }}'"
+          exit 1
+
+      - name: Fetch artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '{sdist,wheel}*'
+          path: packages/
+          merge-multiple: true
+
+      - name: Upload artifacts to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: 'https://${{ vars.PYPI_HOST }}/legacy/'
+          packages-dir: packages
+          verbose: 'true'
+
+      - name: PyPI Upload Summary
+        run : |
+          version=$(basename packages/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
+          echo "## PyPI Upload Summary" >> $GITHUB_STEP_SUMMARY
+          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
+          echo "* PyPI Host: ${{ vars.PYPI_HOST }}" >> $GITHUB_STEP_SUMMARY
+          echo "* CI Environment: ${{ needs.determine_environment.outputs.env_name }}" >> $GITHUB_STEP_SUMMARY
+
+  cleanup_nightlies:
+    name: Remove Nightlies from PyPI
+    needs: [determine_environment, publish_pypi]
+    if: ${{ inputs.stable-version == '' }}
+    uses: ./.github/workflows/cleanup_pypi.yml
+    with:
+      environment: ${{ needs.determine_environment.outputs.env_name }}
