Testing secrets and reusable workflows

evertlammerts · evertlammerts · commit eee2e50e1a7c · 2025-08-21T16:28:41.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -28,50 +28,50 @@ defaults:
     shell: bash
 
 jobs:
-#  build_and_test:
-#    name: Build and test releases
-#    uses:  ./.github/workflows/packaging.yml
-#    with:
-#      minimal: true
-#      testsuite: none
-#      git-ref: ${{ github.ref }}
-#      duckdb-git-ref: ${{ inputs.duckdb-sha }}
-#      set-version: ${{ inputs.stable-version }}
-#
-#  upload_s3:
-#    name: Upload Artifacts to S3
-#    runs-on: ubuntu-latest
-#    needs: [build_and_test]
-#    if: ${{ github.repository_owner == 'duckdb' && ( inputs.pypi-index == 'prod' || inputs.store-s3 ) }}
-#    steps:
-#      - name: Fetch artifacts
-#        uses: actions/download-artifact@v4
-#        with:
-#          pattern: '{sdist,wheel}*'
-#          path: artifacts/
-#          merge-multiple: true
-#
-#      - name: Authenticate with AWS
-#        uses: aws-actions/configure-aws-credentials@v4
-#        with:
-#          aws-region: 'us-east-2'
-#          aws-access-key-id: ${{ secrets.S3_DUCKDB_STAGING_ID }}
-#          aws-secret-access-key: ${{ secrets.S3_DUCKDB_STAGING_KEY }}
-#
-#      - name: Upload Artifacts
-#        id: s3_upload
-#        run: |
-#          sha=${{ github.ref }}
-#          aws s3 cp artifacts s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/ --recursive
-#
-#      - name: S3 Upload Summary
-#        run : |
-#          sha=${{ github.ref }}
-#          version=$(basename artifacts/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
-#          echo "## S3 Upload Summary" >> $GITHUB_STEP_SUMMARY
-#          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
-#          echo "* SHA: ${sha:0:10}" >> $GITHUB_STEP_SUMMARY
-#          echo "* S3 URL: s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/" >> $GITHUB_STEP_SUMMARY
+  build_and_test:
+    name: Build and test releases
+    uses:  ./.github/workflows/packaging.yml
+    with:
+      minimal: true
+      testsuite: none
+      git-ref: ${{ github.ref }}
+      duckdb-git-ref: ${{ inputs.duckdb-sha }}
+      set-version: ${{ inputs.stable-version }}
+
+  upload_s3:
+    name: Upload Artifacts to S3
+    runs-on: ubuntu-latest
+    needs: [build_and_test]
+    if: ${{ github.repository_owner == 'duckdb' && ( inputs.pypi-index == 'prod' || inputs.store-s3 ) }}
+    steps:
+      - name: Fetch artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '{sdist,wheel}*'
+          path: artifacts/
+          merge-multiple: true
+
+      - name: Authenticate with AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: 'us-east-2'
+          aws-access-key-id: ${{ secrets.S3_DUCKDB_STAGING_ID }}
+          aws-secret-access-key: ${{ secrets.S3_DUCKDB_STAGING_KEY }}
+
+      - name: Upload Artifacts
+        id: s3_upload
+        run: |
+          sha=${{ github.ref }}
+          aws s3 cp artifacts s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/ --recursive
+
+      - name: S3 Upload Summary
+        run : |
+          sha=${{ github.ref }}
+          version=$(basename artifacts/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
+          echo "## S3 Upload Summary" >> $GITHUB_STEP_SUMMARY
+          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
+          echo "* SHA: ${sha:0:10}" >> $GITHUB_STEP_SUMMARY
+          echo "* S3 URL: s3://duckdb-staging/${{ github.repository }}/${sha:0:10}/" >> $GITHUB_STEP_SUMMARY
 
   determine_environment:
     name: Determine the Github Actions environment to use
@@ -101,47 +101,46 @@ jobs:
               ;;
           esac
 
-#  publish_pypi:
-#    name: Publish Artifacts to PyPI
-#    runs-on: ubuntu-latest
-#    needs: determine_environment
-#    environment:
-#      name: ${{ needs.determine_environment.outputs.env_name }}
-#    permissions:
-#      # this is needed for the OIDC flow that is used with trusted publishing on PyPI
-#      id-token: write
-#    steps:
-#      - if: ${{ vars.PYPI_HOST == '' }}
-#        run: |
-#          echo "Error: PYPI_HOST is not set in CI environment '${{ needs.determine_environment.outputs.env_name }}'"
-#          exit 1
-#
-#      - name: Fetch artifacts
-#        uses: actions/download-artifact@v4
-#        with:
-#          pattern: '{sdist,wheel}*'
-#          path: packages/
-#          merge-multiple: true
-#
-#      - name: Upload artifacts to PyPI
-#        uses: pypa/gh-action-pypi-publish@release/v1
-#        with:
-#          repository-url: 'https://${{ vars.PYPI_HOST }}/legacy/'
-#          packages-dir: packages
-#          verbose: 'true'
-#
-#      - name: PyPI Upload Summary
-#        run : |
-#          version=$(basename packages/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
-#          echo "## PyPI Upload Summary" >> $GITHUB_STEP_SUMMARY
-#          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
-#          echo "* PyPI Host: ${{ vars.PYPI_HOST }}" >> $GITHUB_STEP_SUMMARY
-#          echo "* CI Environment: ${{ needs.determine_environment.outputs.env_name }}" >> $GITHUB_STEP_SUMMARY
+  publish_pypi:
+    name: Publish Artifacts to PyPI
+    runs-on: ubuntu-latest
+    needs: determine_environment
+    environment:
+      name: ${{ needs.determine_environment.outputs.env_name }}
+    permissions:
+      # this is needed for the OIDC flow that is used with trusted publishing on PyPI
+      id-token: write
+    steps:
+      - if: ${{ vars.PYPI_HOST == '' }}
+        run: |
+          echo "Error: PYPI_HOST is not set in CI environment '${{ needs.determine_environment.outputs.env_name }}'"
+          exit 1
+
+      - name: Fetch artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '{sdist,wheel}*'
+          path: packages/
+          merge-multiple: true
+
+      - name: Upload artifacts to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: 'https://${{ vars.PYPI_HOST }}/legacy/'
+          packages-dir: packages
+          verbose: 'true'
+
+      - name: PyPI Upload Summary
+        run : |
+          version=$(basename packages/*.tar.gz | sed 's/duckdb-\(.*\).tar.gz/\1/g')
+          echo "## PyPI Upload Summary" >> $GITHUB_STEP_SUMMARY
+          echo "* Version: ${version}" >> $GITHUB_STEP_SUMMARY
+          echo "* PyPI Host: ${{ vars.PYPI_HOST }}" >> $GITHUB_STEP_SUMMARY
+          echo "* CI Environment: ${{ needs.determine_environment.outputs.env_name }}" >> $GITHUB_STEP_SUMMARY
 
   cleanup_nightlies:
     name: Remove Nightlies from PyPI
-#    needs: [determine_environment, publish_pypi]
-    needs: determine_environment
+    needs: [determine_environment, publish_pypi]
     if: ${{ inputs.stable-version == '' }}
     uses: ./.github/workflows/cleanup_pypi.yml
     with:
