fix: capability resolution priority inversion — agent_card now overri… #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write | |
| id-token: write # Required for Sigstore keyless OIDC signing | |
| jobs: | |
| build: | |
| name: Build & Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # Full history needed for git-cliff changelog | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build cyclonedx-bom | |
| - name: Build wheel and sdist | |
| run: python -m build | |
| - name: Upload dist artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Install package for SBOM | |
| run: pip install dist/*.whl | |
| - name: Generate SBOM | |
| run: cyclonedx-py environment -o sbom.json --output-format json | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Sign release artifacts | |
| run: | | |
| for f in dist/*.whl dist/*.tar.gz; do | |
| cosign sign-blob --yes "$f" --output-signature "${f}.sig" --output-certificate "${f}.pem" | |
| done | |
| cosign sign-blob --yes sbom.json --output-signature sbom.json.sig --output-certificate sbom.json.pem | |
| - name: Generate release notes | |
| uses: orhun/git-cliff-action@v4 | |
| with: | |
| config: cliff.toml | |
| args: --latest --strip header | |
| env: | |
| OUTPUT: RELEASE_NOTES.md | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| body_path: RELEASE_NOTES.md | |
| files: | | |
| dist/*.whl | |
| dist/*.whl.sig | |
| dist/*.whl.pem | |
| dist/*.tar.gz | |
| dist/*.tar.gz.sig | |
| dist/*.tar.gz.pem | |
| sbom.json | |
| sbom.json.sig | |
| sbom.json.pem | |
| publish-to-pypi: | |
| name: Publish to PyPI | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: release | |
| url: https://pypi.org/project/dns-aid/ | |
| permissions: | |
| id-token: write # Trusted publisher OIDC | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |