Instructions and some help by default #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: [ main ] | |
| # Allow manual dispatch to choose publishing target (pypi or testpypi) | |
| workflow_dispatch: | |
| inputs: | |
| publish_target: | |
| description: 'Where to publish: pypi or testpypi' | |
| required: false | |
| default: 'pypi' | |
| jobs: | |
| test: | |
| uses: ./.github/workflows/emulator-test.yml | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install | |
| run: | | |
| python -m pip install -U pip | |
| # Install package build tooling and publishing helpers | |
| python -m pip install build python-semantic-release pip-audit twine | |
| # Install the package to ensure entry points are available for smoke checks | |
| python -m pip install . | |
| - name: Build and verify | |
| run: | | |
| python -m build | |
| twine check dist/* || true | |
| - name: Security audit | |
| run: | | |
| pip-audit -r requirements.txt || true | |
| - name: Publish package (semantic-release or initial twine upload) | |
| env: | |
| PUBLISH_TARGET: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.publish_target || 'pypi' }} | |
| PYPI_TOKEN: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.publish_target == 'testpypi') && secrets.TEST_PYPI_API_TOKEN || secrets.PYPI_API_TOKEN }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| git fetch --tags || true | |
| TAGS_COUNT=$(git tag -l | wc -l | tr -d ' ') | |
| echo "Found ${TAGS_COUNT} tags" | |
| if [ "${TAGS_COUNT}" -eq 0 ]; then | |
| echo "No tags found; performing initial upload via twine to ${PUBLISH_TARGET}" | |
| python -m pip install --upgrade pip | |
| python -m pip install build twine | |
| python -m build | |
| if [ "${PUBLISH_TARGET}" = "testpypi" ]; then | |
| python -m twine upload --repository-url https://test.pypi.org/legacy/ -u __token__ -p "${PYPI_TOKEN}" dist/* | |
| else | |
| python -m twine upload -u __token__ -p "${PYPI_TOKEN}" dist/* | |
| fi | |
| echo "Initial upload complete" | |
| else | |
| echo "Tags present; running semantic-release" | |
| semantic-release publish | |
| fi |