listing what's in dist #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Microsoft Corporation. | |
| # Licensed under the MIT License. | |
| name: Release (PyPI via Trusted Publishing + uv) | |
| on: | |
| push: | |
| branches: [ "main", "dev/robgruen/online_tests" ] | |
| pull_request_target: | |
| branches: [ "main" ] | |
| merge_group: | |
| branches: [ "main" ] | |
| workflow_dispatch: # manual run | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| pull-requests: read | |
| contents: read | |
| id-token: write | |
| jobs: | |
| build: | |
| environment: | |
| name: build-pipeline | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: . # your project subdir | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Create .venv and install deps | |
| run: uv sync --extra dev | |
| - name: Build sdist + wheel (via make) | |
| run: make build # runs `uv build`, outputs to dist/ | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| test: | |
| environment: | |
| name: build-pipeline | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) | |
| # PRs from forks we check the permissions of the user that triggered the workflow (github.triggering_actor) | |
| # This means that if a user without write access opens a PR from a fork, they cannot run this workflow | |
| # Users with write access can still run this workflow on a PR from a fork | |
| # For PRs from the same repo, we allow the workflow to run as normal | |
| - name: Get User Permission | |
| if: ${{ github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]' }} | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check User Permission | |
| if: ${{ (github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]') && steps.checkAccess.outputs.require-result == 'false' }} | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| exit 1 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist | |
| - name: Login to Azure | |
| uses: azure/login@v2.2.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENTID }} | |
| tenant-id: ${{ secrets.AZURE_TENANTID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }} | |
| - name: Install uv | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Get Keys | |
| run: | | |
| dir dist | |
| uv run python tools/getKeys.py --vault build-pipeline-kv | |
| working-directory: dist | |
| - name: Run Tests | |
| run: | | |
| make test | |
| publish: | |
| needs: [ "build", "test"] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/typeagent-py | |
| permissions: | |
| id-token: write # REQUIRED for Trusted Publishing (no tokens!) | |
| contents: read | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| # For TestPyPI first, add: | |
| # with: | |
| # repository-url: https://test.pypi.org/legacy/ |