@@ -20,6 +20,38 @@ permissions:
2020 contents : read
2121
2222jobs :
23+ # from https://github.com/astral-sh/ruff/blob/main/.github/workflows/release.yaml
24+ validate-tag :
25+ name : Validate tag
26+ runs-on : ubuntu-latest
27+ # If you don't set an input tag, it's a dry run (no uploads).
28+ if : ${{ inputs.tag }}
29+ steps :
30+ - uses : actions/checkout@v4
31+ with :
32+ ref : main # We checkout the main branch to check for the commit
33+ - name : Check main branch
34+ if : ${{ inputs.sha }}
35+ run : |
36+ # Fetch the main branch since a shallow checkout is used by default
37+ git fetch origin main --unshallow
38+ if ! git branch --contains ${{ inputs.sha }} | grep -E '(^|\s)main$'; then
39+ echo "The specified sha is not on the main branch" >&2
40+ exit 1
41+ fi
42+ name : Check tag consistency
43+ run : |
44+ # Switch to the commit we want to release
45+ git checkout ${{ inputs.sha }}
46+ version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
47+ if [ "${{ inputs.tag }}" != "${version}" ]; then
48+ echo "The input tag does not match the version from pyproject.toml:" >&2
49+ echo "${{ inputs.tag }}" >&2
50+ echo "${version}" >&2
51+ exit 1
52+ else
53+ echo "Releasing ${version}"
54+ fi
2355linux :
2456 runs-on : ${{ matrix.platform.runner }}
2557 strategy :
@@ -123,7 +155,7 @@ jobs:
123155 name : Release
124156 runs-on : ubuntu-latest
125157 if : " startsWith(github.ref, 'refs/tags/')"
126- needs : [linux, windows, macos, sdist]
158+ needs : [validate-tag, linux, windows, macos, sdist]
127159 steps :
128160 - uses : actions/download-artifact@v4
129161 - name : Publish to PyPI
0 commit comments