chore: pull in the reusable test and release work

ferringb · ferringb · commit 8df9bdc81f4e · 2025-12-01T01:58:39.000+01:00
Signed-off-by: Brian Harring &lt;ferringb@gmail.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,77 +2,129 @@ name: release
 
 on:
   push:
-    branches: [deploy]
+    branches: [release-test-pypi, release-test-github, release-test-full]
     tags: [v*]
   workflow_dispatch:
 
+
 jobs:
-  build-and-deploy:
+  build:
     runs-on: ubuntu-latest
-    environment: release
-
-    permissions:
-      id-token: write # Used to authenticate to PyPI via OIDC
-
-      contents: write # Used to authenticate github release publish
+    outputs:
+      release-artifact-id: ${{ steps.upload-release.outputs.artifact-id }}
+      wheel-artifact-id: ${{ steps.upload-wheel.outputs.artifact-id }}
+      artifact-runner: ${{ github.job }}
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Reject any VCS dependencies
-      shell: python
-      run: |
-        import re, tomllib
-        manifest = tomllib.load(open('pyproject.toml', 'rb'))
-        deps = manifest['build-system']['requires']
-        deps.extend(manifest['project']['dependencies'])
-        if rejects := list(filter(re.compile(r'@[^+]+').search, deps)):
-          rejects = "  \n".join(sorted(rejects))
-          raise Exception(f'VCS dependencies were detected in [build-system]:\n  {rejects}')
+      continue-on-error: ${{ github.ref_type == 'branch' && github.ref_name != 'release-test-full' }}
+      uses: pkgcore/gh-actions/reject-python-vcs-deps@main
 
     - name: Set up Python 3.13
       uses: actions/setup-python@v5
       with:
         python-version: "3.13"
+        cache: 'pip'
+        cache-dependency-path: pyproject.toml
 
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install build ".[test,doc]"
-
-    - name: Test with pytest
-      env:
-        PY_COLORS: 1 # forcibly enable pytest colors
-      run: pytest
+        pip install build ".[doc]"
 
-    - name: Build sdist
+    - name: Build the release
       run: |
-        git clean -fxd
-        make man
-        make sdist
-
-    - name: Build wheel
-      run: make wheel
+        make release
 
     - name: Output dist file info
       run: |
         sha512sum dist/*
+        echo ::group::Release contents
         tar -ztf dist/*.tar.gz | sort
+        echo ::endgroup::
+        echo ::group::All generated content in dist
+        find .
+        echo ::endgroup::
+
+    - name: Upload wheel
+      id: upload-wheel
+      uses: actions/upload-artifact@v5
+      with:
+        name: wheel-release
+        path: dist/*.whl
+        if-no-files-found: error
 
-    - uses: actions/upload-artifact@v4
+    - name: Upload release source
+      id: upload-release
+      uses: actions/upload-artifact@v5
       with:
-        name: results
-        path: dist/*
+        name: release-source
+        path: dist/*.tar.gz
+        if-no-files-found: error
+
+  test:
+    needs: [build]
+    uses: ./.github/workflows/test.yml
+    with:
+      release-artifact-id: ${{ needs.build.outputs.release-artifact-id }}
+      disable-format-check: true
 
-    - name: publish
-      uses: pypa/gh-action-pypi-publish@release/v1
-      if: startsWith(github.ref, 'refs/tags/')
+  publish:
+    if: github.ref_type == 'tag'
+    needs: [build, test]
+    environment: release
+    permissions:
+      id-token: write # Used to authenticate to PyPI via OIDC
+      contents: write # release uploads
+    runs-on: ubuntu-latest
 
-    - name: Create GitHub release
-      uses: softprops/action-gh-release@v1
-      if: startsWith(github.ref, 'refs/tags/')
+    steps:
+    - &common_download_artifacts
+      name: Download artifacts
+      uses: actions/download-artifact@v5
+      with:
+        merge-multiple: true # store both in the root, not in named directories
+        artifact-ids: ${{ needs.build.outputs.release-artifact-id }},${{ needs.build.outputs.wheel-artifact-id }}
+
+    - name: Publish github source
+      uses: softprops/action-gh-release@v2
       with:
-        files: dist/*.tar.gz
+        files: '*.tar.*'
+        fail_on_unmatched_files: true
+
+    - name: Publish to PyPi server
+      uses: pypa/gh-action-pypi-publish@release/v1.13
+      with:
+        packages-dir: .
+
+  test-publish:
+    # use the full form to ensure insane tags and errors in 'on' filter still don't kick.
+    if: github.ref_type == 'branch'
+    needs: [build, test]
+    environment: test-release
+    permissions:
+      id-token: write # Used to authenticate to PyPI via OIDC
+      contents: write # release uploads-
+    runs-on: ubuntu-latest
+
+    steps:
+    - *common_download_artifacts
+    - name: Publish github source
+      uses: softprops/action-gh-release@v2
+      if: github.ref_name == 'release-test-github' || github.ref_name == 'release-test-full'
+      with:
+        files: '*.tar.*'
         fail_on_unmatched_files: true
         draft: true
+
+    - name: Publish to Test PyPi server
+      if: github.ref_name == 'release-test-pypi' || github.ref_name == 'release-test-full'
+      uses: pypa/gh-action-pypi-publish@release/v1.13
+      with:
+        packages-dir: .
+        repository-url: https://test.pypi.org/legacy/
+        # attestations are bound in a way re-releasing isn't possible.  Disable for tests.
+        attestations: false
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,9 +2,20 @@ name: test
 
 on:
   push:
-    branches-ignore: [deploy]
+    branches-ignore: [release-test-*]
   pull_request:
-    branches: [main]
+    branches: [master]
+  workflow_call:
+    inputs:
+      release-artifact-id:
+        required: false
+        type: string
+        default: ''
+        description: The artifact-id to run the tests against.
+      disable-format-check:
+        type: string
+        default: ''
+        description: Disable ruff format check if it is a non empty value
 
 jobs:
   test:
@@ -26,7 +37,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: pkgcore/gh-actions/get-source@main
+      with:
+        artifact-id: ${{ inputs.release-artifact-id }}
+
 
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v5
@@ -67,6 +81,7 @@ jobs:
 
   lint:
     runs-on: ubuntu-latest
+    if: inputs.disable-format-check == ''
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
@@ -86,6 +101,7 @@ jobs:
 
   format:
     runs-on: ubuntu-latest
+    if: inputs.disable-format-check == ''
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
