release: bump version to 0.41.0 (#793) #701
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "📦 Build & 🚀 Release" | |
| # Triggers | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - ".github/workflows/build_release.yml" | |
| - "builder/**/*" | |
| - "qgis_deployment_toolbelt/**/*.py" | |
| - pyproject.toml | |
| tags: | |
| - "*" | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - ".github/workflows/build_release.yml" | |
| - "builder/" | |
| - pyproject.toml | |
| # Allow one concurrent run of this workflow per branch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| # Globals | |
| env: | |
| PROJECT_FOLDER: "qgis_deployment_toolbelt" | |
| PYTHON_VERSION: "3.12" | |
| PYINSTALLER_LOG_LEVEL: "DEBUG" | |
| # Jobs definition | |
| jobs: | |
| build-python-wheel: | |
| name: "🐍 Python Wheel" | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Get source code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: pyproject.toml | |
| - name: Install Python requirements | |
| run: | | |
| python -m pip install -U pip setuptools wheel | |
| python -m pip install -U build setuptools-scm | |
| - name: Install project as a package | |
| run: python -m pip install -e . | |
| - name: Build a binary wheel and a source tarball | |
| run: >- | |
| python -m | |
| build | |
| --no-isolation | |
| --sdist | |
| --wheel | |
| --outdir dist/ | |
| . | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: python_wheel | |
| path: dist/* | |
| if-no-files-found: error | |
| build-macos: | |
| name: "🍏 Mac OS" | |
| permissions: | |
| contents: read | |
| runs-on: macos-15 | |
| steps: | |
| - name: Get source code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: pyproject.toml | |
| - name: Install Python requirements | |
| run: | | |
| python -m pip install -U pip setuptools wheel | |
| - name: Install project as a package | |
| run: python -m pip install -e .[packaging] | |
| - name: Generates Executable | |
| run: python -O ./builder/pyinstaller_build_macos.py | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: macos_executable | |
| path: | | |
| dist/* | |
| build_*.txt | |
| if-no-files-found: error | |
| build-ubuntu: | |
| name: "🐧 Ubuntu LTS" | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Get source code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: pyproject.toml | |
| - name: Install Python requirements | |
| run: | | |
| python -m pip install -U pip setuptools wheel | |
| - name: Install project as a package | |
| run: python -m pip install -e .[packaging] | |
| - name: Generates Executable | |
| run: python -O ./builder/pyinstaller_build_ubuntu.py | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: ubuntu_executable | |
| path: | | |
| dist/* | |
| build_*.txt | |
| if-no-files-found: error | |
| build-windows: | |
| name: "🏠 Windows" | |
| permissions: | |
| contents: read | |
| runs-on: windows-latest | |
| steps: | |
| - name: Get source code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: pyproject.toml | |
| - name: Install Python requirements | |
| run: | | |
| python -m pip install -U pip setuptools wheel | |
| - name: Install project as a package | |
| run: python -m pip install -e .[packaging] | |
| - name: Generates MS Version Info | |
| run: python .\builder\version_info_templater.py | |
| - name: Generates MS Executable | |
| run: python -O .\builder\pyinstaller_build_windows.py | |
| - name: Find executable filename | |
| id: find_exe | |
| shell: bash | |
| run: echo "exe_path=$(ls dist/*.exe | head -n 1)" >> $GITHUB_ENV | |
| - name: Decode Code Signing Certificate | |
| if: env.WINDOWS_CERTIFICATE_PFX_B64 != '' && github.event.repository.fork != true | |
| env: | |
| WINDOWS_CERTIFICATE_PFX_B64: ${{ secrets.WINDOWS_CERTIFICATE_PFX }} | |
| shell: bash | |
| run: | | |
| echo -n "$WINDOWS_CERTIFICATE_PFX_B64" > builder/code_signing_certificate.pfx.b64 | |
| certutil -decode builder/code_signing_certificate.pfx.b64 builder/code_signing_certificate.pfx | |
| - name: Show certificate details from PFX exporting as PEM (without keys) | |
| if: env.WINDOWS_CERTIFICATE_PFX_PASSWORD != '' && github.event.repository.fork != true | |
| env: | |
| WINDOWS_CERTIFICATE_PFX_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PFX_PASSWORD }} | |
| shell: bash | |
| run: | | |
| openssl pkcs12 -in builder/code_signing_certificate.pfx -clcerts -nokeys -passin pass:"$WINDOWS_CERTIFICATE_PFX_PASSWORD" -out cert.pem | |
| echo "Certificate Subject:" | |
| openssl x509 -in cert.pem -noout -subject | |
| echo "Certificate Basic Information:" | |
| openssl x509 -in cert.pem -noout -text | grep -A 10 "X509v3 Extended Key Usage" | |
| - name: Sign Executable | |
| if: env.WINDOWS_CERTIFICATE_PFX_PASSWORD != '' && github.event.repository.fork != true | |
| env: | |
| exe_path: ${{ env.exe_path }} | |
| WINDOWS_CERTIFICATE_PFX_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PFX_PASSWORD }} | |
| shell: pwsh | |
| run: | | |
| & "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f builder/code_signing_certificate.pfx /p $env:WINDOWS_CERTIFICATE_PFX_PASSWORD /n "oslandia.com" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:exe_path | |
| - name: Save it as artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: windows_executable | |
| path: | | |
| dist/* | |
| build_*.txt | |
| if-no-files-found: error | |
| release: | |
| name: "🚀 GitHub Release" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-macos | |
| - build-python-wheel | |
| - build-ubuntu | |
| - build-windows | |
| permissions: | |
| contents: write | |
| discussions: write | |
| if: startsWith(github.ref, 'refs/tags/') && github.event.repository.fork != true | |
| steps: | |
| - name: Retrieve artifact from Python build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: python_wheel | |
| path: builds/wheel/dist/ | |
| - name: Retrieve artifact from MacOS build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: macos_executable | |
| path: builds/macos/ | |
| - name: Retrieve artifact from Ubuntu build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: ubuntu_executable | |
| path: builds/ubuntu/ | |
| - name: Retrieve artifact from Windows build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: windows_executable | |
| path: builds/windows/ | |
| - name: Upload draft Artifacts | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: true | |
| fail_on_unmatched_files: true | |
| files: builds/*/dist/* | |
| generate_release_notes: true | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: false | |
| discussion_category_name: announcements | |
| release-pypi: | |
| name: "🐍 Release on PyPI" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-python-wheel | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/qgis-deployment-toolbelt | |
| permissions: | |
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Setup Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install requirements | |
| run: | | |
| python -m pip install -U pip setuptools wheel | |
| python -m pip install -U twine | |
| - name: Retrieve artifact from Python build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: python_wheel | |
| path: builds/wheel/ | |
| - name: Publish package to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: builds/wheel | |
| print-hash: true | |
| release-ghcr: | |
| name: "🐳 Release as Docker container" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - release | |
| - release-pypi | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| if: startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |