Main - post-commit #1886
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main - post-commit | |
| on: | |
| workflow_dispatch: # Allows running from actions tab | |
| inputs: | |
| force_pypi: | |
| description: 'Force push to PyPI' | |
| required: false | |
| type: boolean | |
| default: false | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: main-${{ github.ref_name }} | |
| cancel-in-progress: false | |
| jobs: | |
| detect-version-changed: | |
| uses: ./.github/workflows/_detect_version_changed_shared.yml | |
| secrets: inherit | |
| build-truss-server-base-images-if-needed: | |
| needs: detect-version-changed | |
| uses: ./.github/workflows/_build_truss_server_base_images_if_needed_shared.yml | |
| with: | |
| new_base_image_version: ${{ needs.detect-version-changed.outputs.new_base_image_version }} | |
| build_base_images: ${{ needs.detect-version-changed.outputs.build_base_images }} | |
| secrets: inherit | |
| all-tests: | |
| needs: [detect-version-changed, build-truss-server-base-images-if-needed] | |
| if: ${{ !failure() && !cancelled() && (needs.build-truss-server-base-images-if-needed.result == 'success' || needs.build-truss-server-base-images-if-needed.result == 'skipped') }} | |
| uses: ./.github/workflows/_integration_test_shared.yml | |
| with: | |
| run_only_integration: false | |
| report_to_slack: | |
| runs-on: ubuntu-22.04 | |
| if: always() && github.ref == 'refs/heads/main' | |
| needs: | |
| - all-tests | |
| steps: | |
| - name: get-branch | |
| run: echo ${{ github.ref }} | |
| - name: show-slack-status | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: custom | |
| fields: author, job, commit, repo | |
| custom_payload: | | |
| { | |
| attachments: [{ | |
| color: "${{ needs.all-tests.result == 'failure' && 'danger' || 'good' }}", | |
| text: `Truss post-commit tests ${{ needs.all-tests.result }}: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}`, | |
| }] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| publish-rc-to-pypi: | |
| needs: [detect-version-changed] | |
| # NB(nikhil): These complex conditions need to stay on one line, GHA has a parsing bug. | |
| if: ${{ !failure() && !cancelled() && ((needs.detect-version-changed.outputs.release_version == 'true' && needs.detect-version-changed.outputs.is_prerelease_version == 'true') || github.event.inputs.force_pypi == 'true') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # this permission is mandatory for Trusted Publishing | |
| id-token: write | |
| steps: | |
| - name: "Git tag release" | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.BASETENBOT_GITHUB_TOKEN}} | |
| - run: | | |
| NEW_VERSION=v${{ needs.detect-version-changed.outputs.new_version }} | |
| git config --global user.name "Github action" | |
| git config --global user.email "[email protected]" | |
| git tag -a $NEW_VERSION -m "Release $NEW_VERSION" | |
| git push origin $NEW_VERSION | |
| - uses: ./.github/actions/setup-python/ | |
| - name: Install packages | |
| run: uv sync --no-dev # NB(nikhil): Skip installing any dependency-groups | |
| - name: Build | |
| run: uv build | |
| - name: Create Release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| artifacts: "dist/*" | |
| token: ${{ secrets.BASETENBOT_GITHUB_TOKEN }} | |
| draft: false | |
| prerelease: ${{ needs.detect-version-changed.outputs.is_prerelease_version }} | |
| generateReleaseNotes: true | |
| makeLatest: true | |
| skipIfReleaseExists: true | |
| tag: "v${{ needs.detect-version-changed.outputs.new_version }}" | |
| - name: Publish package to PyPI (Trusted Publishing) | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| verbose: true | |
| print-hash: true |