Skip to content

Commit

Permalink
Switch to actions/attest-build-provenance@v1
Browse files Browse the repository at this point in the history
  • Loading branch information
ei-grad committed Sep 10, 2024
1 parent 85ef087 commit e6d5d21
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 18 deletions.
55 changes: 37 additions & 18 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ jobs:
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: "https://test.pypi.org/legacy/"
attestations: true

github-release:
name: Release on GitHub
Expand All @@ -82,36 +81,58 @@ jobs:
name: GitHub
url: "https://github.com/ei-grad/flask-shell-ipython/releases/"
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Extract Version from Tag
run: echo "VERSION_FROM_GIT_REF=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
- name: Extract Version from pyproject.toml
run: |
pip install toml
VERSION_FROM_PYPROJECT=$(python -c "import toml; print(toml.load('pyproject.toml')['project']['version'])")
echo "VERSION_FROM_PYPROJECT=$VERSION_FROM_PYPROJECT" >> $GITHUB_ENV
- name: Ensure version consistency
run: |
if [ "$VERSION_FROM_GIT_REF" != "$VERSION_FROM_PYPROJECT" ]; then
echo "Error: Version from tag ($VERSION_FROM_GIT_REF) does not match version in pyproject.toml ($VERSION_FROM_PYPROJECT)"
exit 1
fi
echo VERSION=$VERSION_FROM_GIT_REF >> $GITHUB_ENV
- name: Extract changelog for release notes
id: changelog
run: |
CHANGELOG=$(awk -v version="$VERSION" '{
if ($0 ~ "^## \\[" version "\\]") inSection = 1;
else if ($0 ~ "^## \\[" && inSection) inSection = 0;
if (inSection) print $0;
}' CHANGELOG.md)
echo '::set-output name=section::${CHANGELOG}'
- name: Validate changelog content
if: steps.changelog.outputs.section == ''
run: echo "Changelog section for release notes is empty" && exit 1
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
- name: Attest build provenance
uses: actions/attest-build-provenance@v1
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
subject-path: dist/*
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--generate-notes
gh release create '${{ github.ref_name }}'
--draft
--notes '${{ steps.changelog.outputs.section }}'
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
gh release upload '${{ github.ref_name }}' dist/**
pypi-publish:
name: Release on PyPI
needs: test
needs: github-release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
environment:
Expand All @@ -124,5 +145,3 @@ jobs:
uses: actions/download-artifact@v4
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: true
1 change: 1 addition & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ dependencies = [

[project.urls]
Homepage = "https://github.com/ei-grad/flask-shell-ipython"
Changelog = "https://github.com/ei-grad/flask-shell-ipython/blob/main/CHANGELOG.md"

[project.entry-points."flask.commands"]
shell = "flask_shell_ipython:shell"
Expand Down

0 comments on commit e6d5d21

Please sign in to comment.