| # Licensed under the Apache License: http://www.apache.org/licenses/LICENSE-2.0 |
| # For details: https://github.com/nedbat/coveragepy/blob/master/NOTICE.txt |
| |
| name: "Publish" |
| |
| on: |
| repository_dispatch: |
| # Triggered with `make` targets: |
| types: |
| - publish-testpypi # `make test_upload` |
| - publish-pypi # `make pypi_upload` |
| |
| defaults: |
| run: |
| shell: bash |
| |
| env: |
| # PYVERSIONS: changing the list of versions will change the number of |
| # expected distributions. This must match the same number in kit.yml. |
| EXPECTED: 92 |
| |
| permissions: |
| contents: read |
| |
| concurrency: |
| group: "${{ github.workflow }}-${{ github.ref }}" |
| cancel-in-progress: true |
| |
| jobs: |
| find-run: |
| name: "Find latest kit.yml run" |
| runs-on: "ubuntu-latest" |
| outputs: |
| run-id: ${{ steps.run-id.outputs.run-id }} |
| |
| steps: |
| - name: "Find latest kit.yml run" |
| id: runs |
| uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 |
| with: |
| route: GET /repos/nedbat/coveragepy/actions/workflows/kit.yml/runs |
| env: |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: "Record run id" # zizmor: ignore[template-injection] |
| id: run-id |
| run: | |
| # There must be a shorter way to write this... |
| [ "${{ fromJson(steps.runs.outputs.data).workflow_runs[0].status}}" = "completed" ] || exit 1 |
| [ "${{ fromJson(steps.runs.outputs.data).workflow_runs[0].conclusion}}" = "success" ] || exit 1 |
| echo "run-id=${{ fromJson(steps.runs.outputs.data).workflow_runs[0].id }}" >> "$GITHUB_OUTPUT" |
| |
| publish-to-test-pypi: |
| name: "Publish to Test PyPI" |
| if: ${{ github.event.action == 'publish-testpypi' }} |
| permissions: |
| id-token: write # needed for actions/attest-build-provenance |
| attestations: write # needed for actions/attest-build-provenance |
| runs-on: "ubuntu-latest" |
| environment: |
| name: "testpypi" |
| needs: |
| - find-run |
| |
| steps: |
| - name: "Download dists" |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 |
| with: |
| repository: "nedbat/coveragepy" |
| run-id: ${{ needs.find-run.outputs.run-id }} |
| github-token: ${{ secrets.GITHUB_TOKEN }} |
| pattern: "dist-*" |
| merge-multiple: true |
| path: "dist/" |
| |
| - name: "What did we get?" |
| run: | |
| ls -alR |
| echo "Number of dists, should be $EXPECTED:" |
| ls -1 dist | wc -l |
| files=$(ls dist 2>/dev/null | wc -l) && [ "$files" -eq $EXPECTED ] || exit 1 |
| |
| - name: "Generate attestations" |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 |
| with: |
| subject-path: "dist/*" |
| |
| - name: "Publish dists to Test PyPI" |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 |
| with: |
| repository-url: https://test.pypi.org/legacy/ |
| |
| publish-to-pypi: |
| name: "Publish to PyPI" |
| if: ${{ github.event.action == 'publish-pypi' }} |
| permissions: |
| id-token: write # needed for actions/attest-build-provenance |
| attestations: write # needed for actions/attest-build-provenance |
| runs-on: "ubuntu-latest" |
| environment: |
| name: "pypi" |
| needs: |
| - find-run |
| |
| steps: |
| - name: "Download dists" |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 |
| with: |
| repository: "nedbat/coveragepy" |
| run-id: ${{ needs.find-run.outputs.run-id }} |
| github-token: ${{ secrets.GITHUB_TOKEN }} |
| pattern: "dist-*" |
| merge-multiple: true |
| path: "dist/" |
| |
| - name: "What did we get?" |
| run: | |
| ls -alR |
| echo "Number of dists, should be $EXPECTED:" |
| ls -1 dist | wc -l |
| files=$(ls dist 2>/dev/null | wc -l) && [ "$files" -eq $EXPECTED ] || exit 1 |
| |
| - name: "Generate attestations" |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 |
| with: |
| subject-path: "dist/*" |
| |
| - name: "Publish dists to PyPI" |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 |
