os-climate · ModeSevenIndustrialSolutions · Jul 28, 2024 · Jul 28, 2024
diff --git a/.github/actions/semantic-tag-increment/action.yaml b/.github/actions/semantic-tag-increment/action.yaml
@@ -9,15 +9,15 @@ inputs:
     description: "The existing semantic tag to be incremented"
     required: true
   type:
-    description: "The type of increment to perform [ major|minor|patch ]"
-    required: true
+    description: "Increment to perform [major|minor|patch]"
+    required: false
     default: "patch"
 
 outputs:
   incremented:
     # Any single/leading non-numeric "v" character will be stripped
     description: "The incremented semantic tag [purely numeric]"
-    value: ${{ steps.increment.outputs.incremented }}
+    value: ${{ steps.increment-tag.outputs.incremented }}
 
 runs:
   using: "composite"
@@ -53,7 +53,7 @@ runs:
         if ! [[ "$TAG" =~ $PATTERN ]]; then
           echo "Invalid semantic tag"; exit 1
         else
-          echo "Supplied tag: $TAG"
+          echo "Numeric tag: $TAG"
         fi
 
         REGEX='[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)\([0-9A-Za-z-]*\)'

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,222 @@
+---
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The Linux Foundation <https://linuxfoundation.org>
+
+name: "📦 Release and Publish"
+
+# GitHub/PyPI trusted publisher documentation:
+# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [main, master]
+    types: [closed]
+  push:
+    branches: [main, master]
+    tags:
+      - "v*.*.*"
+
+env:
+  python-version: "3.10"
+  package-path: "dist"
+
+### BUILD ###
+
+jobs:
+  build:
+    name: "🐍 Build Project"
+    if: github.event.pull_request.merged == true ||
+      github.event.workflow_dispatch
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      # id-token: write
+    outputs:
+      publish: ${{ steps.build.outputs.publish }}
+
+    steps:
+      ### BUILDING ###
+
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+
+      - name: "Setup Python"
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.python-version }}
+
+      - name: "Setup PDM for build commands"
+        uses: pdm-project/setup-pdm@v4
+        with:
+          python-version: ${{ env.python-version }}
+
+      - name: "Report workflow/release metadata"
+        id: release-metadata
+        # yamllint disable-line rule:line-length
+        uses: os-climate/devops-reusable-workflows/.github/actions/latest-semantic-tag@main
+
+      - name: "🏷️ Create initial tag"
+        id: set-initial-tag
+        # needs: parse-tags
+        if: steps.release-metadata.outputs.tag-missing == 'true'
+        # https://github.com/softprops/action-gh-release
+        uses: softprops/action-gh-release@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          prerelease: true
+          tag_name: v0.0.1
+
+      - name: "Build with PDM backend"
+        id: build
+        # needs: release-metadata
+        if: steps.release-metadata.outputs.tag-missing == 'false'
+        run: |
+          pdm build
+          if ! (ls ${{ env.package-path }}/*.dev*.*); then
+            echo "publish=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      ### SIGNING ###
+
+      - name: "Sign packages with Sigstore"
+        uses: sigstore/[email protected]
+        env:
+          package-path: ${{ env.package-path }}
+        with:
+          inputs: >-
+            ./${{ env.package-path }}/*.tar.gz
+            ./${{ env.package-path }}/*.whl
+
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.ref_name }}
+          path: ${{ env.package-path }}
+
+  ### PUBLISH GITHUB ###
+
+  github:
+    name: "📦 Publish to GitHub"
+    # Only publish on tag pushes
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: mandatory to publish artefacts
+      contents: write
+    steps:
+      - name: "⬇ Download build artefacts"
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ github.ref_name }}
+          path: ${{ env.package-path }}
+
+      - name: "🌥️ Set environment variables"
+        id: setenv
+        run: |
+          # vernum="${{ env.python-version }}.$(date +'%Y%m%d%H%M')"
+          datetime="$(date +'%Y%m%d%H%M')"
+          echo "datetime=${datetime}" >> "$GITHUB_OUTPUT"
+
+      - name: "📦 Publish DEVELOPMENT artefacts to GitHub"
+        if: startsWith(github.ref, 'refs/tags/') != true
+        # https://github.com/softprops/action-gh-release
+        uses: softprops/action-gh-release@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          prerelease: true
+          tag_name: ${{ github.ref_name }}-dev
+          name: "Test/Development Build: ${{ github.ref_name }}"
+          # body_path: ${{ github.workspace }}/CHANGELOG.rst
+          files: |
+            ${{ env.package-path }}/*.tar.gz
+            ${{ env.package-path }}/*.whl
+            ${{ env.package-path }}/*.sigstore*
+
+      - name: "📦 Publish PRODUCTION artefacts to GitHub"
+        if: startsWith(github.ref, 'refs/tags/')
+        # https://github.com/softprops/action-gh-release
+        uses: softprops/action-gh-release@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          prerelease: false
+          tag_name: ${{ github.ref_name }}
+          name: "Test/Development Build: ${{ github.ref_name }}"
+          # body_path: ${{ github.workspace }}/CHANGELOG.rst
+          files: |
+            ${{ env.package-path }}/*.tar.gz
+            ${{ env.package-path }}/*.whl
+            ${{ env.package-path }}/*.sigstore*
+
+  ### PUBLISH PYPI TEST ###
+
+  testpypi:
+    name: "📦 Test PyPI publishing"
+    # Only publish on tag pushes
+    # if: startsWith(github.ref, 'refs/tags/')
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: testpypi
+    permissions:
+      # IMPORTANT: mandatory for trusted publishing
+      id-token: write
+    steps:
+      - name: "⬇ Download build artefacts"
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ github.ref_name }}
+          path: ${{ env.package-path }}
+
+      - name: "Validate build artefacts"
+        id: files
+        run: |
+          if [ -f ${{ env.package-path }}/buildvars.txt ]; then
+            rm ${{ env.package-path }}/buildvars.txt
+          fi
+          if (ls ${{ env.package-path }}/*.sigstore*); then
+            rm ${{ env.package-path }}/*.sigstore*
+          fi
+
+      - name: "Publish to test PyPI"
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          verbose: true
+          packages-dir: ${{ env.package-path }}
+
+  ### PUBLISH PYPI ###
+
+  pypi:
+    name: "📦 Publish to PyPI"
+    # Only publish on tag pushes
+    if:
+      startsWith(github.ref, 'refs/tags/') &&
+      needs.build.outputs.publish == 'true'
+      # contains(github.event.head_commit.message, '[release]')
+    needs: [build, testpypi]
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+    permissions:
+      # IMPORTANT: mandatory for trusted publishing
+      id-token: write
+    steps:
+      - name: "⬇ Download build artefacts"
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ github.ref_name }}
+          path: ${{ env.package-path }}
+
+      - name: "Remove files unsupported by PyPi"
+        run: |
+          if (ls ${{ env.package-path }}/*.sigstore*); then
+            rm ${{ env.package-path }}/*.sigstore*
+          fi
+
+#      - name: "📦 Publish to PyPI"
+#        uses: pypa/gh-action-pypi-publish@release/v1
+#        with:
+#          verbose: true
+#          packages-dir: ${{ env.package-path }}