-
Notifications
You must be signed in to change notification settings - Fork 38
147 lines (132 loc) · 4.73 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Publish package
on:
workflow_dispatch:
inputs:
release_tag:
type: string
required: true
description: The release tag to fetch the package to publish
nightly:
type: boolean
required: false
description: Whether to publish the package as a nightly release
default: true
workflow_call:
inputs:
release_tag:
type: string
required: true
description: The release tag to fetch the package to publish
nightly:
type: boolean
required: false
description: Whether to publish the package as a nightly release
default: true
secrets:
SNAPCRAFT_CREDENTIALS:
required: true
PYPI_CREDENTIALS:
required: true
release:
types:
- published
- edited
pull_request:
paths:
- .github/workflows/publish.yml
# We set `concurrency` to prevent having this workflow being run on code that is not up-to-date on a PR (a user make multiple push in a quick manner).
# But on the main branch, we don't want that behavior.
# Having the workflow run on each merge commit is something we would like, that could help us where a regression was made and missed by previous checks.
concurrency:
group: publish-package-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
RELEASE_TAG: ${{ (github.event_name == 'release' && github.ref_name) || (github.event_name == 'pull_request' && 'nightly') || inputs.release_tag }}
jobs:
publish:
runs-on: ubuntu-24.04
# We don't want to run this workflow on dependabot PRs because it will not be able to read the secrets
if: (!(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'))
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
with:
sparse-checkout: |
misc
timeout-minutes: 5
- name: Get tag version
id: version
shell: bash -eux -o pipefail {0}
run: >-
gh release
--repo=${{ github.server_url }}/${{ github.repository }}
download
${{ env.RELEASE_TAG }}
--pattern=version
--output=- | tee -a $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ github.token }}
timeout-minutes: 2
- name: Download Wheels from release
run: |
mkdir dist
gh release \
--repo=${{ github.server_url }}/${{ github.repository }} \
download \
${{ env.RELEASE_TAG }} \
--pattern=parsec_cloud-${{ steps.version.outputs.pep440 }}-*.whl \
--dir=dist
env:
GH_TOKEN: ${{ github.token }}
timeout-minutes: 2
- name: Download snap from release
run: |
mkdir snap
gh release \
--repo=${{ github.server_url }}/${{ github.repository }} \
download \
${{ env.RELEASE_TAG }} \
--pattern=Parsec_${{ steps.version.outputs.full }}_linux_*.snap \
--dir=snap
env:
GH_TOKEN: ${{ github.token }}
timeout-minutes: 2
- name: List downloaded files
run: tree dist snap
- name: Install Snapcraft
uses: samuelmeuli/action-snapcraft@fceeb3c308e76f3487e72ef608618de625fb7fe8 # pin v3.0.1
timeout-minutes: 2
- name: Get releases for snapcraft
id: snapcraft-channels
shell: bash
run: >-
(
echo -n "channels=";
python misc/snapcraft_releases.py ${{ inputs.nightly && '--nightly' || '' }} ${{ steps.version.outputs.full }}
) | tee $GITHUB_OUTPUT
timeout-minutes: 1
- name: Check that snapcraft credential is not empty
shell: bash
run: test $(printenv SNAPCRAFT_STORE_CREDENTIALS | wc -c | tee /dev/stderr) -gt 10
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_CREDENTIALS }}
timeout-minutes: 1
- name: Whoami snap
run: snapcraft whoami
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_CREDENTIALS }}
timeout-minutes: 2
- name: Upload Snap
run: snapcraft upload --release="${{ steps.snapcraft-channels.outputs.channels }}" snap/Parsec_${{ steps.version.outputs.full }}_linux_*.snap
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_CREDENTIALS }}
timeout-minutes: 3
- name: Publish wheel on PyPI
if: steps.version.outputs.local == ''
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # pin v1.12.2
with:
user: __token__
password: ${{ secrets.PYPI_CREDENTIALS }}
timeout-minutes: 2