-
Notifications
You must be signed in to change notification settings - Fork 0
171 lines (151 loc) · 5.66 KB
/
Copy pathrelease.yml
File metadata and controls
171 lines (151 loc) · 5.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: Release
# Publishes both distributions to PyPI when a GitHub Release is published:
# - vgi-python (sdist + universal wheel) — the public package
# - vgi-fixtures (universal wheel only) — example/test workers
#
# vgi-fixtures is wheel-only on purpose: its source lives at the repo root in
# vgi/_test_fixtures/, which the wheel force-includes but an sdist cannot reach
# (see packages/vgi-fixtures/pyproject.toml). It is a pure-python py3-none-any
# wheel, so the wheel alone installs everywhere.
#
# Auth is PyPI Trusted Publishing (OIDC) — no API tokens. Before the first run,
# configure a Trusted Publisher on PyPI for BOTH projects (vgi-python,
# vgi-fixtures) pointing at:
# owner: Query-farm
# repository: vgi-python
# workflow: release.yml
# environment: pypi
# The `vgi-python` and `vgi-fixtures` versions must match the released tag.
on:
release:
types: [published]
permissions:
contents: read
jobs:
build:
name: Build distributions
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: Install uv
uses: astral-sh/setup-uv@v8.2.0
- name: Build vgi (sdist + wheel)
run: uv build --sdist --wheel --out-dir dist-vgi .
- name: Build vgi-fixtures (wheel only)
run: uv build --wheel --out-dir dist-fixtures packages/vgi-fixtures
- name: Validate metadata
run: uvx twine check dist-vgi/* dist-fixtures/*
- name: Upload vgi artifacts
uses: actions/upload-artifact@v7
with:
name: dist-vgi
path: dist-vgi/
- name: Upload vgi-fixtures artifacts
uses: actions/upload-artifact@v7
with:
name: dist-fixtures
path: dist-fixtures/
build-docker-image:
name: Build & push vgi-fixtures image (${{ matrix.short }})
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # push to GHCR
# One image per fixture worker, selected via the VGI_FIXTURE_WORKER build arg.
# The VGI extension's container transport uses plain `oci://…` string
# LOCATIONs (no struct env), so the worker must be baked into the tag rather
# than passed at runtime. Tags: ghcr.io/query-farm/vgi-fixtures:<ver>-<short>
# (plus :<ver> and :latest for the base worker). max-parallel: 1 so the heavy
# pip-install layer is built once and reused from the gha cache by the rest.
strategy:
fail-fast: false
max-parallel: 1
matrix:
include:
- { short: worker, worker: vgi-fixture-worker, latest: true }
- { short: versioned, worker: vgi-fixture-versioned-worker }
- { short: versioned-tables, worker: vgi-fixture-versioned-tables-worker }
- { short: attach-options, worker: vgi-fixture-attach-options-worker }
- { short: bad-protocol, worker: vgi-fixture-bad-protocol-worker }
- { short: bad-enum, worker: vgi-fixture-bad-enum-worker }
- { short: simple-writable, worker: vgi-fixture-simple-writable-worker }
steps:
- uses: actions/checkout@v7
# The image installs the exact wheels this release publishes.
- name: Download vgi wheel
uses: actions/download-artifact@v8
with:
name: dist-vgi
path: dist
- name: Download vgi-fixtures wheel
uses: actions/download-artifact@v8
with:
name: dist-fixtures
path: dist
- name: Compute image tags
id: meta
run: |
ver="${{ github.event.release.tag_name }}"
ver="${ver#v}" # normalize a leading v (v0.8.2 -> 0.8.2)
img="ghcr.io/query-farm/vgi-fixtures"
tags="$img:$ver-${{ matrix.short }}"
if [ "${{ matrix.latest }}" = "true" ]; then
tags="$tags,$img:$ver,$img:latest"
fi
echo "tags=$tags" >> "$GITHUB_OUTPUT"
- uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & push
uses: docker/build-push-action@v6
with:
context: .
file: packages/vgi-fixtures/docker/Dockerfile
platforms: linux/amd64
build-args: |
VGI_FIXTURE_WORKER=${{ matrix.worker }}
tags: ${{ steps.meta.outputs.tags }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
publish-vgi:
name: Publish vgi to PyPI
needs: build
runs-on: ubuntu-latest
environment: pypi
permissions:
id-token: write # required for Trusted Publishing
steps:
- name: Download vgi artifacts
uses: actions/download-artifact@v8
with:
name: dist-vgi
path: dist/
- name: Publish vgi
uses: pypa/gh-action-pypi-publish@release/v1
publish-vgi-fixtures:
name: Publish vgi-fixtures to PyPI
needs: build
runs-on: ubuntu-latest
environment: pypi
# Disabled until a Trusted Publisher exists for the `vgi-fixtures`
# project on PyPI (blocked on a PyPI new-project limit). The wheel is
# still built + metadata-checked above; only the upload is skipped, so
# vgi-python releases cleanly. Re-enable (delete this `if`) once the
# publisher is configured.
if: false
permissions:
id-token: write # required for Trusted Publishing
steps:
- name: Download vgi-fixtures artifacts
uses: actions/download-artifact@v8
with:
name: dist-fixtures
path: dist/
- name: Publish vgi-fixtures
uses: pypa/gh-action-pypi-publish@release/v1