build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#371) #23
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - v* | |
| permissions: | |
| contents: write | |
| jobs: | |
| functional-latest: | |
| uses: repository-service-tuf/repository-service-tuf/.github/workflows/functional.yml@main | |
| with: | |
| worker_version: latest | |
| api_version: latest | |
| cli_version: dev | |
| secrets: | |
| RSTUF_ONLINE_KEY: ${{ secrets.RSTUF_ONLINE_KEY }} | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: functional-latest | |
| outputs: | |
| release_id: ${{ steps.gh-release.outputs.id }} | |
| steps: | |
| - name: Checkout release tag | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| - name: Set up Python | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 | |
| with: | |
| python-version: '3.x' | |
| - name: Install build dependency | |
| run: python3 -m pip install --upgrade pip build twine | |
| - name: Build binary wheel and source tarball | |
| run: python3 -m build --sdist --wheel --outdir dist/ . | |
| - name: Check distribution's long description rendering on PyPI | |
| run: twine check dist/* | |
| - id: gh-release | |
| name: Publish GitHub release candidate | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| with: | |
| name: ${{ github.ref_name }}-rc | |
| tag_name: ${{ github.ref }} | |
| body: "Release waiting for review..." | |
| files: dist/* | |
| - name: Store build artifacts | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
| # NOTE: The GitHub release page contains the release artifacts too, but using | |
| # GitHub upload/download actions seems robuster: there is no need to compute | |
| # download URLs and tampering with artifacts between jobs is more limited. | |
| with: | |
| name: build-artifacts | |
| path: dist | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: release | |
| permissions: | |
| contents: write # to update GitHub releases | |
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
| steps: | |
| - name: Fetch build artifacts | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: build-artifacts | |
| path: dist | |
| - name: Finalize GitHub release | |
| uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 | |
| with: | |
| script: | | |
| await github.rest.repos.updateRelease({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: '${{ needs.build.outputs.release_id }}', | |
| name: '${{ github.ref_name }}', | |
| }) | |
| - name: Publish distribution 📦 to Test PyPI | |
| env: | |
| name: testpypi | |
| url: https://pypi.org/p/repository-service-tuf | |
| if: github.repository == 'repository-service-tuf/repository-service-tuf-cli' | |
| uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| - name: Publish binary wheel and source tarball 📦 on PyPI | |
| env: | |
| name: pypi | |
| url: https://pypi.org/p/repository-service-tuf | |
| # Only attempt PyPI upload in upstream repository | |
| if: github.repository == 'repository-service-tuf/repository-service-tuf-cli' | |
| uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e |