chore(release): 0.4.3 (#160) #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow triggers the CI, updates the version, and uploads the release to GitHub and | |
| # Google Artifact Registry when a push is made to either the 'main' or 'develop' branch. | |
| # | |
| # Workflow Steps: | |
| # | |
| # 1. Ci is triggered using the CI workflow defined in .github/workflows/ci.yaml | |
| # 2. If it succeeds, the version is updated using Python Semantic Release | |
| # 3. The release is uploaded to GitHub (same step and GitHub action) | |
| # 5. Authentication to Google Cloud is achieved using Workload Identity Federation | |
| # 6. The release is uploaded to Google Artifact Registry | |
| # | |
| # For more details on setting up Workload Identity Federation for GitHub, | |
| # visit https://github.com/google-github-actions/auth#setting-up-workload-identity-federation | |
| # WIF service account must have roles/artifactregistry.write access to the Artifact Registry repository | |
| name: CI and Release on main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| ci: | |
| name: CI | |
| uses: ./.github/workflows/ci.yaml | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| needs: ci | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.RELEASE_ACCESS_TOKEN }} | |
| - name: Python Semantic Release | |
| id: python-semantic-release | |
| uses: python-semantic-release/python-semantic-release@master | |
| with: | |
| github_token: ${{ secrets.RELEASE_ACCESS_TOKEN }} | |
| - name: 'Authenticate to Google Cloud' | |
| if: ${{ steps.python-semantic-release.outputs.released == 'true' }} | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider | |
| service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - [email protected] | |
| - name: Install twine | |
| if: ${{ steps.python-semantic-release.outputs.released == 'true' }} | |
| run: pip install twine keyrings.google-artifactregistry-auth | |
| - name: Upload dist to Google Artifact Registry | |
| if: ${{ steps.python-semantic-release.outputs.released == 'true' }} | |
| run: | | |
| python3 -m twine upload \ | |
| --repository-url https://europe-west1-python.pkg.dev/data-sandbox-fr/artefactory \ | |
| --verbose \ | |
| dist/* |