Merge pull request #8 from nextmv-io/feature/fix-signing

Feature/fix signing

.github/workflows/publish.yml

@@ -7,7 +7,7 @@ on:
         description: "The version to release"
         required: true
       IS_PRE_RELEASE:
-        description: "Whether this is a pre-release"
+        description: "It IS a pre-release"
         required: true
         default: false
         type: boolean
@@ -21,13 +21,9 @@ jobs:
     env:
       VERSION: ${{ inputs.VERSION }}
       GH_TOKEN: ${{ github.token }}
+      SSH_AUTH_SOCK: /tmp/ssh_agent.sock
     steps:
-      - name: git clone develop
-        uses: actions/checkout@v4
-        with:
-          ref: develop
-
-      - name: Set up Python
+      - name: set up Python
         uses: actions/setup-python@v4
         with:
           python-version: "3.12"
@@ -37,53 +33,30 @@ jobs:
           pip install --upgrade pip
           pip install build twine hatch
 
-      - name: upgrade version with hatch
-        run: hatch version ${{ env.VERSION }}
-
-      - name: build binary wheel and source tarball
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-        run: |
-          python -m build
-
-      - name: publish to TestPyPI
-        env:
-          TWINE_USERNAME: ${{ secrets.TESTPYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TESTPYPI_PASSWORD }}
-        run: twine upload --repository testpypi dist/*
-
-      - name: publish to PyPI
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-        run: twine upload dist/*
-
       - name: configure git with the bot credentials
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
           mkdir -p ~/.ssh
           ssh-keyscan github.com >> ~/.ssh/known_hosts
           ssh-agent -a $SSH_AUTH_SOCK > /dev/null
           ssh-add - <<< "${{ secrets.NEXTMVBOT_SSH_KEY }}"
 
-          echo "${{ secrets.NEXTMVBOT_SIGNING_KEY }}" > ~/.ssh/signing.key
-          chmod 600 ~/.ssh/signing.key
-
           git config --global user.name "nextmv-bot"
           git config --global user.email "[email protected]"
-          git config --global url."[email protected]:".insteadOf "https://github.com/"
-          git config --global gpg.format ssh
-          git config --global user.signingkey ~/.ssh/signing.key
+
+          git clone [email protected]:nextmv-io/nextmv-py.git
+
+      - name: upgrade version with hatch
+        run: hatch version ${{ env.VERSION }}
+        working-directory: ./nextmv-py
 
       - name: commit new version
         run: |
           git add nextmv/__about__.py
-          git commit -S -m "Bump version to $VERSION"
+          git commit -m "Bump version to $VERSION"
           git push
           git tag $VERSION
           git push origin $VERSION
+        working-directory: ./nextmv-py
 
       - name: create release
         run: |
@@ -92,7 +65,29 @@ jobs:
             PRERELEASE_FLAG="--prerelease"
           fi
 
-          gh release create -R nextmv-io/nextmv-py $VERSION \
+          gh release create $VERSION \
           --verify-tag \
           --generate-notes \
           --title $VERSION $PRERELEASE_FLAG
+        working-directory: ./nextmv-py
+
+      - name: build binary wheel and source tarball
+        env:
+          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
+          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+        run: python -m build
+        working-directory: ./nextmv-py
+
+      - name: publish to TestPyPI
+        env:
+          TWINE_USERNAME: ${{ secrets.TESTPYPI_USERNAME }}
+          TWINE_PASSWORD: ${{ secrets.TESTPYPI_PASSWORD }}
+        run: twine upload --repository testpypi dist/*
+        working-directory: ./nextmv-py
+
+      - name: publish to PyPI
+        env:
+          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
+          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+        run: twine upload dist/*
+        working-directory: ./nextmv-py