Skip to content
Release

Merge pull request #476 from powerapi-ng/chore/release-v2.9.0 #19

Sign in to view logs

Merge pull request #476 from powerapi-ng/chore/release-v2.9.0

Merge pull request #476 from powerapi-ng/chore/release-v2.9.0 #19

Workflow file for this run

.github/workflows/release.yml at 10aee7c
name: Release
on:
push:
tags:
- "v*"
permissions:
contents: read
jobs:
pre-checks:
name: Release Pre-Checks
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check if package version corresponds to git tag
shell: python
env:
PYTHONPATH: ${{ github.workspace }}/src
run: |
import os
import sys
from powerapi import __version__
git_tag = os.environ['GITHUB_REF_NAME'].removeprefix('v')
pkg_version = __version__
if git_tag != pkg_version:
title = 'Invalid version'
file = 'src/powerapi/__init__.py'
msg = f'Version mismatch between python package ({pkg_version}) and git tag ({git_tag})'
print(f'::error title={title},file={file}::{msg}')
sys.exit(1)
build-python-package:
name: Build Python Package
runs-on: ubuntu-latest
needs: [pre-checks]
outputs:
dist-hashes: ${{ steps.dist-hashes.outputs.hash }}
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
- name: Install uv
uses: astral-sh/setup-uv@d8db0a86d3d88f3017a4e6b8a1e2b234e7a0a1b5 # v4.0.0
- name: Build sdist and wheel
run: |
uv build --sdist --wheel --out-dir dist/
- name: Compute SHA256 hashes of build artifacts
id: dist-hashes
shell: bash
run: |
cd ./dist && echo "hash=$(sha256sum -- * | base64 -w0)" >> $GITHUB_OUTPUT
- name: Upload build artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: "python-build-dist"
path: ./dist
if-no-files-found: error
slsa-provenance:

Check failure on line 77 in .github/workflows/release.yml

View workflow run for this annotation

GitHub Actions / Release

Invalid workflow file 

The workflow is not valid. .github/workflows/release.yml (Line: 77, Col: 3): Error calling workflow 'slsa-framework/slsa-github-generator/.github/workflows/[email protected]'. The nested job 'upload-assets' is requesting 'contents: write', but is only allowed 'contents: read'.
name: Generate artifacts provenance attestation
needs: [build-python-package]
permissions:
contents: read
actions: read
id-token: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.build-python-package.outputs.dist-hashes }}"
publish-python-package:
name: Publish Pypi Package
runs-on: ubuntu-latest
needs: [build-python-package, slsa-provenance]
permissions:
contents: read
id-token: write
steps:
- name: Download build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: "python-build-dist"
- name: Publish package
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
with:
print-hash: true
attestations: true
docker-image:
name: Publish Docker image
runs-on: ubuntu-latest
needs: [pre-checks]
permissions:
contents: read
packages: write
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Setup Docker buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Log in to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ vars.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Log in to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: |
docker.io/powerapi/powerapi
ghcr.io/powerapi-ng/powerapi
tags: |
type=pep440,pattern={{version}}
- name: Build and push Docker image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
id: build-and-push
with:
push: true
provenance: false
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
github-release:
name: Publish GitHub release
runs-on: ubuntu-latest
needs: [publish-python-package, docker-image]
permissions:
contents: write
env:
CHGLOG_VERSION: "0.15.4"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Generate version changelog
run: |
set -euo pipefail
export BASE_URL="https://github.com/git-chglog/git-chglog/releases/download"
export FILENAME="git-chglog_${CHGLOG_VERSION}_linux_amd64.tar.gz"
curl -fsSL "${BASE_URL}/v${CHGLOG_VERSION}/${FILENAME}" |sudo tar xz --no-same-owner -C /usr/local/bin git-chglog
git-chglog --config .github/chglog/config.yml --output CHANGELOG.md "${GITHUB_REF_NAME}"
- name: Download build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Create GitHub release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
body_path: CHANGELOG.md
files: |
dist/powerapi-*.whl
dist/powerapi-*.tar.gz
*.intoto.jsonl