Skip to content

chore: add permission to write tags to Release workflow #15

chore: add permission to write tags to Release workflow

chore: add permission to write tags to Release workflow #15

Workflow file for this run

name: Release
on:
push:
branches:
- main
- master
jobs:
release:
name: Release
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/django-json-agg
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
contents: write # Required for pushing tags - https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions
steps:
- name: Check out the repository
uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Set up Python
uses: actions/[email protected]
with:
python-version: "3.12"
- name: Upgrade pip
run: |
pip install --constraint="$(pwd)/.github/workflows/constraints.txt" pip
pip --version
- name: Install Poetry
run: |
pip install --constraint="$(pwd)/.github/workflows/constraints.txt" poetry
poetry --version
- name: Check if there is a parent commit
id: check-parent-commit
run: |
echo "::set-output name=sha::$(git rev-parse --verify --quiet HEAD^)"
- name: Detect and tag new version
id: check-version
if: steps.check-parent-commit.outputs.sha
uses: salsify/[email protected]
with:
version-command: |
bash -o pipefail -c "poetry version | awk '{ print \$2 }'"
- name: Bump version for developmental release
if: "! steps.check-version.outputs.tag"
run: |
poetry version patch &&
version=$(poetry version | awk '{ print $2 }') &&
poetry version $version.dev.$(date +%s)
- name: Build package
run: |
poetry build --ansi
- name: Publish package on PyPI
if: steps.check-version.outputs.tag
uses: pypa/[email protected]
- name: Publish package on TestPyPI
if: "! steps.check-version.outputs.tag"
uses: pypa/[email protected]
with:
repository-url: https://test.pypi.org/legacy/
- name: Publish the release notes
uses: release-drafter/[email protected]
with:
publish: ${{ steps.check-version.outputs.tag != '' }}
tag: ${{ steps.check-version.outputs.tag }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}