chore: add permission to write tags to Release workflow #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- main | |
- master | |
jobs: | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/django-json-agg | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
contents: write # Required for pushing tags - https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: "3.12" | |
- name: Upgrade pip | |
run: | | |
pip install --constraint="$(pwd)/.github/workflows/constraints.txt" pip | |
pip --version | |
- name: Install Poetry | |
run: | | |
pip install --constraint="$(pwd)/.github/workflows/constraints.txt" poetry | |
poetry --version | |
- name: Check if there is a parent commit | |
id: check-parent-commit | |
run: | | |
echo "::set-output name=sha::$(git rev-parse --verify --quiet HEAD^)" | |
- name: Detect and tag new version | |
id: check-version | |
if: steps.check-parent-commit.outputs.sha | |
uses: salsify/[email protected] | |
with: | |
version-command: | | |
bash -o pipefail -c "poetry version | awk '{ print \$2 }'" | |
- name: Bump version for developmental release | |
if: "! steps.check-version.outputs.tag" | |
run: | | |
poetry version patch && | |
version=$(poetry version | awk '{ print $2 }') && | |
poetry version $version.dev.$(date +%s) | |
- name: Build package | |
run: | | |
poetry build --ansi | |
- name: Publish package on PyPI | |
if: steps.check-version.outputs.tag | |
uses: pypa/[email protected] | |
- name: Publish package on TestPyPI | |
if: "! steps.check-version.outputs.tag" | |
uses: pypa/[email protected] | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
- name: Publish the release notes | |
uses: release-drafter/[email protected] | |
with: | |
publish: ${{ steps.check-version.outputs.tag != '' }} | |
tag: ${{ steps.check-version.outputs.tag }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |