v0.11.0 #48
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish | |
| on: | |
| release: | |
| types: [ published ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| test-and-build: | |
| runs-on: ubuntu-latest | |
| env: | |
| PIP_PROGRESS_BAR: "off" | |
| PIP_DISABLE_PIP_VERSION_CHECK: "on" | |
| POETRY_NO_INTERACTION: 1 | |
| POETRY_VIRTUALENVS_IN_PROJECT: true | |
| container: | |
| image: python:3.12-alpine | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - name: Install git | |
| run: apk add git | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Fix directory permissions | |
| run: chown -R root:root . | |
| - uses: ./.github/actions/setup-poetry-project | |
| with: | |
| install_plugin: true | |
| - name: Run Pytest | |
| run: poetry run pytest | |
| - name: Build Package | |
| run: poetry build | |
| - name: Archive Production Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: | | |
| dist | |
| - name: Store version | |
| id: version | |
| run: | | |
| echo "version=$(poetry version --short)" >> $GITHUB_OUTPUT | |
| publish-to-pypi: | |
| needs: test-and-build | |
| runs-on: ubuntu-latest | |
| environment: release | |
| permissions: | |
| # IMPORTANT: this permission is mandatory for PyPI trusted publishing | |
| id-token: write | |
| steps: | |
| - name: Download a single artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| - name: Publish Package Distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| attestations: true | |
| publish-to-ghcr: | |
| needs: | |
| - test-and-build | |
| - publish-to-pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| tags: | | |
| type=pep440,pattern={{version}} | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and Push Container Image | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: "{{defaultContext}}" | |
| file: Docker/release.Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| KCWARDEN_VERSION=${{ needs.test-and-build.outputs.version }} | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| - name: Log out from GitHub Container Registry | |
| run: docker logout ghcr.io |