Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add automated release pipeline #355

Merged
merged 4 commits into from
Mar 7, 2024
Merged

Add automated release pipeline #355

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2ba61dd
add release pipeline
guenp Mar 6, 2024
53f9c44
only run release pipeline on semver tag pushes
guenp Mar 6, 2024
c858985
use --generate-notes in gh release
guenp Mar 6, 2024
0862dc4
Update release.yml
guenp Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Publish Python 🐍 distribution 📦 to PyPI

on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'

jobs:
build:
name: Build distribution 📦
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install pypa/build
run: >-
python3 -m
pip install
build
--user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Store the distribution packages
uses: actions/upload-artifact@v3
with:
name: python-package-distributions
path: dist/

publish-to-pypi:
name: >-
Publish Python 🐍 distribution 📦 to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/dbt-duckdb
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing

steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1

github-release:
name: >-
Sign the Python 🐍 distribution 📦 with Sigstore
and upload them to GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest

permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore

steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--notes ""
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I missed this earlier, looks like if we want to push an automatic release as well we need to set up a github token.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay cool-- so I need to set that up, somehow. It's int he docs you linked to?

Copy link
Collaborator Author

@guenp guenp Mar 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh good point, no it's not. I'll open a PR to the packaging docs page to add a note.

I looked it up and looks like the token itself is automatically generated by GitHub, see docs.
However we would need to set the permissions so it has contents:write access, see docs.
See also this post on stackoverflow.

To change the permissions go to https://github.com/duckdb/dbt-duckdb/settings/actions and scroll down to "Workflow permissions" and choose "Read and write permissions".

Alternatively you can create a Personal Access Token and use that instead of the GITHUB_TOKEN.

If none of this sparks joy we can take this part out and just manually post release notes

Copy link
Collaborator Author

@guenp guenp Mar 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also just realized that right now it posts empty release notes (--notes "")
Maybe a nice follow up PR could be to add automated release notes?
See: https://github.com/marketplace/actions/release-notes-generator#use-github-action

Edit: nvm I can just use --generate-notes

# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
Loading