Skip to content

chore(main): release 1.4.3 #765

chore(main): release 1.4.3

chore(main): release 1.4.3 #765

Workflow file for this run

# From https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
name: "Publish"
on:
push:
pull_request:
branches:
- main
jobs:
tests:
name: Run tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install devbox
uses: jetpack-io/devbox-install-action@v0.11.0
- name: Run linting
run: devbox run lint
- name: Check code formatting
run: devbox run format-check
- name: Run type checks
run: devbox run typecheck
- name: Run tests
run: devbox run test
env:
# Unit tests actually run against the GH API for 'real integration testing',
# and providing a token will increase the otherwise too-low rate limit.
# The `GITHUB_TOKEN` failed (https://github.com/alexpovel/ancv/actions/runs/4093416643/jobs/7063406195):
#
# body = b'{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/reference/gists#list-gists-for-a-user"}'
#
# So use a personal token.
GH_TOKEN: ${{ secrets.GH_PERMISSIONLESS_FGAT }}
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
# Docs say a token isn't required for public GitHub repositories using GH
# Actions, but it didn't work and failed with:
#
# [2022-08-08T19:50:41.725Z] ['error'] There was an error running the
# uploader: Error uploading to https://codecov.io: Error: There was an error
# fetching the storage URL during POST: 404 - {'detail':
# ErrorDetail(string='Unable to locate build via Github Actions API. Please
# upload with the Codecov repository upload token to resolve issue.',
# code='not_found')}
#
# See also: https://github.com/alexpovel/ancv/runs/7733256776?check_suite_focus=true#step:7:37
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.xml
release-please:
name: Execute release chores
runs-on: ubuntu-latest
needs: tests
outputs:
created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
steps:
# https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: googleapis/release-please-action@v4
id: release
with:
# Token needs: `contents: write`, `pull-requests: write`
token: ${{ steps.app-token.outputs.token }}
publish:
name: Publish to PyPI
runs-on: ubuntu-latest
needs: release-please
if: ${{ needs.release-please.outputs.created }}
# https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
environment: pypi
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install devbox
uses: jetpack-io/devbox-install-action@v0.11.0
with:
enable-cache: true
- name: Build package
run: devbox run uv build
- name: Publish package
uses: pypa/gh-action-pypi-publish@v1.10.2
build-and-push-image:
name: Build Docker image and push to GitHub Container Registry
runs-on: ubuntu-latest
needs: release-please
if: ${{ needs.release-please.outputs.created }}
environment: container-registry
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{version}}
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}}.{{minor}}
type=semver,value=${{ needs.release-please.outputs.tag_name }},pattern={{major}},enable=${{ !startsWith(needs.release-please.outputs.tag_name, 'v0.') }}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}