ee509b1f96
Bumps the actions group with 4 updates in the / directory: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](c7c5346462...ce360397dd) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v7...v8) Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](0dce2577a4...71321a20a9) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
118 lines
3.5 KiB
YAML
118 lines
3.5 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
following_version:
|
|
description: "The post (dev) version to set"
|
|
dry_run:
|
|
description: "Dry Run?"
|
|
default: false
|
|
type: boolean
|
|
schedule:
|
|
- cron: '30 5 * * *'
|
|
|
|
env:
|
|
# Changes per repo
|
|
PRODUCT_NAME: PyMongo
|
|
# Changes per branch
|
|
EVERGREEN_PROJECT: mongo-python-driver
|
|
# Constant
|
|
# inputs will be empty on a scheduled run. so, we only set dry_run
|
|
# to 'false' when the input is set to 'false'.
|
|
DRY_RUN: ${{ ! contains(inputs.dry_run, 'false') }}
|
|
FOLLOWING_VERSION: ${{ inputs.following_version || '' }}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -eux {0}
|
|
|
|
jobs:
|
|
pre-publish:
|
|
environment: release
|
|
runs-on: ubuntu-latest
|
|
if: github.repository_owner == 'mongodb' || github.event_name == 'workflow_dispatch'
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
outputs:
|
|
version: ${{ steps.pre-publish.outputs.version }}
|
|
steps:
|
|
- uses: mongodb-labs/drivers-github-tools/secure-checkout@v3
|
|
with:
|
|
app_id: ${{ vars.APP_ID }}
|
|
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- uses: mongodb-labs/drivers-github-tools/setup@v3
|
|
with:
|
|
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
|
|
aws_region_name: ${{ vars.AWS_REGION_NAME }}
|
|
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
|
|
- uses: mongodb-labs/drivers-github-tools/python/pre-publish@v3
|
|
id: pre-publish
|
|
with:
|
|
dry_run: ${{ env.DRY_RUN }}
|
|
|
|
build-dist:
|
|
needs: [pre-publish]
|
|
uses: ./.github/workflows/dist.yml
|
|
with:
|
|
ref: ${{ needs.pre-publish.outputs.version }}
|
|
|
|
static-scan:
|
|
needs: [pre-publish]
|
|
uses: ./.github/workflows/codeql.yml
|
|
permissions:
|
|
security-events: write
|
|
with:
|
|
ref: ${{ needs.pre-publish.outputs.version }}
|
|
|
|
publish:
|
|
needs: [build-dist, static-scan]
|
|
name: Upload release to PyPI
|
|
runs-on: ubuntu-latest
|
|
environment: release
|
|
permissions:
|
|
id-token: write
|
|
steps:
|
|
- name: Download all the dists
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: all-dist-${{ github.run_id }}
|
|
path: dist/
|
|
- name: Publish package distributions to TestPyPI
|
|
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
|
|
with:
|
|
repository-url: https://test.pypi.org/legacy/
|
|
skip-existing: true
|
|
attestations: ${{ env.DRY_RUN }}
|
|
- name: Publish package distributions to PyPI
|
|
if: startsWith(env.DRY_RUN, 'false')
|
|
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
|
|
|
|
post-publish:
|
|
needs: [publish]
|
|
runs-on: ubuntu-latest
|
|
environment: release
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
attestations: write
|
|
security-events: write
|
|
steps:
|
|
- uses: mongodb-labs/drivers-github-tools/secure-checkout@v3
|
|
with:
|
|
app_id: ${{ vars.APP_ID }}
|
|
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- uses: mongodb-labs/drivers-github-tools/setup@v3
|
|
with:
|
|
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
|
|
aws_region_name: ${{ vars.AWS_REGION_NAME }}
|
|
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
|
|
- uses: mongodb-labs/drivers-github-tools/python/post-publish@v3
|
|
with:
|
|
following_version: ${{ env.FOLLOWING_VERSION }}
|
|
product_name: ${{ env.PRODUCT_NAME }}
|
|
evergreen_project: ${{ env.EVERGREEN_PROJECT }}
|
|
token: ${{ github.token }}
|
|
dry_run: ${{ env.DRY_RUN }}
|