Skip to content
Release

Release #6

Sign in to view logs

Release

Release #6

Workflow file for this run

.github/workflows/release.yml at 65f9624
name: Release
on:
push:
tags:
- "v*"
workflow_dispatch:
permissions:
contents: read
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
ZIG_VERSION: "0.15.2"
ZIG_URL: https://ziglang.org/download/0.15.2/zig-x86_64-linux-0.15.2.tar.xz
ZIG_SHA256: 02aa270f183da276e5b5920b1dac44a63f1a49e55050ebde3aecc9eb82f93239
jobs:
build-release:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Setup Python
uses: actions/setup-python@v6
with:
python-version: "3.13"
- name: Install uv
run: python -m pip install uv
- name: Install Zig
run: |
curl -fsSL "$ZIG_URL" -o "$RUNNER_TEMP/zig.tar.xz"
echo "$ZIG_SHA256 $RUNNER_TEMP/zig.tar.xz" | sha256sum -c -
mkdir -p "$RUNNER_TEMP/zig"
tar -xJf "$RUNNER_TEMP/zig.tar.xz" -C "$RUNNER_TEMP/zig" --strip-components=1
echo "$RUNNER_TEMP/zig" >> "$GITHUB_PATH"
"$RUNNER_TEMP/zig/zig" version
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: "22"
cache: npm
cache-dependency-path: site/package-lock.json
- name: Install dependencies
run: uv sync --locked --all-groups
- name: Install docs dependencies
working-directory: site
run: npm ci
- name: Run release gate
run: ./run_all_tests.sh
- name: Audit Python dependencies
run: uvx pip-audit --strict
- name: Audit docs runtime dependencies
working-directory: site
run: npm audit --omit=dev --audit-level=moderate
- name: Build Python package
run: uv build
- name: Upload Python package distributions
uses: actions/upload-artifact@v7
with:
name: python-package-distributions
path: |
dist/a7_py-*.tar.gz
dist/a7_py-*.whl
if-no-files-found: error
retention-days: 7
- name: Build docs site
working-directory: site
run: npm run build
- name: Build release example artifacts
run: uv run python scripts/build_examples.py --profile release --backend both --clean
- name: Archive docs site
run: tar -czf dist/a7-docs-site.tar.gz -C site dist
- name: Archive release example artifacts
run: tar -czf dist/a7-example-artifacts-release.tar.gz -C build release
- name: Generate release checksums
run: |
sdist="$(ls dist/a7_py-*.tar.gz)"
wheel="$(ls dist/a7_py-*.whl)"
uv run python scripts/generate_release_manifest.py dist \
--output dist/SHA256SUMS \
--require "$sdist" \
--require "$wheel" \
--require dist/a7-docs-site.tar.gz \
--require dist/a7-example-artifacts-release.tar.gz
uv run python scripts/verify_release_manifest.py dist/SHA256SUMS
- name: Upload release bundles
uses: actions/upload-artifact@v7
with:
name: release-bundles
path: |
dist/SHA256SUMS
dist/a7-docs-site.tar.gz
dist/a7-example-artifacts-release.tar.gz
if-no-files-found: error
retention-days: 7
create-github-release:
runs-on: ubuntu-latest
needs: build-release
if: startsWith(github.ref, 'refs/tags/v')
permissions:
contents: write
steps:
- name: Download Python package distributions
uses: actions/download-artifact@v8
with:
name: python-package-distributions
path: dist
- name: Download release bundles
uses: actions/download-artifact@v8
with:
name: release-bundles
path: dist
- name: Create GitHub release
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
dist/SHA256SUMS
dist/a7_py-*.tar.gz
dist/a7_py-*.whl
dist/a7-docs-site.tar.gz
dist/a7-example-artifacts-release.tar.gz
publish-pypi:
runs-on: ubuntu-latest
needs:
- build-release
- create-github-release
if: startsWith(github.ref, 'refs/tags/v')
environment:
name: pypi
url: https://pypi.org/p/a7-py
permissions:
contents: read
id-token: write
steps:
- name: Download Python package distributions
uses: actions/download-artifact@v8
with:
name: python-package-distributions
path: dist
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1