From b915d0666b9b1a7075acff65d12c07f0911eb096 Mon Sep 17 00:00:00 2001
From: Jakob Keller <57402305+jakob-keller@users.noreply.github.com>
Date: Wed, 21 Aug 2024 10:35:45 +0200
Subject: [PATCH] modernize CI/CD workflow

---
 .github/workflows/ci-cd.yml | 159 ++++++++++++++++++------------------
 1 file changed, 81 insertions(+), 78 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index a4548c75..e5489627 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13']
+        python-version: [ '3.8', '3.9', '3.10', '3.11', '3.12', '3.13' ]
         include:
           - aiohttp-version: '==3.9.2'
           - aiohttp-version: '<4.0.0'
@@ -27,90 +27,93 @@ jobs:
       fail-fast: false
     timeout-minutes: 15
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Setup Python ${{ matrix.pyver }}
-      uses: actions/setup-python@v5
-      with:
-        python-version: ${{ matrix.python-version }}
-        allow-prereleases: true
-    - name: Lock and sync dependencies
-      env:
-        AIOHTTP_VERSION: ${{ matrix.aiohttp-version }}
-      run: |
-        python -c "import sys; print(f'Python version: {sys.version}')"
-        python -m pip install -U setuptools pip codecov wheel pip-tools
-        time pip-compile requirements-dev.in
-        time pip-sync requirements-dev.txt
-    - name: Run pre-commit hooks
-      if: matrix.python-version == '3.11'
-      run: |
-        make pre-commit
-    - name: Run unittests
-      env:
-        COLOR: 'yes'
-      run: |
-        make mototest
-    - name: Upload coverage to Codecov
-      if: matrix.python-version == '3.11'
-      uses: codecov/codecov-action@v4.5.0
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
-        files: ./coverage.xml
-        flags: unittests # optional
-        name: codecov-umbrella # optional
-        fail_ci_if_error: true # optional (default = false)
-        verbose: true # optional (default = false)
-
-
-  pre-deploy:
-    name: Pre-Deploy
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Setup Python ${{ matrix.pyver }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          allow-prereleases: true
+      - name: Lock and sync dependencies
+        env:
+          AIOHTTP_VERSION: ${{ matrix.aiohttp-version }}
+        run: |
+          python -c "import sys; print(f'Python version: {sys.version}')"
+          python -m pip install -U pip codecov pip-tools
+          time pip-compile requirements-dev.in
+          time pip-sync requirements-dev.txt
+      - name: Run pre-commit hooks
+        if: matrix.python-version == '3.11'
+        run: |
+          make pre-commit
+      - name: Run unittests
+        env:
+          COLOR: 'yes'
+        run: |
+          make mototest
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.11'
+        uses: codecov/codecov-action@v4.5.0
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+          files: ./coverage.xml
+          flags: unittests # optional
+          name: codecov-umbrella # optional
+          fail_ci_if_error: true # optional (default = false)
+          verbose: true # optional (default = false)
+
+
+  # based on https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-python#publishing-to-pypi
+  release-build:
     runs-on: ubuntu-latest
-    needs: test
+
+    needs:
+      - test
+
     # Run only on pushing a tag
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+
     steps:
-      - name: Dummy
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.8"
+
+      - name: Build release distributions
         run: |
-            echo "Predeploy step"
+          python -m pip install build
+          python -m build
 
-  build-tarball:
-    name: Tarball
-    runs-on: ubuntu-latest
-    needs: pre-deploy
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Setup Python 3.8
-      uses: actions/setup-python@v5
-      with:
-        python-version: 3.8
-    - name: Make distributions (sdist and wheel)
-      run: |
-        python -c "import sys; print(f'Python version: {sys.version}')"
-        python -m pip install -U setuptools pip wheel
-        python setup.py sdist bdist_wheel
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: dist
-        path: dist
-
-  deploy:
-    name: Deploy
-    needs: [build-tarball]
+      - name: Upload distributions
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-dists
+          path: dist/
+
+  pypi-publish:
     runs-on: ubuntu-latest
+
+    needs:
+      - release-build
+
     permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
       id-token: write
+
+    # Dedicated environments with protections for publishing are strongly recommended.
+    environment:
+      name: pypi
+      url: https://pypi.org/project/aiobotocore/${{github.ref_name}}
+
     steps:
-    - name: Download dists
-      uses: actions/download-artifact@v4
-      with:
-        name: dist
-        path: dist
-    - name: PyPI upload
-      uses: pypa/gh-action-pypi-publish@release/v1
+      - name: Retrieve release distributions
+        uses: actions/download-artifact@v4
+        with:
+          name: release-dists
+          path: dist/
+
+      - name: Publish release distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1