Explicitly give write-all permission to token #179
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## These options mostly follow the ones used in | |
## https://github.com/matplotlib/matplotlib/blob/main/.github/workflows/cibuildwheel.yml, though I | |
## try to be a little less complicated. | |
name: tests | |
on: | |
push: | |
branches: | |
- main | |
tags: '*' | |
pull_request: | |
jobs: | |
get_new_version: | |
name: Get new version number | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.get_version.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
name: Install Python | |
with: | |
python-version: '3.11' | |
- name: Install tomli | |
shell: bash | |
run: | | |
python -m pip install --upgrade pip tomli | |
- name: Install poetry | |
shell: bash | |
run: | | |
curl -sSL https://install.python-poetry.org | POETRY_HOME="$HOME/.poetry" python - | |
echo "$HOME/.poetry/bin" >> $GITHUB_PATH | |
- name: Bump version | |
id: get_version | |
shell: bash | |
env: | |
github_event_head_commit_message: ${{ github.event.head_commit.message }} | |
run: | | |
export version_bump_rule=$(python .github/scripts/parse_bump_rule.py) | |
echo "version_bump_rule: '${version_bump_rule}'" | |
poetry version "${version_bump_rule}" | |
export new_version=$(python .github/scripts/parse_version.py pyproject.toml) | |
echo "new_version: '${new_version}'" | |
# echo "::set-output name=version::${new_version}" | |
echo "version=${new_version}" >> $GITHUB_OUTPUT | |
build_wheels: | |
needs: get_new_version | |
name: Build wheels on ${{ matrix.os }} for ${{matrix.archs}} | |
runs-on: ${{ matrix.os }} | |
if: >- | |
!contains(github.event.head_commit.message, '[skip ci]') | |
&& !contains(github.event.head_commit.message, '[skip tests]') | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
archs: ["auto"] | |
include: | |
- os: ubuntu-latest | |
archs: "aarch64" | |
env: | |
CIBW_SKIP: cp27-* cp35-* cp36-* cp37-* pp* *-musllinux_aarch64 cp312-*_i686 | |
CIBW_ARCHS: ${{matrix.archs}} | |
CIBW_ARCHS_MACOS: "x86_64 universal2 arm64" | |
CIBW_BEFORE_BUILD: python -c "print(('#'*130+'\n')*10)" && python -m pip install oldest-supported-numpy | |
CIBW_TEST_REQUIRES: pytest pytest-cov | |
CIBW_TEST_COMMAND: "pytest {project}/tests" | |
steps: | |
- name: Set up QEMU | |
if: matrix.archs == 'aarch64' | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: arm64 | |
- name: "Check out code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
name: Install Python | |
with: | |
python-version: '3.11' | |
- name: Update versions | |
shell: bash | |
run: | | |
export new_version=${{needs.get_new_version.outputs.version}} | |
echo "Updating version to '${new_version}'" | |
python .github/scripts/update_versions.py | |
- name: Install cibuildwheel | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install cibuildwheel | |
- name: Build wheels | |
run: | | |
python -m cibuildwheel --output-dir wheelhouse | |
- uses: actions/upload-artifact@v3 # Don't upgrade to v4 until each artifact is named | |
with: | |
path: ./wheelhouse/*.whl | |
build_sdist: | |
needs: get_new_version | |
name: Build source distribution | |
runs-on: ubuntu-latest | |
if: >- | |
!contains(github.event.head_commit.message, '[skip ci]') | |
&& !contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- name: 'Check out code' | |
uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
name: Install Python | |
with: | |
python-version: '3.11' | |
- name: Update versions | |
shell: bash | |
run: | | |
export new_version=${{needs.get_new_version.outputs.version}} | |
echo "Updating version to '${new_version}'" | |
python .github/scripts/update_versions.py | |
- name: Build sdist | |
run: | | |
python -m pip install oldest-supported-numpy | |
python setup.py sdist | |
- uses: actions/upload-artifact@v3 # Don't upgrade to v4 until each artifact is named | |
with: | |
path: dist/*.tar.gz | |
upload_pypi: | |
needs: [get_new_version, build_wheels, build_sdist] | |
name: Tag and release | |
runs-on: ubuntu-latest | |
if: >- | |
github.ref == 'refs/heads/main' | |
&& !contains(github.event.head_commit.message, '[no release]') | |
&& (success() || contains(github.event.head_commit.message, '[skip tests]')) | |
environment: release | |
permissions: write-all | |
# actions: write | |
# checks: write | |
# contents: write | |
# deployments: write | |
# id-token: write | |
# issues: write | |
# discussions: write | |
# packages: write | |
# pages: write | |
# pull-requests: write | |
# repository-projects: write | |
# security-events: write | |
# statuses: write | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 # Don't upgrade to v4 until each artifact is named | |
with: | |
name: artifact | |
path: dist | |
- uses: actions/setup-python@v5 | |
name: Install Python | |
with: | |
python-version: '3.11' | |
- name: Update versions | |
shell: bash | |
run: | | |
export new_version=${{needs.get_new_version.outputs.version}} | |
echo "Updating version to '${new_version}'" | |
python .github/scripts/update_versions.py | |
- name: Tag and push new version | |
shell: bash | |
run: | | |
export new_version=${{needs.get_new_version.outputs.version}} | |
git config user.name github-actions | |
git config user.email [email protected] | |
git commit -m "Update version for new release" pyproject.toml setup.py src/quaternion/__init__.py | |
git tag -a "v${new_version}" -m "Version ${new_version}" | |
git status | |
git push --follow-tags # Will not trigger new workflow because it uses GITHUB_TOKEN | |
- name: Create release | |
if: "!contains(github.event.head_commit.message, '[no release]')" | |
id: create_release | |
uses: softprops/action-gh-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ needs.get_new_version.outputs.version }} | |
name: Release v${{ needs.get_new_version.outputs.version }} | |
draft: false | |
prerelease: false | |
- name: Send to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 |