-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (94 loc) · 2.58 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: CI
on: push
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependendencies
uses: ./.github/actions/setup
- name: Lint
run: make lint
- name: Typecheck
run: make typecheck
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependendencies
uses: ./.github/actions/setup
- name: Install system dependencies
run: sudo apt-get -y install socat
- name: Test
run: python -m unittest -v --locals --buffer
working-directory: diode
build:
name: build
needs: [lint, test]
runs-on: ubuntu-latest
#if: startsWith(github.ref, 'refs/tags')
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependendencies
uses: ./.github/actions/setup
- name: Install pypa/build
run: pip install build==1.0.3
env:
PIP_PROGRESS_BAR: off
PIP_DISABLE_PIP_VERSION_CHECK: 1
- name: Build distribution
run: SOURCE_DATE_EPOCH="$(git show -s --format=%at)" make build
- name: Generate hashes
id: hash
run: echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
working-directory: dist/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: diode
path: dist/
if-no-files-found: error
provenance:
name: Provenance
needs: build
#if: startsWith(github.ref, 'refs/tags')
permissions:
actions: read
contents: write
id-token: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
with:
provenance-name: diode
base64-subjects: "${{ needs.build.outputs.hashes }}"
draft-release: true
upload-assets: true
publish:
name: Publish
needs: [build, provenance]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags')
environment: release
permissions:
id-token: write
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: diode
path: dist/
- name: Upload to release
run: gh release upload ${{ github.ref_name }} * --repo ${{ github.repository }}
working-directory: dist/
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@v1.8
with:
print-hash: true