name: Publish on: workflow_dispatch: schedule: - cron: "0 9 * * 0" jobs: test: uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry.yml@main with: python-version: 3.11 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} create_release: name: Create Release needs: test uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main build: name: Build Wheel File needs: create_release if: ${{ needs.create_release.outputs.success == 'true' }} runs-on: ubuntu-latest steps: - name: Check out repository code uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v5 with: python-version: "3.11" - name: Setup Poetry uses: abatilo/actions-poetry@v4 - name: Update pyproject.toml run: ./tools/update_pyproject.sh ${{ needs.create_release.outputs.release_name }} - name: Install dependencies run: poetry install - name: Build wheel file run: poetry build - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: whl path: dist/ - name: Upload Release Asset env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh release upload ${{ needs.create_release.outputs.release_name }} dist/*.whl publish: name: Publish to PyPI needs: [create_release, build] if: ${{ needs.create_release.outputs.success == 'true' }} runs-on: ubuntu-latest # Specifying a GitHub environment is optional, but strongly encouraged environment: name: release url: https://pypi.org/p/ipilot permissions: # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: - name: Create dist folder run: mkdir -p dist - uses: actions/download-artifact@v4 with: name: whl path: dist - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 create_docker: name: Create Docker Image needs: create_release if: ${{ needs.create_release.outputs.success == 'true' }} uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main with: release: ${{ needs.create_release.outputs.release_name }}