GHA release job fix: yet more permissions. #32

Workflow file for this run

.github/workflows/release.yml at edb066e

	# Builds and releases to GitHub and PyPI whenever a "v" tag is added.

	# Useful docs:
	# https://docs.astral.sh/uv/concepts/projects/build/
	# https://docs.astral.sh/uv/guides/integration/github/
	# https://docs.astral.sh/ruff/integrations/#github-actions
	# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
	# https://cli.github.com/manual/gh_release_create

	name: Build and release

	on:
	push:
	tags:
	- 'v*'

	jobs:
	# First job: run unit tests on OS/Python matrix.
	test-matrix:
	name: Test matrix

	strategy:
	fail-fast: false
	matrix:
	os: ["ubuntu-latest", "macos-latest", "windows-latest"]
	python-version: ["3.11", "3.12", "3.13"]

	runs-on: ${{ matrix.os }}

	steps:
	- name: Check out code
	uses: actions/checkout@v4

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	enable-cache: true
	version: "0.5.x"

	- name: Set up Python ${{ matrix.python-version }}
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}

	- name: Install dependencies
	run: uv sync --frozen --all-extras --dev

	- name: Configure AWS Credentials
	if: env.SIDELOAD_CACHE == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-west-2

	- name: Download cache files from S3
	if: env.SIDELOAD_CACHE == 'true'
	run: \|
	mkdir -p .cache
	echo "EPYMORPH_CACHE_PATH=$(realpath .cache)" >> $GITHUB_ENV
	aws s3 sync s3://epymorph-gha-cache .cache

	- name: Run unit tests
	run: uv run pytest tests/fast

	# Second job: iff tests succeed, build and publish the release (not matrixed).
	build-release:
	name: Build and release
	runs-on: ubuntu-latest
	needs: test-matrix
	permissions:
	contents: write
	id-token: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	enable-cache: true
	version: "0.5.x"

	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version-file: '.python-version'

	- name: Install dependencies
	run: uv sync --frozen --all-extras --dev

	- name: Build project
	run: uv build

	- name: Create GitHub Release
	env:
	GITHUB_TOKEN: ${{ github.token }}
	run: \|
	version="$(uv run python -m setuptools_scm)"
	wheel_file="./dist/epymorph-${version}-py3-none-any.whl"
	source_file="./dist/epymorph-${version}.tar.gz"
	gh release create "v${version}" --generate-notes $wheel_file $source_file

	- name: Create PyPI Release
	run: uv publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GHA release job fix: yet more permissions. #32

Workflow file

GHA release job fix: yet more permissions. #32

Jobs

Run details

Workflow file for this run