-
Notifications
You must be signed in to change notification settings - Fork 78
126 lines (110 loc) · 3.8 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Build, test and deploy LedgerWallet
on:
workflow_dispatch:
push:
tags:
- '*'
branches:
- master
pull_request:
branches:
- master
- develop
permissions:
id-token: write
attestations: write
jobs:
build_install:
name: Build and install the Ledgerblue Python package
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python_version: ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13']
steps:
- name: Clone
uses: actions/checkout@v4
- name: Setup Python version
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python_version }}
- name: Build & install
run: |
pip install -U pip
pip install -U .
package-deploy:
name: Build the Python package, and deploy if needed
runs-on: public-ledgerhq-shared-small
needs: build_install
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install dependencies
run: |
# Needed to workaround this bug https://github.com/pypa/setuptools/issues/4759
# To be removed when it's fixed
pip install -U packaging
python -m pip install pip --upgrade
pip install build twine
- name: Build the Python package
run: |
python -m build
twine check dist/*
echo "TAG_VERSION=$(python -c 'from ledgerblue import __version__; print(__version__)')" >> "$GITHUB_ENV"
- name: Display current status
run: |
echo "Current status is:"
if [[ ${{ github.ref }} == "refs/tags/"* ]];
then
echo "- Triggered from tag, will be deployed on pypi.org";
else
echo "- Not triggered from tag, will be deployed on test.pypi.org";
fi
echo "- Tag version: ${{ env.TAG_VERSION }}";
- name: Publish Python package on pypi.org
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: python -m twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
TWINE_NON_INTERACTIVE: 1
- name: Login to Ledger Artifactory
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
timeout-minutes: 10
id: jfrog-login
uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
- name: Publish Python package on Ledger Artifactory
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: python -m twine upload dist/*
env:
TWINE_REPOSITORY_URL: https://jfrog.ledgerlabs.net/artifactory/api/pypi/embedded-apps-pypi-prod-green
TWINE_USERNAME: ${{ steps.jfrog-login.outputs.oidc-user }}
TWINE_PASSWORD: ${{ steps.jfrog-login.outputs.oidc-token }}
TWINE_NON_INTERACTIVE: 1
- name: Generate library build attestations
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
timeout-minutes: 10
uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
with:
subject-path: dist/*
- name: Sign library artifacts
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
timeout-minutes: 10
uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
with:
path: dist
- name: Publish a release on the repo
if: |
success() &&
github.event_name == 'push' &&
startsWith(github.ref, 'refs/tags/')
uses: "marvinpinto/action-automatic-releases@latest"
with:
automatic_release_tag: "v${{ env.TAG_VERSION }}"
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
files: |
LICENSE
dist/