mirror of
https://github.com/fergalmoran/picard.git
synced 2026-02-17 21:24:00 +00:00
b4f34435ec
This eliminates the need to provide permanent access tokens for PyPI in the CI and instead uses temporary tokens issued by OpenID Connect (OIDC)
112 lines
2.9 KiB
YAML
112 lines
2.9 KiB
YAML
name: Package and release
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- '.github/workflows/package*.yml'
|
|
- '.github/workflows/pypi-release.yml'
|
|
- 'installer/**'
|
|
- 'picard/**'
|
|
- 'po/**.po'
|
|
- 'resources/win10/**'
|
|
- 'scripts/package/*'
|
|
- 'scripts/pyinstaller/*'
|
|
- 'test/**'
|
|
- 'appxmanifest.xml.in'
|
|
- 'picard.icns'
|
|
- 'picard.ico'
|
|
- 'picard.spec'
|
|
- 'requirements*.txt'
|
|
- 'setup.py'
|
|
- 'tagger.py.in'
|
|
- 'win.version-info.txt.in'
|
|
pull_request:
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
package-macos:
|
|
uses: ./.github/workflows/package-macos.yml
|
|
strategy:
|
|
fail-fast: false
|
|
secrets: inherit
|
|
|
|
package-windows:
|
|
uses: ./.github/workflows/package-windows.yml
|
|
strategy:
|
|
fail-fast: false
|
|
secrets: inherit
|
|
|
|
package-pypi:
|
|
uses: ./.github/workflows/package-pypi.yml
|
|
strategy:
|
|
fail-fast: false
|
|
secrets: inherit
|
|
permissions:
|
|
id-token: write
|
|
|
|
github-release:
|
|
runs-on: ubuntu-latest
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
needs:
|
|
- package-macos
|
|
- package-windows
|
|
- package-pypi
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: 3.12
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: macos-app-10.14
|
|
path: artifacts/
|
|
# - uses: actions/download-artifact@v4
|
|
# with:
|
|
# name: windows-signed-app
|
|
# path: artifacts/
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: windows-store-app
|
|
path: artifacts/
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: windows-installer
|
|
path: artifacts/
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: windows-portable
|
|
path: artifacts/
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: picard-sdist
|
|
path: artifacts/
|
|
- name: Generate checksums
|
|
run: |
|
|
cd artifacts
|
|
sha256sum * > SHA256SUMS
|
|
- name: Prepare changelog
|
|
id: changelog
|
|
continue-on-error: true
|
|
run: |
|
|
PICARD_VERSION=$(python -c "import picard; print(picard.__version__)")
|
|
echo "version=$PICARD_VERSION" >> $GITHUB_OUTPUT
|
|
if [[ "$PICARD_VERSION" =~ (a|b|rc|dev) ]]; then
|
|
echo "::notice::Releasing pre-release $PICARD_VERSION"
|
|
echo "prerelease=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "::notice::Releasing production release $PICARD_VERSION"
|
|
fi
|
|
./scripts/tools/changelog-for-version.py $PICARD_VERSION > changes-$PICARD_VERSION.txt
|
|
- name: Create release
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: MusicBrainz Picard ${{ steps.changelog.outputs.version }}
|
|
body_path: changes-${{ steps.changelog.outputs.version }}.txt
|
|
prerelease: ${{ steps.changelog.outputs.prerelease }}
|
|
files: artifacts/*
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|