diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 9b365d1..7e5006e 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -35,12 +35,15 @@ jobs: run: poetry run make html --directory docs/ cd: + permissions: + id-token: write + contents: write + # Only run this job if the "ci" job passes needs: ci # Only run this job if new work is pushed to "main" - ### NOTE: REMOVE the `false` in later milestones - if: github.event_name == 'push' && github.ref == 'refs/heads/main' && false + if: github.event_name == 'push' && github.ref == 'refs/heads/main' # Set up operating system runs-on: ubuntu-latest @@ -57,35 +60,18 @@ jobs: with: fetch-depth: 0 - - name: Install poetry - uses: snok/install-poetry@v1 - - - name: Install package - run: poetry install - - - name: Install Python Semantic Release - run: poetry run pip install python-semantic-release - - name: Use Python Semantic Release to prepare release - env: - # This token is created automatically by GH Actions - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config user.name github-actions - git config user.email github-actions@github.com - poetry run semantic-release publish - - ### For milestone 1, no need to publish release 0.01 - ### For later milestones, we need to setup TEST_PYPI_API_TOKEN and PYPI_API_TOKEN in the repo settings + id: release + uses: python-semantic-release/python-semantic-release@v8.3.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Publish to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 + if: steps.release.outputs.released == 'true' with: - user: __token__ - password: ${{ secrets.TEST_PYPI_API_TOKEN }} repository-url: https://test.pypi.org/legacy/ - # skip uploading a package if a version with the same name and version number already exists on the specified package index - skip-existing: true + password: ${{ secrets.TEST_PYPI_API_TOKEN }} - name: Test install from TestPyPI run: | @@ -96,8 +82,12 @@ jobs: - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 + if: steps.release.outputs.released == 'true' with: - user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} - # skip uploading a package if a version with the same name and version number already exists on the specified package index - skip-existing: true + + - name: Publish package distributions to GitHub Releases + uses: python-semantic-release/upload-to-gh-release@main + if: steps.release.outputs.released == 'true' + with: + github_token: ${{ secrets.GITHUB_TOKEN }}