try azure federated identity with actions env (#9) #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: xdlake | |
permissions: | |
id-token: write # Require write permission to Fetch an OIDC token. | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
release: | |
types: [published] | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
environment: | |
name: xdlake | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ['3.10', '3.11', '3.12'] | |
steps: | |
- name: Azure CLI Login | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- id: 'auth' | |
name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDS }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install tox tox-gh-actions | |
if [ -f requirements.txt ]; then pip install -r requirements-dev.txt; fi | |
- name: lint | |
run: | | |
make lint | |
- name: Test with tox | |
env: | |
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
run: tox | |
build: | |
runs-on: ubuntu-latest | |
name: Build dist packages | |
needs: test | |
environment: | |
name: xdlake | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install tox tox-gh-actions | |
pip install -r requirements-dev.txt | |
- name: Build | |
run: | | |
make build | |
- name: Store distribution packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
publish-to-pypi: | |
runs-on: ubuntu-latest | |
name: >- | |
Publish Python 🐍 distribution 📦 to PyPI | |
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes | |
needs: build | |
environment: | |
name: xdlake | |
url: https://pypi.org/p/xdlake | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Publish distribution 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 |