chore(deps): lock file maintenance (#171) #129
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Semantic Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-release-${{ github.ref_name }} | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Setup | Checkout Repository on Release Branch | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Setup | Force release branch to be at workflow sha | |
| run: | | |
| git reset --hard ${{ github.sha }} | |
| - name: Evaluate | Verify upstream has NOT changed | |
| # Last chance to abort before causing an error as another PR/push was applied to | |
| # the upstream branch while this workflow was running. This is important | |
| # because we are committing a version change (--commit). You may omit this step | |
| # if you have 'commit: false' in your configuration. | |
| # | |
| # You may consider moving this to a repo script and call it from this step instead | |
| # of writing it in-line. | |
| shell: bash | |
| run: | | |
| set +o pipefail | |
| UPSTREAM_BRANCH_NAME="$(git status -sb | head -n 1 | cut -d' ' -f2 | grep -E '\.{3}' | cut -d'.' -f4)" | |
| printf '%s\n' "Upstream branch name: $UPSTREAM_BRANCH_NAME" | |
| set -o pipefail | |
| if [ -z "$UPSTREAM_BRANCH_NAME" ]; then | |
| printf >&2 '%s\n' "::error::Unable to determine upstream branch name!" | |
| exit 1 | |
| fi | |
| git fetch "${UPSTREAM_BRANCH_NAME%%/*}" | |
| if ! UPSTREAM_SHA="$(git rev-parse "$UPSTREAM_BRANCH_NAME")"; then | |
| printf >&2 '%s\n' "::error::Unable to determine upstream branch sha!" | |
| exit 1 | |
| fi | |
| HEAD_SHA="$(git rev-parse HEAD)" | |
| if [ "$HEAD_SHA" != "$UPSTREAM_SHA" ]; then | |
| printf >&2 '%s\n' "[HEAD SHA] $HEAD_SHA != $UPSTREAM_SHA [UPSTREAM SHA]" | |
| printf >&2 '%s\n' "::error::Upstream has changed, aborting release..." | |
| exit 1 | |
| fi | |
| printf '%s\n' "Verified upstream branch has not changed, continuing with release..." | |
| - name: Action | Semantic Version Release | |
| id: release | |
| uses: python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0 # v10.5.3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python | |
| uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Build package | |
| run: uv build | |
| - name: Publish | Upload package to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| if: steps.release.outputs.released == 'true' | |
| - name: Publish | Upload to GitHub Release Assets | |
| uses: python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10.5.3 | |
| if: steps.release.outputs.released == 'true' | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release.outputs.tag }} |