v0.9.0 #14
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # Publishes both distributions to PyPI when a GitHub Release is published: | |
| # - vgi-python (sdist + universal wheel) — the public package | |
| # - vgi-fixtures (universal wheel only) — example/test workers | |
| # | |
| # vgi-fixtures is wheel-only on purpose: its source lives at the repo root in | |
| # vgi/_test_fixtures/, which the wheel force-includes but an sdist cannot reach | |
| # (see packages/vgi-fixtures/pyproject.toml). It is a pure-python py3-none-any | |
| # wheel, so the wheel alone installs everywhere. | |
| # | |
| # Auth is PyPI Trusted Publishing (OIDC) — no API tokens. Before the first run, | |
| # configure a Trusted Publisher on PyPI for BOTH projects (vgi-python, | |
| # vgi-fixtures) pointing at: | |
| # owner: Query-farm | |
| # repository: vgi-python | |
| # workflow: release.yml | |
| # environment: pypi | |
| # The `vgi-python` and `vgi-fixtures` versions must match the released tag. | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build distributions | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Build vgi (sdist + wheel) | |
| run: uv build --sdist --wheel --out-dir dist-vgi . | |
| - name: Build vgi-fixtures (wheel only) | |
| run: uv build --wheel --out-dir dist-fixtures packages/vgi-fixtures | |
| - name: Validate metadata | |
| run: uvx twine check dist-vgi/* dist-fixtures/* | |
| - name: Upload vgi artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: dist-vgi | |
| path: dist-vgi/ | |
| - name: Upload vgi-fixtures artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: dist-fixtures | |
| path: dist-fixtures/ | |
| build-docker-image: | |
| name: Build & push vgi-fixtures image (${{ matrix.short }}) | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write # push to GHCR | |
| # One image per fixture worker, selected via the VGI_FIXTURE_WORKER build arg. | |
| # The VGI extension's container transport uses plain `oci://…` string | |
| # LOCATIONs (no struct env), so the worker must be baked into the tag rather | |
| # than passed at runtime. Tags: ghcr.io/query-farm/vgi-fixtures:<ver>-<short> | |
| # (plus :<ver> and :latest for the base worker). max-parallel: 1 so the heavy | |
| # pip-install layer is built once and reused from the gha cache by the rest. | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - { short: worker, worker: vgi-fixture-worker, latest: true } | |
| - { short: versioned, worker: vgi-fixture-versioned-worker } | |
| - { short: versioned-tables, worker: vgi-fixture-versioned-tables-worker } | |
| - { short: attach-options, worker: vgi-fixture-attach-options-worker } | |
| - { short: bad-protocol, worker: vgi-fixture-bad-protocol-worker } | |
| - { short: bad-enum, worker: vgi-fixture-bad-enum-worker } | |
| - { short: simple-writable, worker: vgi-fixture-simple-writable-worker } | |
| steps: | |
| - uses: actions/checkout@v7 | |
| # The image installs the exact wheels this release publishes. | |
| - name: Download vgi wheel | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist-vgi | |
| path: dist | |
| - name: Download vgi-fixtures wheel | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist-fixtures | |
| path: dist | |
| - name: Compute image tags | |
| id: meta | |
| run: | | |
| ver="${{ github.event.release.tag_name }}" | |
| ver="${ver#v}" # normalize a leading v (v0.8.2 -> 0.8.2) | |
| img="ghcr.io/query-farm/vgi-fixtures" | |
| tags="$img:$ver-${{ matrix.short }}" | |
| if [ "${{ matrix.latest }}" = "true" ]; then | |
| tags="$tags,$img:$ver,$img:latest" | |
| fi | |
| echo "tags=$tags" >> "$GITHUB_OUTPUT" | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: packages/vgi-fixtures/docker/Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| VGI_FIXTURE_WORKER=${{ matrix.worker }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| publish-vgi: | |
| name: Publish vgi to PyPI | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| permissions: | |
| id-token: write # required for Trusted Publishing | |
| steps: | |
| - name: Download vgi artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist-vgi | |
| path: dist/ | |
| - name: Publish vgi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| publish-vgi-fixtures: | |
| name: Publish vgi-fixtures to PyPI | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| # Disabled until a Trusted Publisher exists for the `vgi-fixtures` | |
| # project on PyPI (blocked on a PyPI new-project limit). The wheel is | |
| # still built + metadata-checked above; only the upload is skipped, so | |
| # vgi-python releases cleanly. Re-enable (delete this `if`) once the | |
| # publisher is configured. | |
| if: false | |
| permissions: | |
| id-token: write # required for Trusted Publishing | |
| steps: | |
| - name: Download vgi-fixtures artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: dist-fixtures | |
| path: dist/ | |
| - name: Publish vgi-fixtures | |
| uses: pypa/gh-action-pypi-publish@release/v1 |