Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 57 additions & 10 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,24 @@ on:
push:
workflow_dispatch:

permissions: {}

# Cancel superseded runs on PR branches; never cancel main, since a
# mid-flight publish would orphan the tag from the PyPI upload and the
# next run would skip publish because the tag already exists.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

env:
PYTHON_VERSION: "3.10"
POETRY_VERSION: "1.5.1"

jobs:
compile:
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Checkout repo
Expand All @@ -15,11 +30,11 @@ jobs:
- name: Set up python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.10"
python-version: ${{ env.PYTHON_VERSION }}

- name: Bootstrap poetry
run: |
curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1
curl -sSL https://install.python-poetry.org | python - -y --version "${{ env.POETRY_VERSION }}"

- name: Install dependencies
run: poetry install
Expand All @@ -30,18 +45,21 @@ jobs:
test:
needs: [ compile ]
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Checkout repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Set up python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.10"
python-version: ${{ env.PYTHON_VERSION }}

- name: Bootstrap poetry
run: |
curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1
curl -sSL https://install.python-poetry.org | python - -y --version "${{ env.POETRY_VERSION }}"

- name: Install dependencies
run: poetry install
Expand All @@ -68,7 +86,7 @@ jobs:
# version tagged but unpublished, and subsequent runs would skip
# publish because the tag already exists.
- name: Verify bundled OpenAPI spec
uses: PhenoML/sdk-shared-actions/verify-openapi-spec@1.0.2
uses: PhenoML/sdk-shared-actions/verify-openapi-spec@1.0.3
with:
spec-path: src/phenoml/openapi/openapi.json

Expand All @@ -94,12 +112,11 @@ jobs:
--title "${{ steps.check.outputs.version }}" \
--generate-notes

publish:
needs: [ compile, test, tag ]
build-artifact:
needs: [ tag ]
if: needs.tag.outputs.should_publish == 'true'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read

steps:
Expand All @@ -109,14 +126,44 @@ jobs:
- name: Set up python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.10"
python-version: ${{ env.PYTHON_VERSION }}

- name: Bootstrap poetry
run: |
curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1
curl -sSL https://install.python-poetry.org | python - -y --version "${{ env.POETRY_VERSION }}"

- name: Build distribution
run: poetry build

- name: Upload artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: python-dist
path: dist/
if-no-files-found: error
retention-days: 1
Comment thread
cursor[bot] marked this conversation as resolved.
Comment thread
gavinsharp marked this conversation as resolved.
Comment thread
gavinsharp marked this conversation as resolved.

publish:
needs: [ tag, build-artifact ]
if: needs.tag.outputs.should_publish == 'true'
runs-on: ubuntu-latest
# Environment-scoped OIDC: the environment's deployment branch rule
# restricts this job to refs/heads/main, and the PyPI Trusted Publisher
# binding requires this environment name — so a publish from any other
# ref or workflow is rejected end-to-end.
environment: pypi-production
permissions:
id-token: write
contents: read

steps:
# download-artifact verifies the downloaded bundle against GitHub's
# recorded digest by default (digest-mismatch: error).
- name: Download artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: python-dist
path: dist
Comment thread
gavinsharp marked this conversation as resolved.

Comment thread
gavinsharp marked this conversation as resolved.
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
2 changes: 1 addition & 1 deletion .github/workflows/sync-fern-artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@ jobs:
sync:
permissions:
contents: write
uses: PhenoML/sdk-shared-actions/.github/workflows/sync-fern-artifacts.yml@1.0.2
uses: PhenoML/sdk-shared-actions/.github/workflows/sync-fern-artifacts.yml@1.0.3
with:
spec-path: src/phenoml/openapi/openapi.json