@@ -59,15 +59,59 @@ jobs:
5959 with :
6060 checkout_ref : ${{ inputs.version }}
6161
62- call- publish-release
62+ publish-release :
6363 needs : call-build
64- uses : ./.github/workflows/publish-release.yaml
65- with :
66- release_version : ${{ inputs.version }}
64+ runs-on : ubuntu-22.04
65+ environment :
66+ name : pypi
67+ url : https://pypi.org/p/east-tool
68+ permissions :
69+ id-token : write # IMPORTANT: this permission is mandatory for trusted publishing
70+ contents : write
71+
72+ steps :
73+ - name : Start
74+ run : |
75+ version_cut=$(echo "${{ inputs.version }}" | cut -c 2-)
76+ echo "release_version=${{ inputs.version }}" >> $GITHUB_ENV
77+ echo "release_version_cut=$version_cut" >> $GITHUB_ENV
78+
79+ name : Checkout Repository
80+ uses : actions/checkout@v4
81+ with :
82+ ref : ${{ env.release_version }}
83+
84+ - name : Get latest Changelog entry
85+ id : changelog-reader
86+ 87+ with :
88+ version : ${{ env.release_version_cut }}
89+
90+ - name : Download artifact
91+ uses : actions/download-artifact@v4
92+ with :
93+ name : dist
94+ path : dist
95+
96+ # You wonder how there isn't any token? east is configured to use OIDC,
97+ # check on pypi under Publishing section what is that.
98+ - name : Publish distribution to PyPI
99+ uses : pypa/gh-action-pypi-publish@release/v1
100+
101+ - name : Publish Release
102+ if : ${{ !env.ACT }}
103+ 104+ with :
105+ files : dist/*
106+ tag_name : ${{ env.release_version }}
107+ body : |
108+ # Release notes
109+
110+ ${{ steps.changelog-reader.outputs.changes }}
67111
68112cleanup-on-failure :
69- # Only run cleanup if either call-build or call- publish-release fail.
70- needs : [call-build, call- publish-release]
113+ # Only run cleanup if either call-build or publish-release fail.
114+ needs : [call-build, publish-release]
71115 if : ${{ always() && contains(join(needs.*.result, ','), 'failure') }}
72116 runs-on : ubuntu-22.04
73117
0 commit comments