@@ -5,17 +5,18 @@ name: Release
55# === Automated activities ===
66#
77# 1. Run tests, linting, security and complexity base line
8- # 2. Bump package version and generate latest Changelog
9- # 3. Publish package to PyPi test and prod repository
10- # 4. Kick off SAR App pipeline to publish latest version with minimal and extra dependencies
11- # 5. Builds and publish latest changelog from tip of the branch
8+ # 2. Bump package version, build release artifact, and generate latest Changelog
9+ # 3. Publish package to PyPi prod repository using cached artifact
10+ # 4. Kick off Layers pipeline to compile and publish latest version
11+ # 5. Updates documentation to use the latest Layer ARN for all commercial regions
1212# 6. Builds a new user guide and API docs with release version; update /latest pointing to newly released version
1313# 7. Close all issues labeled "pending-release" and notify customers about the release
1414#
1515# === Manual activities ===
1616#
17- # 1. Edit the current draft release notes
18- # 2. If not already set, use `v<new version>` as a tag, e.g., v1.26.4, and select develop as target branch
17+ # 1. Kick off this workflow with the intended version
18+ # 2. Update draft release notes after this workflow completes
19+ # 3. If not already set, use `v<new version>` as a tag, e.g., v1.26.4, and select develop as target branch
1920
2021# See MAINTAINERS.md "Releasing a new version" for release mechanisms
2122
4748 required : false
4849
4950jobs :
50- release :
51+ build :
5152 environment : release
5253 runs-on : aws-lambda-powertools_ubuntu-latest_4-core
5354 permissions :
@@ -90,21 +91,21 @@ jobs:
9091 id : versioning
9192 run : poetry version "${RELEASE_VERSION}"
9293 - name : Build python package and wheel
93- if : ${{ !inputs.skip_pypi }}
9494 run : poetry build
95- # March 1st: PyPi test is under maintenance....
96- # - name: Upload to PyPi test
97- # if: ${{ !inputs.skip_pypi }}
98- # run: make release-test
99- # env:
100- # PYPI_USERNAME: __token__
101- # PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_TOKEN }}
102- - name : Upload to PyPi prod
103- if : ${{ !inputs.skip_pypi }}
104- run : make release-prod
105- env :
106- PYPI_USERNAME : __token__
107- PYPI_TOKEN : ${{ secrets.PYPI_TOKEN }}
95+
96+ - name : Cache release artifact
97+ id : cache-release-build
98+ uses : actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
99+ with :
100+ path : dist/
101+ # NOTE: cache key uses a hash of (Runner OS + Version to be released + Deps)
102+ # since a new release might not change a dependency but version
103+ # otherwise we might accidentally reuse a previously cached artifact for a newer release.
104+ # The reason we don't add pyproject.toml here is to avoid racing conditions
105+ # where git checkout might happen too fast and doesn't pick up the latest version
106+ # and also future-proof for when we switch to protected branch and update via PR
107+ key : ${{ runner.os }}-${{ env.RELEASE_VERSION }}-${{ hashFiles('**/poetry.lock') }}
108+
108109 - name : Update version in trunk
109110 if : steps.versioning.outcome == 'success'
110111 run : |
@@ -115,6 +116,36 @@ jobs:
115116 git pull origin "${BRANCH}" # prevents concurrent branch update failing push
116117 git push origin HEAD:refs/heads/"${BRANCH}"
117118
119+ release :
120+ needs : build
121+ environment : release
122+ runs-on : aws-lambda-powertools_ubuntu-latest_4-core
123+ permissions :
124+ id-token : write # OIDC for PyPi Trusted Publisher feature
125+ env :
126+ RELEASE_VERSION : ${{ needs.build.outputs.RELEASE_VERSION }}
127+ steps :
128+ - uses : actions/checkout@v3
129+ - name : Restore release artifact from cache
130+ id : restore-release-build
131+ uses : actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
132+ with :
133+ path : dist/
134+ key : ${{ runner.os }}-${{ env.RELEASE_VERSION }}-${{ hashFiles('**/poetry.lock') }}
135+
136+ - name : Upload to PyPi prod
137+ if : ${{ !inputs.skip_pypi }}
138+ uses : pypa/gh-action-pypi-publish@0bf742be3ebe032c25dd15117957dc15d0cfc38d # v1.8.5
139+ with :
140+ repository-url : https://test.pypi.org/legacy/
141+
142+ # March 1st: PyPi test is under maintenance....
143+ # - name: Upload to PyPi test
144+ # if: ${{ !inputs.skip_pypi }}
145+ # uses: pypa/gh-action-pypi-publish@0bf742be3ebe032c25dd15117957dc15d0cfc38d # v1.8.5
146+ # with:
147+ # repository-url: https://test.pypi.org/legacy/
148+
118149 changelog :
119150 needs : release
120151 permissions :
@@ -124,27 +155,27 @@ jobs:
124155 # NOTE: Watch out for the depth limit of 4 nested workflow_calls.
125156 # publish_layer -> publish_v2_layer -> reusable_deploy_v2_layer_stack -> reusable_update_v2_layer_arn_docs
126157 publish_layer :
127- needs : release
158+ needs : [build, release]
128159 secrets : inherit
129160 permissions :
130161 id-token : write
131162 contents : write
132163 pages : write
133164 uses : ./.github/workflows/publish_v2_layer.yml
134165 with :
135- latest_published_version : ${{ needs.release .outputs.RELEASE_VERSION }}
166+ latest_published_version : ${{ needs.build .outputs.RELEASE_VERSION }}
136167 pre_release : ${{ inputs.pre_release }}
137168
138169 post_release :
139- needs : [release, publish_layer]
170+ needs : [build, release, publish_layer]
140171 permissions :
141172 contents : read
142173 issues : write
143174 discussions : write
144175 pull-requests : write
145176 runs-on : ubuntu-latest
146177 env :
147- RELEASE_VERSION : ${{ needs.release .outputs.RELEASE_VERSION }}
178+ RELEASE_VERSION : ${{ needs.build .outputs.RELEASE_VERSION }}
148179 steps :
149180 - uses : actions/checkout@v3
150181 - name : Close issues related to this release
0 commit comments