diff --git a/.github/workflows/python-push.yml b/.github/workflows/python-push.yml index 1b1391b..e3c5beb 100644 --- a/.github/workflows/python-push.yml +++ b/.github/workflows/python-push.yml @@ -26,7 +26,7 @@ jobs: - name: Don't mess with line endings run: | git config --global core.autocrlf false - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true - name: Set up Python ${{ matrix.python-version }} @@ -78,28 +78,45 @@ jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write + environment: + name: release + url: https://pypi.org/p/compliance-trestle-fedramp needs: build if: github.ref == 'refs/heads/main' && github.repository == 'oscal-compass/compliance-trestle-fedramp' steps: - - uses: actions/checkout@v2 - with: - submodules: true - fetch-depth: 0 - token: ${{ secrets.ADMIN_PAT }} - - name: Set up Python 3.9 - uses: actions/setup-python@v2 - with: - python-version: 3.9 - - name: Install build tools - run: | - make develop - - name: Create release - shell: bash - env: - PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - GH_TOKEN: ${{ secrets.ADMIN_PAT }} - run: | - make release + - uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + token: ${{ secrets.ADMIN_PAT }} + - name: Set up Python 3.11 + uses: actions/setup-python@v5 + with: + python-version: 3.11 + - name: Install build tools + run: | + make develop + + # This action uses Python Semantic Release v8 + - name: Python Semantic Release + id: release + uses: python-semantic-release/python-semantic-release@v9.8.0 + with: + github_token: ${{ secrets.ADMIN_PAT }} + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + # NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true. + # See https://github.com/actions/runner/issues/1173 + if: steps.release.outputs.released == 'true' + + - name: Publish package distributions to GitHub Releases + uses: python-semantic-release/upload-to-gh-release@v9.8.0 + if: steps.release.outputs.released == 'true' + with: + github_token: ${{ secrets.ADMIN_PAT }} merge-main-to-develop: name: Merge main -> develop @@ -110,7 +127,7 @@ jobs: cancel-in-progress: true if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true ref: main diff --git a/Makefile b/Makefile index e19bf8e..bac80ca 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ code-lint: pre-commit run flake8 --all-files code-typing: - mypy --pretty trestle + mypy --pretty trestle-fedramp test:: python -m pytest -vvvv --exitfirst -n auto @@ -66,7 +66,6 @@ release:: git config --global user.email "semantic-release@github-actions" semantic-release publish - mdformat: pre-commit run mdformat --all-files diff --git a/pyproject.toml b/pyproject.toml index 38514d4..648fdfe 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,3 +11,30 @@ minversion = "6.2" testpaths = [ "tests" ] + +[tool.semantic_release] +build_command = "python setup.py sdist bdist_wheel" +version_variables = ["trestle_fedramp/__init__.py:__version__"] +commit_author = "semantic-release " +major_on_zero = false + +[tool.semantic_release.commit_parser_options] +allowed_tags = ["build", "chore", "ci", "docs", "feat", "fix", "perf", "style", "refactor", "test"] +minor_tags = ["feat"] +patch_tags = ["fix", "perf"] +default_bump_level = 0 + + +[tool.semantic_release.branches.main] +match = "(main)" +prerelease_token = "rc" +prerelease = false + +[tool.semantic_release.remote] +name = "origin" +type = "github" +ignore_token_for_push = false +insecure = false + +[tool.semantic_release.publish] +dist_glob_patterns = ["dist/*"] \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index 596a604..27dca1e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -47,7 +47,7 @@ dev = setuptools wheel yapf - python-semantic-release + python-semantic-release>=9.8.0 pep8-naming pytest-random-order python-dateutil @@ -62,13 +62,6 @@ dev = ## Constrain system pylint - - -[semantic_release] -version_variable=trestle_fedramp/__init__.py:__version__ -branch = main -upload_to_pypi = true -version_source = commit [flake8] # WARNING: This should be kept compatible with .pre-commit-config.yaml