diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 96237a1..2268988 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,7 +71,6 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: repository-url: "https://test.pypi.org/legacy/" - attestations: true github-release: name: Release on GitHub @@ -82,36 +81,58 @@ jobs: name: GitHub url: "https://github.com/ei-grad/flask-shell-ipython/releases/" permissions: - contents: write # IMPORTANT: mandatory for making GitHub Releases - id-token: write # IMPORTANT: mandatory for sigstore + contents: write + id-token: write steps: + - uses: actions/checkout@v4 + - name: Extract Version from Tag + run: echo "VERSION_FROM_GIT_REF=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + - name: Extract Version from pyproject.toml + run: | + pip install toml + VERSION_FROM_PYPROJECT=$(python -c "import toml; print(toml.load('pyproject.toml')['project']['version'])") + echo "VERSION_FROM_PYPROJECT=$VERSION_FROM_PYPROJECT" >> $GITHUB_ENV + - name: Ensure version consistency + run: | + if [ "$VERSION_FROM_GIT_REF" != "$VERSION_FROM_PYPROJECT" ]; then + echo "Error: Version from tag ($VERSION_FROM_GIT_REF) does not match version in pyproject.toml ($VERSION_FROM_PYPROJECT)" + exit 1 + fi + echo VERSION=$VERSION_FROM_GIT_REF >> $GITHUB_ENV + - name: Extract changelog for release notes + id: changelog + run: | + CHANGELOG=$(awk -v version="$VERSION" '{ + if ($0 ~ "^## \\[" version "\\]") inSection = 1; + else if ($0 ~ "^## \\[" && inSection) inSection = 0; + if (inSection) print $0; + }' CHANGELOG.md) + echo '::set-output name=section::${CHANGELOG}' + - name: Validate changelog content + if: steps.changelog.outputs.section == '' + run: echo "Changelog section for release notes is empty" && exit 1 - name: Download artifacts uses: actions/download-artifact@v4 - - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@v3.0.0 + - name: Attest build provenance + uses: actions/attest-build-provenance@v1 with: - inputs: >- - ./dist/*.tar.gz - ./dist/*.whl + subject-path: dist/* - name: Create GitHub Release env: GITHUB_TOKEN: ${{ github.token }} run: >- - gh release create - '${{ github.ref_name }}' - --repo '${{ github.repository }}' - --generate-notes + gh release create '${{ github.ref_name }}' + --draft + --notes '${{ steps.changelog.outputs.section }}' - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} run: >- - gh release upload - '${{ github.ref_name }}' dist/** - --repo '${{ github.repository }}' + gh release upload '${{ github.ref_name }}' dist/** pypi-publish: name: Release on PyPI - needs: test + needs: github-release if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') runs-on: ubuntu-latest environment: @@ -124,5 +145,3 @@ jobs: uses: actions/download-artifact@v4 - name: Publish package distributions to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - attestations: true diff --git a/pyproject.toml b/pyproject.toml index d5886fc..7f9e244 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,6 +33,7 @@ dependencies = [ [project.urls] Homepage = "https://github.com/ei-grad/flask-shell-ipython" +Changelog = "https://github.com/ei-grad/flask-shell-ipython/blob/main/CHANGELOG.md" [project.entry-points."flask.commands"] shell = "flask_shell_ipython:shell"