From dc9f7f9a919b284f1d6f570af2a078f0932d157c Mon Sep 17 00:00:00 2001 From: Santiago Date: Thu, 21 May 2026 08:40:38 -0300 Subject: [PATCH] ci: rework release workflow as tag-triggered pipeline Reworks release.yml to conform to the umbrella SDK release pipeline contract (u5c-factory reference/sdk-pipeline-requirements.md): a v* version tag triggers verify -> build -> test -> publish. The verify job checks the pushed tag against the pyproject.toml version and fails the release if they disagree. Also fixes the previous workflow, which referenced an undefined inputs.registry-token in a non-workflow_call workflow so the PyPI token always resolved empty. Verification: workflow YAML syntactically validated only; not executed this session. Requires the PYPI_REGISTRY_TOKEN repository secret before the first release. Based on main, independent of the in-flight spec-0.19 branch. --- .github/workflows/release.yml | 74 ++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7211f61..6fd983d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,28 +1,66 @@ -name: "Release" -description: 'Publishes python package to PyPI' +name: Release +# Conforms to the umbrella SDK release pipeline contract: +# u5c-factory reference/sdk-pipeline-requirements.md on: - workflow_dispatch: push: - tags: [v*] + tags: ['v*'] jobs: - build: + verify: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + - name: Verify tag matches package version + run: | + TAG="${GITHUB_REF_NAME#v}" + MANIFEST=$(sed -nE 's/^version = "(.+)"/\1/p' pyproject.toml | head -1) + if [ "$TAG" != "$MANIFEST" ]; then + echo "::error::tag $GITHUB_REF_NAME does not match pyproject.toml version $MANIFEST" + exit 1 + fi - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.10" + build: + needs: verify + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: pipx install poetry + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + cache: poetry + # Relock first: poetry.lock is stale vs pyproject.toml (see ci.yml). + - run: poetry lock + - run: poetry install + - run: poetry build - - name: Install Poetry - shell: bash - run: pip install --no-input poetry + test: + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: pipx install poetry + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + cache: poetry + - run: poetry lock + - run: poetry install + # No pytest suite yet; import-smoke the package (see ci.yml). + - run: poetry run python -c "import utxorpc" - - name: Publish to PyPI - shell: bash - env: - PYPI_TOKEN: ${{ inputs.registry-token }} - run: | - poetry publish --build --username __token__ --password $PYPI_TOKEN + publish: + needs: test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: pipx install poetry + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + cache: poetry + - name: Publish to PyPI + env: + PYPI_REGISTRY_TOKEN: ${{ secrets.PYPI_REGISTRY_TOKEN }} + run: poetry publish --build --username __token__ --password "$PYPI_REGISTRY_TOKEN"