From 7034ccc60df8294f4e9595a95196200f5e7465d7 Mon Sep 17 00:00:00 2001 From: Emily Rockman Date: Tue, 16 Jan 2024 21:07:24 -0600 Subject: [PATCH] fix up publishing --- .github/workflows/build_hatch.yml | 140 +--------- .github/workflows/github_release_hatch.yml | 250 ++++++++++++++++++ .../pypi_release_trusted_publisher.yml | 216 +++++++++++++++ .github/workflows/release.yml | 19 +- 4 files changed, 476 insertions(+), 149 deletions(-) create mode 100644 .github/workflows/github_release_hatch.yml create mode 100644 .github/workflows/pypi_release_trusted_publisher.yml diff --git a/.github/workflows/build_hatch.yml b/.github/workflows/build_hatch.yml index c7c898a9..42b6aad1 100644 --- a/.github/workflows/build_hatch.yml +++ b/.github/workflows/build_hatch.yml @@ -8,8 +8,6 @@ # │ ├── dbt-*.whl # └── .md # -# Build artifacts get stored in S3 to a bucket with the following directory structure: -# "s3:////////" # # Notes: # - resolves based on `test_run` and `nightly_release` inputs. @@ -27,7 +25,6 @@ # sha: The commit to attach to this release # version_number: The release version number (i.e. 1.0.0b1, 1.2.3rc2, 1.0.0) # changelog_path: Path to the changelog file for release notes -# s3_bucket_name: AWS S3 bucket name # package_test_command: Command to use to check package runs # test_run: Test run (Bucket to upload the artifact) # nightly_release: Identifier that this is nightly release @@ -42,9 +39,7 @@ # Validation Checks # # 1. Make sure the sha has a changelog entry for this version and the version bump has been completed. -# 2. Check if build already exists in AWS s3 bucket. It will live in a bucket following the env.s3 naming convention below. -# If it does exist, upload it to the GitHub artifacts and skip the rest of the workflow. -# 3. Only upload artifacts and changelog to S3 if tests pass +# 2. Upload artifacts name: Build @@ -60,10 +55,6 @@ on: changelog_path: required: true type: string - s3_bucket_name: - required: true - default: "core-team-artifacts" - type: string package_test_command: required: true default: "dbt --version" @@ -107,7 +98,6 @@ jobs: echo The last commit sha in the release: ${{ inputs.sha }} echo The release version number: ${{ inputs.version_number }} echo The changelog path: ${{ inputs.changelog_path }} - echo The s3 bucket name: ${{ inputs.s3_bucket_name }} echo The package test command: ${{ inputs.package_test_command }} echo Test run: ${{ inputs.test_run }} echo Nightly release: ${{ inputs.nightly_release }} @@ -117,33 +107,6 @@ jobs: echo Python target version: ${{ env.PYTHON_TARGET_VERSION }} echo Notification prefix: ${{ env.NOTIFICATION_PREFIX }} - resolve-aws-bucket: - runs-on: ubuntu-latest - outputs: - aws-s3-bucket: ${{ steps.bucket_path.outputs.path }} - - steps: - - name: "Resolve S3 Bucket Path" - id: bucket_path - run: | - # Resolve folder to upload/check build artifact - artifact_folder="artifacts" - if [[ ${{ inputs.nightly_release }} == true ]] - then - artifact_folder="nightly-releases" - elif [[ ${{ inputs.test_run }} == true ]] - then - artifact_folder="artifacts_testing" - fi - # Generate path for build artifact. - # Include commit in path in case release commit gets updates on subsequent runs - bucket_path="s3://${{ inputs.s3_bucket_name }}/${{ github.repository }}/$artifact_folder/${{ inputs.version_number }}/${{ inputs.sha }}" - echo "path=$bucket_path" >> $GITHUB_OUTPUT - # Send notification - title="S3 Bucket Path" - echo "$title: $bucket_path" - echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$bucket_path" - audit-version-changelog: # Make sure the changelog has been generated and the version is up to date runs-on: ubuntu-latest @@ -154,6 +117,11 @@ jobs: with: ref: ${{ inputs.sha }} + - name: "Set up Python & Hatch - ${{ env.PYTHON_TARGET_VERSION }}" + uses: ./.github/actions/setup-python-env + with: + python-version: "3.11" + - name: "Audit Version And Parse Into Parts" id: semver uses: dbt-labs/actions/parse-semver@v1.1.0 @@ -190,75 +158,10 @@ jobs: exit 1 fi - check-build-exists: - runs-on: ubuntu-latest - needs: [audit-version-changelog, resolve-aws-bucket] - - outputs: - is_exists: ${{ steps.artifact_exists.outputs.is_exists }} - - steps: - - name: "Configure AWS Credentials" - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: "Copy Artifact From S3 Via CLI" - run: | - aws s3 cp ${{ needs.resolve-aws-bucket.outputs.aws-s3-bucket }} . --recursive # since it's an entire directory - - - name: "[DEBUG] Display Structure Of All Downloaded Files" - run: ls -R - - - name: "Check Artifact Integrity" - id: artifact_integrity - uses: andstor/file-existence-action@v2 - with: - files: "${{ inputs.changelog_path }}, dist/*.tar.gz, dist/*.whl" - - # upload the files downloaded from S3 to artifacts so we don't have to keep - # downloading from S3 - - name: "Upload Artifact From S3 To GitHub" - if: ${{ steps.artifact_integrity.outputs.files_exists == 'true' }} - uses: actions/upload-artifact@v3 - with: - name: ${{ inputs.version_number }} - path: | - ${{ inputs.changelog_path }} - dist/ - if-no-files-found: error - retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} - - - name: "[Notification] Upload Artifact From S3 To GitHub" - if: ${{ steps.artifact_integrity.outputs.files_exists == 'true' }} - run: | - title="Artifact ${{ inputs.version_number }} uploaded from S3 To GitHub" - message="The build artifact is pulled from the S3 bucket and uploaded to the GitHub artifact storage." - echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" - - - name: "Set Artifact Existence For Subsequent Jobs" - id: artifact_exists - run: echo "is_exists=${{ steps.artifact_integrity.outputs.files_exists }}" >> $GITHUB_OUTPUT - - skip-build: - runs-on: ubuntu-latest - needs: [check-build-exists] - if: ${{ needs.check-build-exists.outputs.is_exists == 'true' }} - - steps: - - name: "Build Exists, Skip To Test" - run: | - title="Build Exists in AWS S3 bucket" - message="A build already exists for version ${{ inputs.version_number }}, skipping build job." - echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" - unit: name: Unit Test runs-on: ubuntu-latest - needs: [audit-version-changelog, check-build-exists] - if: ${{ needs.check-build-exists.outputs.is_exists == 'false' }} + needs: [audit-version-changelog] steps: - name: "Checkout ${{ github.repository }} Commit ${{ inputs.sha }}" @@ -298,6 +201,7 @@ jobs: run: | hatch build + # upload artifact in case something fails in verification so we can look at it - name: "Upload Build Artifact - ${{ inputs.version_number }}" uses: actions/upload-artifact@v3 with: @@ -365,31 +269,3 @@ jobs: - name: "Check source distributions" run: | pip freeze | grep dbt-common - - upload-artifacts-aws: - runs-on: ubuntu-latest - needs: [test-build, resolve-aws-bucket] - - steps: - - name: "Download Artifact ${{ inputs.version_number }}" - uses: actions/download-artifact@v3 - with: - name: ${{ inputs.version_number }} - path: . - - - name: "Display Structure Of All Downloaded Files" - run: ls -R - - - name: "Configure Aws Credentials" - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: "Upload Artifact To S3 Via CLI" - run: | - aws s3 cp . ${{ needs.resolve-aws-bucket.outputs.aws-s3-bucket }} --recursive # since it's an entire directory - title="Artifact ${{ inputs.version_number }} uploaded to AWS S3 bucket" - message="S3 path: ${{ needs.resolve-aws-bucket.outputs.aws-s3-bucket }}" - echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" diff --git a/.github/workflows/github_release_hatch.yml b/.github/workflows/github_release_hatch.yml new file mode 100644 index 00000000..4828fdc5 --- /dev/null +++ b/.github/workflows/github_release_hatch.yml @@ -0,0 +1,250 @@ +# **what?** +# Create a new release on GitHub and include any artifacts in the `/dist` directory of the GitHub artifacts store. +# +# Inputs: +# sha: The commit to attach to this release +# version_number: The release version number (i.e. 1.0.0b1, 1.2.3rc2, 1.0.0) +# changelog_path: Path to the changelog file for release notes +# test_run: Test run (Publish release as draft) +# +# **why?** +# Reusable and consistent GitHub release process. +# +# **when?** +# Call after a successful build. Build artifacts should be ready to release and live in a dist/ directory. +# +# This workflow expects the artifacts to already be built and living in the artifact store of the workflow. +# +# Validation Checks +# +# 1. If no release already exists for this commit and version, create the tag and release it to GitHub. +# 2. If a release already exists for this commit, skip creating the release but finish with a success. +# 3. If a release exists for this commit under a different tag, fail. +# 4. If the commit is already associated with a different release, fail. + +# TODO: figure out hwo to detect this is actually latest and not a patch non an older minor version so the lestest is always the latest + +name: GitHub Release + +on: + workflow_call: + inputs: + sha: + description: The commit to attach to this release + required: true + type: string + version_number: + description: The release version number (i.e. 1.0.0b1) + required: true + type: string + changelog_path: + description: Path to the changelog file for release notes + required: true + type: string + test_run: + description: Test run (Publish release as draft) + required: true + type: boolean + outputs: + tag: + description: The path to the changelog for this version + value: ${{ jobs.check-release-exists.outputs.tag }} + +permissions: + contents: write + +env: + REPO_LINK: ${{ github.server_url }}/${{ github.repository }} + NOTIFICATION_PREFIX: "[GitHub Release]" + +jobs: + log-inputs: + runs-on: ubuntu-latest + steps: + - name: "[DEBUG] Print Variables" + run: | + echo The last commit sha in the release: ${{ inputs.sha }} + echo The release version number: ${{ inputs.version_number }} + echo Expected Changelog path: ${{ inputs.changelog_path }} + echo Test run: ${{ inputs.test_run }} + echo Repo link: ${{ env.REPO_LINK }} + echo Notification prefix: ${{ env.NOTIFICATION_PREFIX }} + + check-release-exists: + runs-on: ubuntu-latest + outputs: + exists: ${{ steps.release_check.outputs.exists }} + draft_exists: ${{ steps.release_check.outputs.draft_exists }} + tag: ${{ steps.set_tag.outputs.tag }} + + steps: + - name: "Generate Release Tag" + id: set_tag + run: echo "tag=v${{ inputs.version_number }}" >> $GITHUB_OUTPUT + + # When the GitHub CLI doesn't find a release for the given tag, it will exit 1 with a + # message of "release not found". In our case, it's not an actual error, just a + # confirmation that the release does not already exists so we can go ahead and create it. + # The `|| true` makes it so the step does not exit with a non-zero exit code + # Also check if the release already exists in draft state. If it does, and we are not + # testing then we can publish that draft as is. If it's in draft and we are testing, skip the + # release. + - name: "Check If Release Exists For Tag ${{ steps.set_tag.outputs.tag }}" + id: release_check + run: | + output=$((gh release view ${{ steps.set_tag.outputs.tag }} --json isDraft,targetCommitish --repo ${{ env.REPO_LINK }}) 2>&1) || true + if [[ "$output" == "release not found" ]] + then + title="Release for tag ${{ steps.set_tag.outputs.tag }} does not exist." + message="Check passed." + echo "exists=false" >> $GITHUB_OUTPUT + echo "draft_exists=false" >> $GITHUB_OUTPUT + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + exit 0 + fi + commit=$(jq -r '.targetCommitish' <<< "$output") + if [[ $commit != ${{ inputs.sha }} ]] + then + title="Release for tag ${{ steps.set_tag.outputs.tag }} already exists for commit $commit!" + message="Cannot create a new release for commit ${{ inputs.sha }}. Exiting." + echo "::error title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + exit 1 + fi + isDraft=$(jq -r '.isDraft' <<< "$output") + if [[ $isDraft == true ]] && [[ ${{ inputs.test_run }} == false ]] + then + title="Release tag ${{ steps.set_tag.outputs.tag }} already associated with the draft release." + message="Release workflow will publish the associated release." + echo "exists=false" >> $GITHUB_OUTPUT + echo "draft_exists=true" >> $GITHUB_OUTPUT + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + exit 0 + fi + title="Release for tag ${{ steps.set_tag.outputs.tag }} already exists." + message="Skip GitHub Release Publishing." + echo "exists=true" >> $GITHUB_OUTPUT + echo "draft_exists=false" >> $GITHUB_OUTPUT + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ env.REPO_LINK }} + + - name: "[DEBUG] Log Job Outputs" + run: | + echo exists: ${{ steps.release_check.outputs.exists }} + echo draft_exists: ${{ steps.release_check.outputs.draft_exists }} + echo tag: ${{ steps.set_tag.outputs.tag }} + + skip-github-release: + runs-on: ubuntu-latest + needs: [check-release-exists] + if: needs.check-release-exists.outputs.exists == 'true' + + steps: + - name: "Tag Exists, Skip GitHub Release Job" + run: | + echo title="A tag already exists for ${{ needs.check-release-exists.outputs.tag }} and commit." + echo message="Skipping GitHub release." + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + + audit-release-different-commit: + runs-on: ubuntu-latest + needs: [check-release-exists] + if: needs.check-release-exists.outputs.exists == 'false' + + steps: + - name: "Check If Release Already Exists For Commit" + uses: cardinalby/git-get-release-action@1.2.4 + id: check_release_commit + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + commitSha: ${{ inputs.sha }} + doNotFailIfNotFound: true # returns blank outputs when not found instead of error + searchLimit: 15 # Since we only care about recent releases, speed up the process + + - name: "[DEBUG] Print Release Details" + run: | + echo steps.check_release_commit.outputs.id: ${{ steps.check_release_commit.outputs.id }} + echo steps.check_release_commit.outputs.tag_name: ${{ steps.check_release_commit.outputs.tag_name }} + echo steps.check_release_commit.outputs.target_commitish: ${{ steps.check_release_commit.outputs.target_commitish }} + echo steps.check_release_commit.outputs.prerelease: ${{ steps.check_release_commit.outputs.prerelease }} + + # Since we already know a release for this tag does not exist, if we find anything it's for the wrong tag, exit + - name: "Check If The Tag Matches The Version Number" + if: steps.check_release_commit.outputs.id != '' + run: | + title="Tag ${{ steps.check_release_commit.outputs.tag_name }} already exists for this commit!" + message="Cannot create a new tag for ${{ needs.check-release-exists.outputs.tag }} for the same commit" + echo "::error title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + exit 1 + + publish-draft-release: + runs-on: ubuntu-latest + needs: [check-release-exists, audit-release-different-commit] + if: >- + needs.check-release-exists.outputs.draft_exists == 'true' && + inputs.test_run == false + + steps: + - name: "Publish Draft Release - ${{ needs.check-release-exists.outputs.tag }}" + run: | + gh release edit $TAG --draft=false --repo ${{ env.REPO_LINK }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAG: ${{ needs.check-release-exists.outputs.tag }} + + create-github-release: + runs-on: ubuntu-latest + needs: [check-release-exists, audit-release-different-commit] + if: needs.check-release-exists.outputs.draft_exists == 'false' + + steps: + - name: "Download Artifact ${{ inputs.version_number }}" + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.version_number }} + path: . + + - name: "[DEBUG] Display Structure Of All Downloaded Files" + run: ls -R + + - name: "Set Release Type" + id: release_type + run: | + if ${{ contains(inputs.version_number, 'rc') || contains(inputs.version_number, 'b') }} + then + echo Release will be set as pre-release + echo "prerelease=--prerelease" >> $GITHUB_OUTPUT + else + echo This is not a prerelease + fi + + - name: "Set As Draft Release" + id: draft + run: | + if [[ ${{ inputs.test_run }} == true ]] + then + echo Release will be published as draft + echo "draft=--draft" >> $GITHUB_OUTPUT + else + echo This is not a draft release + fi + + - name: "GitHub Release Workflow Annotation" + run: | + title="Release ${{ needs.check-release-exists.outputs.tag }}" + message="Configuration: ${{ steps.release_type.outputs.prerelease }} ${{ steps.draft.outputs.draft }}" + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + + - name: "Create New GitHub Release - ${{ needs.check-release-exists.outputs.tag }}" + run: | + gh release create $TAG ./dist/* --title "$TITLE" --notes-file $RELEASE_NOTES --target $COMMIT $PRERELEASE $DRAFT --repo ${{ env.REPO_LINK }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAG: ${{ needs.check-release-exists.outputs.tag }} + TITLE: ${{ github.event.repository.name }} ${{ needs.check-release-exists.outputs.tag }} + RELEASE_NOTES: ${{ inputs.changelog_path }} + COMMIT: ${{ inputs.sha }} + PRERELEASE: ${{ steps.release_type.outputs.prerelease }} + DRAFT: ${{ steps.draft.outputs.draft }} diff --git a/.github/workflows/pypi_release_trusted_publisher.yml b/.github/workflows/pypi_release_trusted_publisher.yml new file mode 100644 index 00000000..2b06251f --- /dev/null +++ b/.github/workflows/pypi_release_trusted_publisher.yml @@ -0,0 +1,216 @@ +# **what?** +# After releasing to GitHub, release to PyPI +# +# Inputs: +# version_number: The release version number (i.e. 1.0.0b1, 1.2.3rc2, 1.0.0) +# test_run : Test run (true - release to Test PyPI, false - release to PyPI) +# +# **why?** +# Automate the release process +# +# **when?** +# After successfully releasing to GitHub +# +# Assumptions +# 1. The name of the repository is the name of the package on PyPI +# +# Validation Checks +# 1. If the provided version is not uploaded to PyPI yet, release it. +# 2. Release to test or prod package index, depending on the value of test_run input. +# 3. Check PyPI at the end to validate that the version has been uploaded to package index. + +name: PyPI release + +on: + workflow_call: + inputs: + version_number: + description: "The tag for the release (ie. v1.0.0b1)" + required: true + type: string + test_run: + description: "" + required: true + type: boolean + # pass through secrets for both PyPi Test and Prod so they're always there + secrets: + PYPI_API_TOKEN: + description: PyPI API token + required: true + TEST_PYPI_API_TOKEN: + description: Test PyPI API token + required: true + +permissions: + contents: read + +env: + NOTIFICATION_PREFIX: "[PyPI Release]" + +jobs: + log-inputs: + runs-on: ubuntu-latest + steps: + - name: "[DEBUG] Print Variables" + run: | + echo The release version number: ${{ inputs.version_number }} + echo Release to test PyPI: ${{ inputs.test_run }} + + sanitize-package-name: + runs-on: ubuntu-latest + + outputs: + name: ${{ steps.package-name.outputs.name }} + + steps: + - name: "Sanitize Package Name" + id: package-name + run: | + repo_name=${{ github.event.repository.name }} + test_suffix="-release-test" + name=${repo_name%"$test_suffix"} + echo "name=$name" >> $GITHUB_OUTPUT + + check-package-exists-pypi: + runs-on: ubuntu-latest + needs: [sanitize-package-name] + + outputs: + exists: ${{ steps.version_existence.outputs.is_exists }} + + steps: + - name: "Audit Version And Parse Into Parts" + id: semver + uses: dbt-labs/actions/parse-semver@v1.1.0 + with: + version: ${{ inputs.version_number }} + + - name: "Fetch PyPI Info For ${{ steps.semver.outputs.version }} Package" + id: pypi_info + uses: dbt-labs/actions/py-package-info@v1.1.0 + with: + package: ${{ needs.sanitize-package-name.outputs.name }} + version: ${{ steps.semver.outputs.version }} + check-test-index: ${{ inputs.test_run }} + retries: 1 + + - name: "Set Version Existence For Subsequent Jobs" + # The above step will just use the latest version if the input version + # is not found. So to validate the version we want to release exists + # we need to compare the output version. + id: version_existence + run: | + is_exists=false + if [[ ${{ steps.pypi_info.outputs.version }} == ${{ steps.semver.outputs.version }} ]] + then + is_exists=true + fi + echo "is_exists=$is_exists" >> $GITHUB_OUTPUT + + skip-pypi-release: + runs-on: ubuntu-latest + needs: [sanitize-package-name, check-package-exists-pypi] + if: needs.check-package-exists-pypi.outputs.exists == 'true' + + steps: + - name: "[Notification] Package Version Already Live In Package Index. Skip Upload." + run: | + title="Package version already live in package index" + version=${{ inputs.version_number }} + package_name=${{ needs.sanitize-package-name.outputs.name }} + package_index="PyPI" + if [[ ${{ inputs.test_run }} == true ]] + then + package_index="Test PyPi" + fi + message="The version $version of package $package_name already lives in the $package_index. The upload to the package index will be skipped." + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + + test-pypi-release: + runs-on: ubuntu-latest + needs: [sanitize-package-name, check-package-exists-pypi] + if: >- + needs.check-package-exists-pypi.outputs.exists == 'false' && + inputs.test_run == true + + environment: PypiTest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + steps: + - name: "Download Build Artifact - ${{ inputs.version_number }}" + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.version_number }} + path: . + + - name: "Publish ${{ needs.sanitize-package-name.outputs.name }} v${{ inputs.version_number }} To Test PyPI" + uses: pypa/gh-action-pypi-publish@v1 + + prod-pypi-release: + runs-on: ubuntu-latest + needs: [sanitize-package-name, check-package-exists-pypi] + if: >- + needs.check-package-exists-pypi.outputs.exists == 'false' && + inputs.test_run == false + + environment: PypiProd + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + steps: + - name: "Download Build Artifact - ${{ inputs.version_number }}" + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.version_number }} + path: . + + - name: "Publish ${{ needs.sanitize-package-name.outputs.name }} v${{ inputs.version_number }} To PyPI" + uses: pypa/gh-action-pypi-publish@v1 + + validate-package-available-pypi: + runs-on: ubuntu-latest + needs: [sanitize-package-name, test-pypi-release, prod-pypi-release] + # always run this step because one of the needs are always skipped. + if: always() && contains(needs.*.result, 'success') + + steps: + - name: "Audit Version And Parse Into Parts" + id: semver + uses: dbt-labs/actions/parse-semver@v1.1.0 + with: + version: ${{ inputs.version_number }} + + - name: "Fetch PyPI Info For ${{ needs.sanitize-package-name.outputs.name }} Package" + id: pypi_info + uses: dbt-labs/actions/py-package-info@v1.1.0 + with: + package: ${{ needs.sanitize-package-name.outputs.name }} + version: ${{ steps.semver.outputs.version }} + check-test-index: ${{ inputs.test_run }} + retries: 8 + + - name: "Validate PyPI Info" + id: is-version-available + run: | + is_available=false + if [[ ${{ steps.pypi_info.outputs.version }} == ${{ steps.semver.outputs.version }} ]] + then + is_available=true + fi + echo "is_available=$is_available" >> $GITHUB_OUTPUT + + - name: "Set Workflow Status" + run: | + title="Availability Validation" + if [[ ${{ steps.is-version-available.outputs.is_available }} == true ]] + then + message="The ${{ needs.sanitize-package-name.outputs.name }} v${{ steps.semver.outputs.version }} version available in PyPI." + echo "::notice title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + else + message="The info about ${{ needs.sanitize-package-name.outputs.name }} v${{ steps.semver.outputs.version }} version is not available in PyPI. Manual intervention required." + echo "::error title=${{ env.NOTIFICATION_PREFIX }}: $title::$message" + exit 1 + fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eadb3271..db69a3e6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,6 @@ on: env: ENV_SETUP_SCRIPT_PATH: "scripts/env-setup.sh" # TODO: This isn't needed for dbt-common - S3_BUCKET_NAME: "core-team-artifacts" PACKAGE_TEST_COMMAND: "tbd..." # this should probably be the hatch command/script permissions: @@ -84,7 +83,6 @@ jobs: echo Nightly release: ${{ inputs.nightly_release }} echo "***ENV VARS***" echo Environment setup script path: ${{ env.ENV_SETUP_SCRIPT_PATH }} - echo AWS S3 bucket name: ${{ env.S3_BUCKET_NAME }} echo Package test command: ${{ env.PACKAGE_TEST_COMMAND }} @@ -127,22 +125,17 @@ jobs: sha: ${{ needs.bump-version-generate-changelog.outputs.final_sha }} version_number: ${{ inputs.version_number }} changelog_path: ${{ needs.bump-version-generate-changelog.outputs.changelog_path }} - s3_bucket_name: ${{ env.S3_BUCKET_NAME }} package_test_command: ${{ env.PACKAGE_TEST_COMMAND }} test_run: ${{ inputs.test_run }} nightly_release: ${{ inputs.nightly_release }} - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - github-release: name: GitHub Release if: ${{ !failure() && !cancelled() }} needs: [bump-version-generate-changelog, build-test-package] - uses: dbt-labs/dbt-release/.github/workflows/github-release.yml@main + uses: dbt-labs/dbt-common/.github/workflows/github_release_hatch.yml@er/release with: sha: ${{ needs.bump-version-generate-changelog.outputs.final_sha }} @@ -150,25 +143,17 @@ jobs: changelog_path: ${{ needs.bump-version-generate-changelog.outputs.changelog_path }} test_run: ${{ inputs.test_run }} - # TODO: this should be updated to use trusted publishers for these repos. adapters could also start - # using it at that point. core/postgres are in the same repo and therefore can't use trusted publisers - # right now which is why this doesn't currently use it. It can't be updated until the project is set - # up in PyPI and we can't set it up in PyPI until we have a release. Chicken and egg. pypi-release: name: PyPI Release needs: [github-release] - uses: dbt-labs/dbt-release/.github/workflows/pypi-release.yml@main + uses: dbt-labs/dbt-common/.github/workflows/pypi_release_trusted_publisher.yml@er/release with: version_number: ${{ inputs.version_number }} test_run: ${{ inputs.test_run }} - secrets: - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - TEST_PYPI_API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }} - slack-notification: name: Slack Notification if: ${{ failure() && (!inputs.test_run || inputs.nightly_release) }}