From e190fd3d5f7e3292bd11dc1c5507245ea2358f5f Mon Sep 17 00:00:00 2001
From: pthierry <philippe.thierry@ledger.fr>
Date: Thu, 12 Sep 2024 13:56:30 +0200
Subject: [PATCH] ci: fixing jf upload usage

---
 .github/workflows/publish-to-jfrog.yml | 34 ++++++++++++++++++++------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/publish-to-jfrog.yml b/.github/workflows/publish-to-jfrog.yml
index aa86efc..4398ca4 100644
--- a/.github/workflows/publish-to-jfrog.yml
+++ b/.github/workflows/publish-to-jfrog.yml
@@ -17,32 +17,52 @@ jobs:
     permissions:
       id-token: write
       contents: read
+      attestations: write
 
     steps:
       - name: Set up Python 3.10
         uses: actions/setup-python@v5
         with:
           python-version: '3.10'
-      - name: Install build
+      - name: Install build basics
         run: |
-          pip install build
+          pip install build wheel-filename blob
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
       - name: build package
-        run: python3 -m build .
+        run: python3 -m build . --sdist --wheel
+      - name: get back local build version
+        id: get_pkg_version
+        run: |
+          from wheel_filename import parse_wheel_filename
+          import glob
+
+          sdist = str(glob.glob('dist/*.tar.gz')[0]);
+          pwf = parse_wheel_filename('dist/' + sdist);
+          with open(os.environ["GITHUB_OUTPUT"], "a") as gh_output:
+             delimiter = "".join(choices(ascii_letters, k=16))
+             gh_output.writelines([
+             f"pkg_version<<{delimiter}\n",
+             f"{pwf.version}\n",
+             delimiter + "\n",
+          ])
+        shell: python
       - name: Login to JFrog Ledger
         uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
       - name: set jfrog Repo URL
         run: jf pip-config --repo-resolve=${{ secrets.JFROG_PYPI_REPO_URL }}
       - name: upload package
-        run: jf rt u dist/ --build-name=dts-util-devel --build-number=1 --module=dts-utils
+        run: jf rt u --build-name=dts-util-devel --build-number=1 --module=dts-utils 'dist/*.tar.gz' 'outpost-pypi-dev-green/outpost-pypi-dev-green/'
       - name: Attest
         id: attest
         uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
         with:
-          subject-path: 'dist/*'
-          push-to-registry: true
+          subject-path: 'dist/*.tar.gz'
+          push-to-registry: false
       - name: test install from jfrog
         run: |
-          jf pip install dts-utils
+          jf pip install dts-utils~=${{ steps.get_pkg_version.outputs.pkg_version }}
           pip show dts-utils