diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..c86a2c6 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,79 @@ +name: Release and Publish to Google Artifact Registry + +permissions: + id-token: write + contents: read + +on: + push: + tags: + - "v*.*.*" + +jobs: + publish-gar: + name: Build and Publish to GAR + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + persist-credentials: false + + - name: Validate tag format + env: + TAG: ${{ github.ref_name }} + run: | + VERSION="${TAG#v}" + if ! [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: Invalid version format '$VERSION'. Expected format: x.y.z" + exit 1 + fi + echo "Releasing version: $VERSION (from tag: $TAG)" + + - name: Verify GitHub Release exists + env: + GH_TOKEN: ${{ github.token }} + TAG: ${{ github.ref_name }} + run: | + if ! gh release view "$TAG" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then + echo "Error: No GitHub Release found for tag '$TAG'." + echo "Create a release via GitHub UI instead of pushing tags manually." + exit 1 + fi + + - name: Verify tag is on master + env: + DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} + run: | + git fetch origin "$DEFAULT_BRANCH" --quiet + if ! git merge-base --is-ancestor "$GITHUB_SHA" "origin/$DEFAULT_BRANCH"; then + echo "Error: Tag commit $GITHUB_SHA is not reachable from origin/$DEFAULT_BRANCH." + echo "Only tags on the $DEFAULT_BRANCH branch can be published." + exit 1 + fi + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.x" + + - name: Install build dependencies + run: pip install build twine setuptools-scm + + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v3 + with: + token_format: "access_token" + workload_identity_provider: "projects/668763687485/locations/global/workloadIdentityPools/github/providers/github" + service_account: "github-experimentation@optimizely-iac.iam.gserviceaccount.com" + + - name: Build and Publish + run: | + python -m build + python -m twine upload \ + --repository-url https://us-east1-python.pkg.dev/artifact-registry-e3ca/private-python/ \ + --username oauth2accesstoken \ + --password ${{ steps.auth.outputs.access_token }} \ + dist/* diff --git a/README.md b/README.md index 93d8842..241c1f6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,10 @@ -# optimizely-platform [![Build Status](https://travis-ci.org/optimizely/optimizely-platform.svg?branch=master)](https://travis-ci.org/optimizely/optimizely-platform) +# optimizely-platform A Python package providing modules needed to build add-ons that run natively in the Optimizely platform. -TODO(jon): Add link to documentation once it's up. +## Releasing + +1. Merge your changes to `master`. +2. [Create a GitHub Release](../../releases/new) with a tag in the format `vX.Y.Z` (e.g. `v1.2.3`). + +The `publish.yaml` workflow builds and publishes to Google Artifact Registry. It will reject tags that aren't strict semver, lack a GitHub Release, or aren't on `master`. diff --git a/setup.py b/setup.py index 5b6c587..015896c 100644 --- a/setup.py +++ b/setup.py @@ -1,17 +1,17 @@ from setuptools import setup from setuptools import find_packages - - + + setup( name='optimizely-platform', - version='0.0.7', + use_scm_version=True, + setup_requires=['setuptools-scm'], description='Package providing modules needed to build add-ons that run natively in the Optimizely platform.', author='Jon Gaulding, Tyler Jones, Peng-Wen Chen, Ali Rizvi', author_email='developers@optimizely.com', license='MIT', url='https://github.com/optimizely/optimizely-platform', - download_url='https://github.com/optimizely/optimizely-platform/tarball/0.0.7', - keywords = ['optimizely', 'platform', 'integration', 'add-on'], + keywords=['optimizely', 'platform', 'integration', 'add-on'], classifiers=[ 'Development Status :: 4 - Beta', 'Environment :: Web Environment',