-
Notifications
You must be signed in to change notification settings - Fork 324
140 lines (119 loc) · 5.12 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# Copyright 2020 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Release Candidate
on:
# Only run the workflow when a PR is updated or when a developer explicitly requests
# a build by sending a 'firebase_build' event.
pull_request:
types: [opened, synchronize, closed]
repository_dispatch:
types:
- firebase_build
jobs:
stage_release:
# To publish a release, merge the release PR with the label 'release:publish'.
# To stage a release without publishing it, send a 'firebase_build' event or apply
# the 'release:stage' label to a PR.
if: github.event.action == 'firebase_build' ||
contains(github.event.pull_request.labels.*.name, 'release:stage') ||
(github.event.pull_request.merged &&
contains(github.event.pull_request.labels.*.name, 'release:publish'))
runs-on: ubuntu-latest
# When manually triggering the build, the requester can specify a target branch or a tag
# via the 'ref' client parameter.
steps:
- name: Checkout source for staging
uses: actions/checkout@v4
with:
ref: ${{ github.event.client_payload.ref || github.ref }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install setuptools wheel
pip install tensorflow
pip install keras
- name: Run unit tests
run: pytest
- name: Run integration tests
run: ./.github/scripts/run_integration_tests.sh
env:
FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
# Build the Python Wheel and the source distribution.
- name: Package release artifacts
run: python setup.py bdist_wheel sdist
# Attach the packaged artifacts to the workflow output. These can be manually
# downloaded for later inspection if necessary.
- name: Archive artifacts
uses: actions/upload-artifact@v1
with:
name: dist
path: dist
publish_release:
needs: stage_release
# Check whether the release should be published. We publish only when the trigger PR is
# 1. merged
# 2. to the master branch
# 3. with the label 'release:publish', and
# 4. the title prefix '[chore] Release '.
if: github.event.pull_request.merged &&
github.ref == 'refs/heads/master' &&
contains(github.event.pull_request.labels.*.name, 'release:publish') &&
startsWith(github.event.pull_request.title, '[chore] Release ')
runs-on: ubuntu-latest
permissions:
# Used to create a short-lived OIDC token which is given to PyPi to identify this workflow job
# See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
# and https://docs.pypi.org/trusted-publishers/using-a-publisher/
id-token: write
contents: write
steps:
- name: Checkout source for publish
uses: actions/checkout@v4
# Download the artifacts created by the stage_release job.
- name: Download release candidates
uses: actions/download-artifact@v1
with:
name: dist
- name: Publish preflight check
id: preflight
run: ./.github/scripts/publish_preflight_check.sh
# See: https://cli.github.com/manual/gh_release_create
- name: Create release tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release create ${{ steps.preflight.outputs.version }}
--title "Firebase Admin Python SDK ${{ steps.preflight.outputs.version }}"
--notes '${{ steps.preflight.outputs.changelog }}'
- name: Publish to Pypi
uses: pypa/gh-action-pypi-publish@release/v1
# Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
- name: Post to Twitter
if: success() &&
contains(github.event.pull_request.labels.*.name, 'release:tweet')
uses: firebase/firebase-admin-node/.github/actions/send-tweet@master
with:
status: >
${{ steps.preflight.outputs.version }} of @Firebase Admin Python SDK is available.
https://github.com/firebase/firebase-admin-python/releases/tag/${{ steps.preflight.outputs.version }}
consumer-key: ${{ secrets.TWITTER_CONSUMER_KEY }}
consumer-secret: ${{ secrets.TWITTER_CONSUMER_SECRET }}
access-token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access-token-secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
continue-on-error: true