PYTHON-5047 & PYTHON-5062 Improve testing of publish workflows (#231)

mongodb · Jan 28, 2025 · 27f0cac · 27f0cac
1 parent 4db618f
commit 27f0cac
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -26,7 +26,7 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze ${{ matrix.language }}
     runs-on: ubuntu-latest
     timeout-minutes: 360
     permissions:
@@ -36,6 +36,12 @@ jobs:
       packages: read
       actions: read
       contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: python
+        - language: actions
 
     steps:
     - name: Checkout repository
@@ -52,7 +58,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
-        languages: python
+        languages: ${{ matrix.language }}
         build-mode: none
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         queries: security-extended
@@ -62,10 +68,11 @@ jobs:
             - 'tests/**'
 
     - shell: bash
+      if: matrix.language == 'python'
       run: |
         pip install -e .
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with:
-        category: "/language:python"
+        category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
@@ -13,13 +13,19 @@ on:
         description: "Dry Run?"
         default: false
         type: boolean
+  schedule:
+    - cron:  '30 5 * * *'
 
 env:
   # Changes per repo
   PRODUCT_NAME: django-mongodb-backend
   # Changes per branch
   SILK_ASSET_GROUP: django-mongodb-backend-main
   EVERGREEN_PROJECT: django-mongodb-backend
+  # Constant
+  DRY_RUN: ${{ inputs.dry_run == 'true' }}
+  FOLLOWING_VERSION: ${{ inputs.following_version || '' }}
+  VERSION: ${{ inputs.version || '10.10.10.10' }}
 
 defaults:
   run:
@@ -48,8 +54,8 @@ jobs:
       - uses: mongodb-labs/drivers-github-tools/python/pre-publish@v2
         id: pre-publish
         with:
-          version: ${{ inputs.version }}
-          dry_run: ${{ inputs.dry_run }}
+          version: ${{ env.VERSION }}
+          dry_run: ${{ env.DRY_RUN }}
 
   build-dist:
     needs: [pre-publish]
@@ -81,8 +87,9 @@ jobs:
         with:
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
+          attestations: ${{ env.DRY_RUN }}
       - name: Publish package distributions to PyPI
-        if: startsWith(inputs.dry_run, 'false')
+        if: startsWith(env.DRY_RUN, 'false')
         uses: pypa/gh-action-pypi-publish@release/v1
 
   post-publish:
@@ -107,10 +114,10 @@ jobs:
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
       - uses: mongodb-labs/drivers-github-tools/python/post-publish@v2
         with:
-          version: ${{ inputs.version }}
-          following_version: ${{ inputs.following_version }}
+          version: ${{ env.VERSION }}
+          following_version: ${{ env.FOLLOWING_VERSION }}
           product_name: ${{ env.PRODUCT_NAME }}
           silk_asset_group: ${{ env.SILK_ASSET_GROUP }}
           evergreen_project: ${{ env.EVERGREEN_PROJECT }}
           token: ${{ github.token }}
-          dry_run: ${{ inputs.dry_run }}
+          dry_run: ${{ env.DRY_RUN }}