From 3d0eda0acf9fd3b5531ef4a1939a8886297efb59 Mon Sep 17 00:00:00 2001 From: longhao Date: Tue, 27 May 2025 14:20:34 +0800 Subject: [PATCH] feat: fix CI workflow issues and improve release automation - Add workflow_call trigger to test.yml to make it reusable by other workflows - Fix codecov action parameter from 'file' to 'files' for v4 compatibility - Update deprecated actions/create-release@v1 to softprops/action-gh-release@v2 - Add automated version bumping with commitizen - Implement PyPI trusted publishing for secure, token-free uploads - Add changelog generation with smart commit filtering - Update to Python 3.13 and enhance dependency caching - Use PERSONAL_ACCESS_TOKEN for enhanced permissions Signed-off-by: longhao --- .github/workflows/bumpversion.yml | 23 +++++ .github/workflows/release.yml | 138 +++++++++++++----------------- .github/workflows/test.yml | 5 +- 3 files changed, 87 insertions(+), 79 deletions(-) create mode 100644 .github/workflows/bumpversion.yml diff --git a/.github/workflows/bumpversion.yml b/.github/workflows/bumpversion.yml new file mode 100644 index 0000000..9aa25f4 --- /dev/null +++ b/.github/workflows/bumpversion.yml @@ -0,0 +1,23 @@ +name: Bump version + +on: + push: + branches: + - main + +jobs: + bump-version: + if: "!startsWith(github.event.head_commit.message, 'bump:')" + runs-on: ubuntu-latest + name: "Bump version and create changelog with commitizen" + steps: + - name: Check out + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + token: '${{ secrets.PERSONAL_ACCESS_TOKEN }}' + - name: Create bump and changelog + uses: commitizen-tools/commitizen-action@master + with: + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + branch: main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 602e639..05919ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,102 +1,86 @@ -name: Release +name: Upload Python Package on: push: tags: - - 'v*' - -permissions: - contents: read + - "v*" jobs: - test: - uses: ./.github/workflows/test.yml - - build: - needs: test + deploy: runs-on: ubuntu-latest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + contents: write + steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: + token: "${{ secrets.GITHUB_TOKEN }}" fetch-depth: 0 - + ref: main + - uses: olegtarasov/get-tag@v2.1.4 + id: get_tag_name + with: + tagRegex: "v(?.*)" - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.11" - - - name: Install uv + python-version: '3.13' + + # 缓存 Poetry 依赖 + - name: Cache Poetry dependencies + uses: actions/cache@v4 + with: + path: ~/.cache/pypoetry + key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} + restore-keys: | + ${{ runner.os }}-poetry- + + - name: Install Poetry run: | python -m pip install --upgrade pip pip install uv - + uv --version + - name: Install dependencies run: | uvx poetry install - - - name: Build package - run: | uvx poetry build - - - name: Check package - run: | - uvx poetry run twine check dist/* - - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: dist - path: dist/ - - publish: - needs: build - runs-on: ubuntu-latest - environment: release - permissions: - id-token: write # IMPORTANT: this permission is mandatory for trusted publishing - steps: - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: dist - path: dist/ - - - name: Publish to PyPI + + # Note that we don't need credentials. + # We rely on https://docs.pypi.org/trusted-publishers/. + - name: Upload to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - skip-existing: true - - github-release: - needs: publish - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - + packages-dir: dist + verbose: true + print-hash: true + - name: Generate changelog id: changelog - run: | - # Extract version from tag - VERSION=${GITHUB_REF#refs/tags/v} - echo "version=$VERSION" >> $GITHUB_OUTPUT - - # Generate changelog (basic implementation) - echo "## Changes in v$VERSION" > CHANGELOG.md - echo "" >> CHANGELOG.md - git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 HEAD^)..HEAD >> CHANGELOG.md || echo "- Initial release" >> CHANGELOG.md - - - name: Create GitHub Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: jaywcjlove/changelog-generator@main with: - tag_name: ${{ github.ref }} - release_name: Release v${{ steps.changelog.outputs.version }} - body_path: CHANGELOG.md - draft: false - prerelease: false + token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + filter-author: (|dependabot|renovate\[bot\]|dependabot\[bot\]|Renovate Bot) + filter: '[R|r]elease[d]\s+[v|V]\d(\.\d+){0,2}' + template: | + ## Bugs + {{fix}} + ## Feature + {{feat}} + ## Improve + {{refactor,perf,clean}} + ## Misc + {{chore,style,ci||🔶 Nothing change}} + ## Unknown + {{__unknown__}} + + - uses: ncipollo/release-action@v1 + with: + artifacts: "dist/*" + token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + body: | + Comparing Changes: ${{ steps.changelog.outputs.compareurl }} + + ${{ steps.changelog.outputs.changelog }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f99d326..af1db60 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,6 +5,7 @@ on: branches: [ main, develop ] pull_request: branches: [ main, develop ] + workflow_call: jobs: test: @@ -68,9 +69,9 @@ jobs: - name: Upload coverage to Codecov if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v4 with: - file: ./coverage.xml + files: ./coverage.xml flags: unittests name: codecov-umbrella fail_ci_if_error: false