name: Release on: push: tags: - 'v*' permissions: contents: read jobs: test: uses: ./.github/workflows/test.yml build: needs: test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.11" - name: Install uv run: | python -m pip install --upgrade pip pip install uv - name: Install dependencies run: | uvx poetry install - name: Build package run: | uvx poetry build - name: Check package run: | uvx poetry run twine check dist/* - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: dist path: dist/ publish: needs: build runs-on: ubuntu-latest environment: release permissions: id-token: write # IMPORTANT: this permission is mandatory for trusted publishing steps: - name: Download build artifacts uses: actions/download-artifact@v4 with: name: dist path: dist/ - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: skip-existing: true github-release: needs: publish runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Generate changelog id: changelog run: | # Extract version from tag VERSION=${GITHUB_REF#refs/tags/v} echo "version=$VERSION" >> $GITHUB_OUTPUT # Generate changelog (basic implementation) echo "## Changes in v$VERSION" > CHANGELOG.md echo "" >> CHANGELOG.md git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 HEAD^)..HEAD >> CHANGELOG.md || echo "- Initial release" >> CHANGELOG.md - name: Create GitHub Release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} release_name: Release v${{ steps.changelog.outputs.version }} body_path: CHANGELOG.md draft: false prerelease: false