Utilize RUNNER_TEMP for CI invocations #337
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upload Package | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release/* | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=blint | |
| cache-to: type=gha,mode=max,scope=blint | |
| pypi: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| pipx install poetry | |
| pipx ensurepath | |
| - name: Verify Project TOML Version | |
| id: prep | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| poetry install --no-cache --all-groups --all-extras | |
| toml_version=$(echo "v"$(poetry version -s)) | |
| if [[ $toml_version != $(echo $GITHUB_REF | cut -d / -f 3) ]]; then | |
| echo "TOML version does not match tag." | |
| exit 1 | |
| fi | |
| - name: Build dist | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| poetry build --no-cache | |
| - name: Release PyPI | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| - name: Generate SBOM with cdxgen | |
| run: | | |
| npm install -g @cyclonedx/cdxgen | |
| cdxgen -t python -o bom.json $(pwd) --profile research -p | |
| - name: Upload bom to release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| bom.json | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |