Fix release pipeline: remove PyPI (no token), fix Docker repo check, … #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Hebbian Mind Enterprise - Release Pipeline | |
| # Author: CIPS LLC | |
| # Build and publish releases on tag push | |
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| validate: | |
| name: Validate Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Run full test suite | |
| run: pytest tests/ -v --tb=short | |
| - name: Verify version matches tag | |
| run: | | |
| TAG_VERSION="${GITHUB_REF#refs/tags/v}" | |
| PKG_VERSION=$(python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])") | |
| if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then | |
| echo "Tag version ($TAG_VERSION) does not match package version ($PKG_VERSION)" | |
| exit 1 | |
| fi | |
| shell: bash | |
| build: | |
| name: Build Release Packages | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: 'pip' | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build source distribution and wheel | |
| run: python -m build | |
| - name: Verify package integrity | |
| run: twine check dist/* | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-packages | |
| path: dist/ | |
| retention-days: 30 | |
| publish-github: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-packages | |
| path: dist/ | |
| - name: Upload assets to existing release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TAG="${GITHUB_REF#refs/tags/}" | |
| # Upload dist artifacts to the existing release (created manually) | |
| for f in dist/*; do | |
| gh release upload "$TAG" "$f" --clobber || true | |
| done | |
| echo "Assets uploaded to release $TAG" | |
| publish-docker: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,prefix=sha- | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| notify: | |
| name: Release Notifications | |
| runs-on: ubuntu-latest | |
| needs: [publish-github, publish-docker] | |
| if: always() | |
| steps: | |
| - name: Check release status | |
| run: | | |
| if [ "${{ needs.publish-github.result }}" == "success" ] && \ | |
| [ "${{ needs.publish-docker.result }}" == "success" ]; then | |
| echo "Release completed successfully" | |
| else | |
| echo "Release had partial failures — check individual jobs" | |
| echo "GitHub Release: ${{ needs.publish-github.result }}" | |
| echo "Docker Image: ${{ needs.publish-docker.result }}" | |
| fi | |
| - name: Summary | |
| run: | | |
| VERSION="${GITHUB_REF#refs/tags/v}" | |
| echo "Hebbian Mind Enterprise $VERSION" | |
| echo "GitHub: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}" | |
| echo "Docker: ghcr.io/${{ github.repository }}:$VERSION" |