galaxy/.github/workflows/publish_artifacts.yaml at dev · ahmedhamidawan/galaxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Publish release artifacts
on:
  release:
    types: [released, prereleased]
  workflow_dispatch:
    inputs:
      release_type:
        description: 'create release or prerelease artifact ?'
        required: true
        default: 'prerelease'
        type: choice
        options:
        - release
        - prerelease
      release_tag:
        description: 'Specify tag to build for'
        required: true
        type: string
jobs:
  check-permissions:
    if: github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest
    steps:
      - name: Check if user can create releases
        run: |
          PERMISSION=$(gh api repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
          if [[ "$PERMISSION" != "admin" ]]; then
            echo "Error: Only repository admins can manually trigger release artifacts"
            exit 1
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  build-python-packages:
    if: |
      github.repository_owner == 'galaxyproject' &&
      (github.event_name == 'release' ||
       (github.event_name == 'workflow_dispatch' && !cancelled() && !failure()))
    needs: [check-permissions]
    name: Build Python packages for PyPI
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || '' }}
          persist-credentials: false
      - uses: actions/setup-python@v6
        with:
          python-version: '3.10'
      - name: Install uv
        uses: astral-sh/setup-uv@v7
      - name: Install script dependencies
        run: uv tool install galaxy-release-util
      - name: Build Python packages
        run: |
          galaxy-release-util build
      - name: Move all built packages to dist/
        run: |
          mkdir -p dist
          for dir in $(find packages/ -mindepth 2 -maxdepth 2 -type d -name dist); do
              mv ${dir}/* dist/
          done
          ls dist/
      - uses: actions/upload-artifact@v7
        with:
          name: packages
          path: dist/

  pypi-publish:
    if: always() && needs.build-python-packages.result == 'success'
    needs: [build-python-packages]
    name: Upload packages to PyPI
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - uses: actions/download-artifact@v8
        with:
          name: packages
          path: dist
      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: ${{ (github.event_name == 'workflow_dispatch' && inputs.release_type == 'prerelease') || (github.event_name == 'release' && github.event.release.prerelease) && 'https://test.pypi.org/legacy/' || 'https://upload.pypi.org/legacy/' }}

  build-and-publish-npm:
    if: |
      github.repository_owner == 'galaxyproject' &&
      (github.event_name == 'release' ||
       (github.event_name == 'workflow_dispatch' && !cancelled() && !failure()))
    needs: [check-permissions]
    name: Build and Publish to NPM
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || '' }}
          persist-credentials: false
      - name: Read Node.js version
        id: node-version
        run: echo "version=$(cat client/.node_version)" >> $GITHUB_OUTPUT
      - uses: actions/setup-node@v6
        with:
          node-version: ${{ steps.node-version.outputs.version }}
          registry-url: 'https://registry.npmjs.org'
      - name: Setup pnpm
        uses: pnpm/action-setup@v5
      # TODO(post-26.1): the @galaxyproject/galaxy-client npm publish is now
      # redundant with the galaxy-web-client PyPI wheel used by
      # scripts/common_startup.sh and the install-client make target.  Keep
      # publishing for at least one release cycle in case external consumers
      # depend on it; once verified unused, drop the build+publish steps
      # below (leave the client-api publish intact).
      - name: build client
        run: pnpm install && pnpm build-production
        working-directory: 'client'
      # Ensure npm 11.5.1 or later for trusted publishing
      - run: npm install -g npm@latest
        working-directory: 'client'
      - name: publish client
        if: (github.event_name == 'workflow_dispatch' && inputs.release_type == 'release') || (github.event_name == 'release' && !github.event.release.prerelease)
        run: npm publish --provenance --access public
        working-directory: 'client'
      - name: sync client-api version
        run: npm run sync-version
        working-directory: 'client-api'
      - name: build client-api
        run: pnpm install && pnpm run build
        working-directory: 'client-api'
      - name: publish client-api
        if: (github.event_name == 'workflow_dispatch' && inputs.release_type == 'release') || (github.event_name == 'release' && !github.event.release.prerelease)
        run: npm publish --provenance --access public
        working-directory: 'client-api'