chore: Adding missing permissions to stale workflow (#415) #139
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Release Please | |
| on: | |
| push: | |
| branches: [main] | |
| jobs: | |
| release-package: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Needed if using OIDC to get release secrets. | |
| contents: write # Needed for release-please to create releases. | |
| pull-requests: write | |
| attestations: write # Needed for artifact attestations | |
| steps: | |
| - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 | |
| id: release | |
| - uses: actions/checkout@v4 | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| with: | |
| python-version: "3.10" | |
| - name: Install poetry | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 # v3.0.0 | |
| - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0 | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| name: "Get PyPI token" | |
| with: | |
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | |
| ssm_parameter_pairs: "/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN" | |
| - uses: ./.github/actions/build | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| - uses: ./.github/actions/build-docs | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| - name: Publish package distributions to PyPI | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| password: ${{env.PYPI_AUTH_TOKEN}} | |
| - name: Attest build provenance | |
| if: ${{ steps.release.outputs.releases_created == 'true' }} | |
| uses: actions/attest@v4 | |
| with: | |
| subject-path: 'dist/*' |