devops-agent/.github/workflows/publish.yml at main · pavanjava/devops-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# .github/workflows/publish.yml
name: Publish to PyPI

on:
  # Manual trigger ONLY - requires explicit action
  workflow_dispatch:
    inputs:
      publish_to_pypi:
        description: 'Publish to PyPI? Type "yes" to confirm'
        required: true
        default: 'no'
        type: choice
        options:
          - 'no'
          - 'yes'
      version_tag:
        description: 'Version tag (e.g., v0.0.1)'
        required: false
        type: string

jobs:
  test:
    name: Run PreInstalls
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install .[dev]
          pip install pytest pytest-cov

  build-and-publish:
    name: Build and Publish
    needs: test
    runs-on: ubuntu-latest
    permissions:
      contents: write
    if: github.event_name == 'workflow_dispatch'

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install build tools
        run: |
          python -m pip install --upgrade pip
          pip install build twine

      - name: Build package
        run: python -m build

      - name: Check package
        run: |
          twine check dist/*
          ls -la dist/
          echo "📦 Package version: $(python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])")"

      - name: Confirm before publish
        if: github.event.inputs.publish_to_pypi == 'yes'
        run: |
          echo "⚠️  About to publish to PyPI (PRODUCTION)"
          echo "📦 Package contents:"
          ls -la dist/
          echo "✅ Proceeding with PyPI upload..."

      - name: Publish to PyPI
        if: github.event.inputs.publish_to_pypi == 'yes'
        env:
          TWINE_USERNAME: __token__
          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
        run: |
          if [ -z "$TWINE_PASSWORD" ]; then
            echo "❌ Error: PYPI_TOKEN secret is not configured!"
            echo "Please add your PyPI token to GitHub Secrets"
            exit 1
          fi

          twine upload dist/*
          echo "✅ Published to PyPI successfully!"
          echo "📦 View at: https://pypi.org/project/devops-agent/"
          echo "📥 Install: pip install devops-agent"

      - name: Skip publish message
        if: github.event.inputs.publish_to_pypi != 'yes'
        run: |
          echo "📦 Package built successfully but NOT published to PyPI"
          echo "ℹ️  This was a test run. To publish, run the workflow again with 'Publish to PyPI' set to 'yes'"