Skip to content
Run Release Please

chore: Adding missing permissions to stale workflow (#47) #41

Sign in to view logs

chore: Adding missing permissions to stale workflow (#47)

chore: Adding missing permissions to stale workflow (#47) #41

Workflow file for this run

.github/workflows/release-please.yml at 42104e8
name: Run Release Please
on:
push:
branches: [ main ]
jobs:
release-package:
runs-on: ubuntu-latest
permissions:
id-token: write # Needed if using OIDC to get release secrets.
contents: write # Needed for release-please to create releases.
pull-requests: write
attestations: write
steps:
- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
id: release
- uses: actions/checkout@v4
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
fetch-depth: 0 # Full history is required for proper changelog generation
- uses: actions/setup-python@v5
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
python-version: 3.9
- name: Install poetry
if: ${{ steps.release.outputs.releases_created == 'true' }}
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
- uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
if: ${{ steps.release.outputs.releases_created == 'true' }}
name: 'Get PyPI token'
with:
aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN'
- uses: ./.github/actions/build
if: ${{ steps.release.outputs.releases_created == 'true' }}
- uses: ./.github/actions/build-docs
if: ${{ steps.release.outputs.releases_created == 'true' }}
- name: Publish package distributions to PyPI
if: ${{ steps.release.outputs.releases_created == 'true' }}
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
password: ${{env.PYPI_AUTH_TOKEN}}
- name: Attest build provenance
if: ${{ steps.release.outputs.releases_created == 'true' }}
uses: actions/attest@v4
with:
subject-path: 'dist/*'