feat: simplify the pypi actions

opentargets · Feb 12, 2025 · 8c85f4c · 8c85f4c
1 parent 8dd700b
commit 8c85f4c
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 65 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -16,96 +16,70 @@ env:
 
 jobs:
   release:
+    # Ensure the workflow can be run only from main & dev branches!
+    if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }}
     runs-on: ubuntu-latest
-    concurrency: release
     outputs:
       released: ${{ steps.semrelease.outputs.released }}
     permissions:
-      # NOTE: this enables trusted publishing.
-      # See https://github.com/pypa/gh-action-pypi-publish/tree/release/v1#trusted-publishing
-      # and https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
-      id-token: write
       contents: write
-
     steps:
-      # NOTE: commits using GITHUB_TOKEN does not trigger workflows
-      - uses: actions/create-github-app-token@v1
-        id: trigger-token
-        with:
-          app-id: ${{ vars.TRIGGER_WORKFLOW_GH_APP_ID}}
-          private-key: ${{ secrets.TRIGGER_WORKFLOW_GH_APP_KEY }}
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          repository: opentargets/gentropy
-          token: ${{ secrets.GITHUB_TOKEN }}
-          persist-credentials: false
           ref: ${{ github.ref_name }}
-
-      - name: Python Semantic Release
+      - uses: python-semantic-release/[email protected]
         id: semrelease
-        uses: python-semantic-release/[email protected]
         with:
-          github_token: ${{ steps.trigger-token.outputs.token }}
-
-      - name: Publish package to GitHub Release
-        uses: python-semantic-release/[email protected]
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: python-semantic-release/[email protected]
         if: ${{ steps.semrelease.outputs.released }} == 'true'
-        # NOTE: allow to start the workflow when push action on tag gets executed
-        # requires using GH_APP to authenticate, otherwise push authorized with
-        # the GITHUB_TOKEN does not trigger the tag artifact workflow.
-        # see https://github.com/actions/create-github-app-token
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ steps.semrelease.outputs.tag }}
-
-      - name: Store the distribution packages
+      - uses: actions/upload-artifact@v4
         if: steps.semrelease.outputs.released == 'true'
-        uses: actions/upload-artifact@v4
         with:
           name: python-package-distributions
           path: dist/
 
-  publish-to-pypi:
+  publish-to-testpypi:
+    name: Publish 📦 in TestPyPI
     needs: release
-    name: Publish 📦 in PyPI
     if: github.ref == 'refs/heads/main' && needs.release.outputs.released == 'true'
     runs-on: ubuntu-latest
     environment:
-      name: pypi
-      url: https://pypi.org/p/gentropy
+      name: testpypi
+      url: https://test.pypi.org/p/gentropy
     permissions:
       id-token: write # IMPORTANT: mandatory for trusted publishing
     steps:
-      - name: Download all the dists
-        uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v4
         with:
           name: python-package-distributions
           path: dist/
-      - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
 
-  publish-to-testpypi:
-    name: Publish 📦 in TestPyPI
-    needs: release
+  publish-to-pypi:
+    needs:
+      - release
+      - publish-to-testpypi
+    name: Publish 📦 in PyPI
     if: github.ref == 'refs/heads/main' && needs.release.outputs.released == 'true'
     runs-on: ubuntu-latest
-
     environment:
-      name: testpypi
-      url: https://test.pypi.org/p/gentropy
+      name: pypi
+      url: https://pypi.org/p/gentropy
     permissions:
       id-token: write # IMPORTANT: mandatory for trusted publishing
     steps:
-      - name: Download all the dists
-        uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v4
         with:
           name: python-package-distributions
           path: dist/
-      - name: Publish distribution 📦 to TestPyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          repository-url: https://test.pypi.org/legacy/
+      - uses: pypa/gh-action-pypi-publish@release/v1
 
   documentation:
     needs: release
@@ -116,23 +90,10 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Python
-        uses: actions/setup-python@v4
+      - uses: actions/setup-python@v4
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-      - name: Load cached venv
-        id: cached-dependencies
-        uses: actions/cache@v4
-        with:
-          path: .venv
-          key: |
-            venv-${{ runner.os }}-\
-            ${{ env.PYTHON_VERSION_DEFAULT }}-\
-            ${{ hashFiles('**/uv.lock') }}
-      - name: Install dependencies
-        if: steps.cached-dependencies.outputs.cache-hit != 'true'
-        run: uv sync --group docs
+      - uses: astral-sh/setup-uv@v5
+      - run: uv sync --group docs
       - name: Publish docs
         run: uv run mkdocs gh-deploy --force
diff --git a/docs/assets/imgs/development-flow.png b/docs/assets/imgs/development-flow.png
diff --git a/docs/development/contributing.md b/docs/development/contributing.md
@@ -84,3 +84,27 @@ For more details on each of these steps, see the sections below.
 ### Support for python versions
 
 As of version 2.1.X gentropy supports multiple python versions. To ensure compatibility with all supported versions, unit tests are run for each of the minor python release from 3.10 to 3.12. Make sure your changes are compatible with all supported versions.
+
+### Development process
+
+The development follows simplified Git Flow process that includes usage of
+
+- `dev` (development branch)
+- `feature` branches
+- `main` (production branch)
+
+The development starts with creating new `feature` branch based on the `dev` branch. Once the feature is ready, the Pull Request for the `dev` branch is created and CI/CD Checks are performed to ensure that the code is compliant with the project conventions. Once the PR is approved, the feature branch is merged into the `dev` branch.
+
+#### Development releases
+
+One can create the dev release tagged by `vX.Y.Z-dev.V` tag. This release will not trigger the CI/CD pipeline to publish the package to the PyPi repository. The release is done by triggering the `Release` GitHub action.
+
+#### Production releases
+
+Once per week, the `Trigger PR for release` github action creates a Pull Request from `dev` to `main` branch, when the PR is approved, the `Release` GitHub action is triggered to create a production release tagged by `vX.Y.Z` tag. This release triggers the CI/CD pipeline to publish the package to the _TestPyPi_ repository. If it is successful, then the actual deployment to the _PyPI_ repository is done. The deployment to the PyPi repository must be verified by the gentropy maintainer.
+
+Below you can find a simplified diagram of the development process.
+
+<div align="center">
+  <img width="800" height="400" src="../assets/imgs/development-flow.png" alt="development process">
+</div>