diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..52986e640b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,125 @@ +name: Publish Release + +concurrency: + # stop previous release runs if tag is recreated + group: release-${{ github.ref }} + cancel-in-progress: true + +on: + push: + tags: + # Order matters, the last rule that applies to a tag + # is the one that takes effect: + # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-branches-and-tags + - '*' + # There should be no dev tags created, but to be safe, + # let's not publish them. + - '!*.dev*' + +env: + PYPI_URL: https://pypi.org/p/djangorestframework + PYPI_TEST_URL: https://test.pypi.org/p/djangorestframework + +jobs: + build: + name: Build distribution 📦 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: "3.x" + - name: Install pypa/build + run: + python3 -m pip install build --user + - name: Build a binary wheel and a source tarball + run: python3 -m build + - name: Store the distribution packages + uses: actions/upload-artifact@v6 + with: + name: python-package-distributions + path: dist/ + + publish-to-testpypi: + name: Publish Python 🐍 distribution 📦 to TestPyPI + needs: + - build + runs-on: ubuntu-latest + environment: + name: testpypi + url: ${{ env.PYPI_TEST_URL }} + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the dists + uses: actions/download-artifact@v7 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1.13 + with: + repository-url: https://test.pypi.org/legacy/ + skip-existing: true + + publish-to-pypi: + name: Publish Python 🐍 distribution 📦 to PyPI + needs: + - build + - publish-to-testpypi + runs-on: ubuntu-latest + environment: + name: pypi + url: ${{ env.PYPI_URL }} + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the dists + uses: actions/download-artifact@v7 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1.13 + + github-release: + name: >- + Sign the Python 🐍 distribution 📦 with Sigstore + and upload them to GitHub Release + needs: + - publish-to-pypi + runs-on: ubuntu-latest + permissions: + contents: write # IMPORTANT: mandatory for making GitHub Releases + id-token: write # IMPORTANT: mandatory for sigstore + steps: + - name: Download all the dists + uses: actions/download-artifact@v7 + with: + name: python-package-distributions + path: dist/ + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v3.2.0 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: >- + gh release create + '${{ github.ref_name }}' + --repo '${{ github.repository }}' + --notes "" + - name: Upload artifact signatures to GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + run: >- + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' diff --git a/docs/community/project-management.md b/docs/community/project-management.md index 7856fedd5d..8f9fc0cd8a 100644 --- a/docs/community/project-management.md +++ b/docs/community/project-management.md @@ -63,16 +63,13 @@ The following template should be used for the description of the issue, and serv - [ ] Ensure documentation validates - Build and serve docs `mkdocs serve` - Validate links `pylinkvalidate.py -P http://127.0.0.1:8000` - - [ ] Confirm with @tomchristie that release is finalized and ready to go. + - [ ] Confirm with other maintainers that the release is finalized and ready to go. - [ ] Ensure that release date is included in pull request. - [ ] Merge the release pull request. - - [ ] Install the release tools: `pip install build twine` - - [ ] Build the package: `python -m build` - - [ ] Push the package to PyPI with `twine upload dist/*` - - [ ] Tag the release, with `git tag -a *.*.* -m 'version *.*.*'; git push --tags`. - - [ ] Deploy the documentation with `mkdocs gh-deploy`. + - [ ] Tag the release, either with `git tag -a *.*.* -m 'version *.*.*'; git push --tags` or in GitHub. + - [ ] Wait for the release workflow to run. It will build the distribution, upload it to Test PyPI, PyPI and create the GitHub release. - [ ] Make a release announcement on the [discussion group](https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework). - - [ ] Make a release announcement on twitter. + - [ ] Make a release announcement on social media (Mastodon, etc...) and on the [Django forum](https://forum.djangoproject.com/). - [ ] Close the milestone on GitHub. To modify this process for future releases make a pull request to the [project management](https://www.django-rest-framework.org/topics/project-management/) documentation.