Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
2bb74807bce27112234b9b4d3eda183d9700f8da
AegisGitea-MCP/.gitea/workflows/publish.yml
T
Latte 4db37d200e
docker / test (push) Successful in 34s
Details
docker / lint (push) Successful in 40s
Details
lint / lint (push) Successful in 43s
Details
docker / lint (pull_request) Successful in 43s
Details
docker / test (pull_request) Successful in 34s
Details
test / test (push) Successful in 44s
Details
lint / lint (pull_request) Successful in 44s
Details
test / package (push) Successful in 1m8s
Details
test / test (pull_request) Successful in 44s
Details
test / package (pull_request) Successful in 53s
Details
docker / docker (push) Successful in 1m5s
Details
docker / docker (pull_request) Successful in 43s
Details
ci: stop artifact upload from failing the build on Gitea runners 
Gitea's act_runner does not reliably support the actions/upload-artifact@v4
backend. Drop the artifact upload from the test workflow (the package job's
purpose is to build and smoke-test, not to store wheels) and make the publish
workflow's upload best-effort (continue-on-error) so a flaky artifact backend
cannot block a release — the package is still published to the registry.
2026-06-27 15:26:56 +02:00

122 lines
4.1 KiB
YAML
Raw Blame History

name: publish
# Build the Python package with uv and publish it to the self-hosted Gitea PyPI
# registry on a version tag. Gated on lint + tests so a release can never ship
# red. Publishing reuses the existing REGISTRY_TOKEN package secret (the same one
# docker.yml uses to push images); if it is absent the job fails loudly instead
# of publishing anonymously.
on:
push:
tags:
- 'v*'
jobs:
# ---------------------------------------------------------------------------
# 1. Lint: ruff + black + mypy (same gate as the other workflows).
# ---------------------------------------------------------------------------
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run lint
run: |
ruff check src tests
ruff format --check src tests
black --check src tests
mypy src
# ---------------------------------------------------------------------------
# 2. Test: pytest with coverage gate.
# ---------------------------------------------------------------------------
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run tests
run: pytest --cov=aegis_gitea_mcp --cov-report=term-missing --cov-fail-under=80
# ---------------------------------------------------------------------------
# 3. Build with uv and publish to the Gitea PyPI registry.
# ---------------------------------------------------------------------------
publish:
needs: [lint, test]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up uv
uses: astral-sh/setup-uv@v5
- name: Require publish credentials
shell: bash
env:
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
if [ -z "${REGISTRY_TOKEN}" ]; then
echo "::error::REGISTRY_TOKEN secret is not set." >&2
echo "Configure a PAT with write:package as the REGISTRY_TOKEN Actions secret." >&2
exit 1
fi
- name: Build sdist + wheel
shell: bash
run: uv build
- name: Upload build artifacts
# Best-effort: some Gitea act_runner versions don't fully support the
# v4 artifact backend. The real deliverable is published to the registry
# below, so a failed artifact upload must not fail the release.
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/*
- name: Publish to Gitea PyPI registry
shell: bash
env:
# Reuse the existing package secret (same one docker.yml uses). The
# token authenticates as its owning Gitea user, so GITHUB_ACTOR is the
# username and the token is the password.
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
uv publish \
--publish-url https://git.hiddenden.cafe/api/packages/Hiddenden/pypi \
--username "${GITHUB_ACTOR}" \
--password "${REGISTRY_TOKEN}"
# Optional second step to also publish to public PyPI lives behind its own
# secret. Intentionally left as a disabled stub — this pass does NOT push
# to public PyPI.
#
# - name: Publish to public PyPI
# if: ${{ secrets.PYPI_TOKEN != '' }}
# shell: bash
# env:
# PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
# run: uv publish --username __token__ --password "${PYPI_TOKEN}"
Reference in New Issue View Git Blame Copy Permalink