ci: reenable release

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/MartinBernstorff/nimble-python-cookiecutter",
-  "commit": "80b90f37d8ce87ffb1ab97cf2b518fc0fd431dfb",
+  "commit": "5a729f8039fb1444652177ddd964d1560c0b941d",
   "checkout": null,
   "context": {
     "cookiecutter": {

.devcontainer/devcontainer.json

@@ -9,7 +9,6 @@
         "dockerfile": "../Dockerfile",
         "cacheFrom": "ghcr.io/martinbernstorff/personal-mnemonic-medium-devcontainer:latest"
     },
-    // "features": {},
     "customizations": {
         "vscode": {
             "extensions": [
@@ -23,9 +22,15 @@
             ]
         }
     },
+    "mounts": [
+        "source=${localEnv:HOME}/.config/gh/hosts.yml,target=/root/.config/gh/hosts.yml,type=bind,consistency=cache", // GitHub CLI authentication login
+    ],
     "features": {
         "ghcr.io/devcontainers/features/github-cli:1": {}
     },
+    "mounts": [
+        "source=${localEnv:HOME}/.config/gh/hosts.yml,target=/root/.config/gh/hosts.yml,type=bind,consistency=cache",
+    ],
     "postStartCommand": "make install"
     // Features to add to the dev container. More info: https://containers.dev/features.
     // "features": {},

.github/workflows/release.yml

@@ -1,35 +1,47 @@
 # This workflow will
-# 1) Update the version number in pyproject.toml based on the commit history
-# 2) Create a git tag
-# 3) Create a release on GitHub
-# 4) Upload the package to PyPI
+# - Find the latest version tag based on the commit history
+#   - Create a git tag for the new version
+#   - Update the version number in pyproject.toml based on the commit history
+# - Upload the package to PyPI
+# - Create a release on GitHub
 
-# name: Release
-# on:
-#   push:
-#     branches: [main]
-# jobs:
-#   release:
-#     runs-on: ubuntu-latest
-#     concurrency: release
+name: Release
+on:
+  workflow_run:
+    workflows: ["tests"]
+    types:
+      - completed
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    concurrency: release
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing using PyPI 
+      # a guide on how to set it up is available here: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
 
-#     if: ${{ github.ref == 'refs/heads/main' }}
-#     steps:
-#       # Checkout action is required for token to persist
-#       - uses: actions/checkout@v3
-#         with:
-#           fetch-depth: 0
-#           token: ${{ secrets.GITHUB_TOKEN }}
 
-#       - name: Python Semantic Release
-#         uses: relekang/[email protected]
-#         with:
-#           github_token: ${{ secrets.GITHUB_TOKEN }}
-#           # Remember to copy the [tool.semantic_release] section from pyproject.toml
-#           # as well
-#           # To enable pypi,
-#           # 1) Set upload_to_pypi to true in  pyproject.toml and
-#           # 2) Set the pypi_token in the repo
-#           # 3) Uncomment the two lines below
-#           repository_username: __token__
-#           repository_password: ${{ secrets.PYPI_API_TOKEN }}
+    if: ${{ github.ref == 'refs/heads/main' && github.event.workflow_run.conclusion == 'success'}}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PAT }}
+
+      - name: Python Semantic Release
+        id: release
+        uses: python-semantic-release/[email protected]
+        with:
+          github_token: ${{ secrets.PAT }}
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        if: steps.release.outputs.released == 'true'
+        # This action supports PyPI's trusted publishing implementation, which allows authentication to PyPI without a manually 
+        # configured API token or username/password combination. To perform trusted publishing with this action, your project's 
+        # publisher must already be configured on PyPI.
+
+      - name: Publish package distributions to GitHub Releases
+        uses: python-semantic-release/upload-to-gh-release@main
+        if: steps.release.outputs.released == 'true'
+        with:
+          github_token: ${{ secrets.PAT }}

.github/workflows/tests.yml

@@ -26,6 +26,11 @@ jobs:
           registry: ghcr.io
           username: MartinBernstorff
           password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create github hosts file
+        run: | # If this file is not created, the dev container fails because of non-existant mount
+          mkdir -p ~/.config/gh
+          touch ~/.config/gh/hosts.yml
 
       - name: Pre-build dev container image
         uses: devcontainers/[email protected]

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "personal-mnemonic-medium"
-version = "0.0.0"
+version = "0.2.0"
 authors = [{ name = "Martin Bernstorff", email = "[email protected]" }]
 description = "Personal Mnemonic Medium"
 classifiers = ["Programming Language :: Python :: 3.11"]