.github/workflows/publish.yml

name: Publish

on:
  push:
    branches:
      - main
    tags-ignore:
      - "*"

jobs:

  # -------------
  release:
    name: Create A Release
    if: github.ref == 'refs/heads/main'

    permissions:
      contents: write
      id-token: write

    outputs:
      TAG: ${{ steps.semver.outputs.nextStrict }}

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          # Personal Access Token enables git push in actions (repo contents permission)
          token: ${{ secrets.PAT }}

      - name: Calculate next version
        id: semver
        uses: ietf-tools/semver-action@v1.8.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Get current version
        id: current
        run: echo "version=$(pipx run hatch version | tr -d '\n')" >> $GITHUB_OUTPUT

      - if: ${{ steps.current.outputs.version == steps.semver.outputs.nextStrict || !steps.current.outputs.version }}
        run: exit 1

      - name: Commit version change and tag
        run: |
          git config --global user.name 'GitHub Automation'
          git config --global user.email 'automation[bot]@leocov.com'
          git tag ${{ steps.semver.outputs.nextStrict }}
          git push --tags

      - name: Create Build
        run: pipx run hatch build -t wheel --clean

      - name: Generate Build Signatures
        uses: sigstore/gh-action-sigstore-python@v2.1.1
        with:
          inputs: ./dist/*

      - name: Generate Changelog
        id: changelog
        uses: requarks/changelog-action@v1.9.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          tag: ${{ steps.semver.outputs.nextStrict }}
          excludeScopes: "release"

      - uses: ncipollo/release-action@v1
        with:
          artifacts: "dist/*"
          tag: ${{ steps.semver.outputs.nextStrict }}
          name: "Release v${{ steps.semver.outputs.nextStrict }}"
          body: ${{ steps.changelog.outputs.changelog }}


  # -------------
  pypi:
    name: Publish to PyPi
    needs: [ release ]

    permissions:
      id-token: write

    environment:
      name: pypi
      url: https://pypi.org/p/pyside-app-core

    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download Release Assets
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh release download ${{ needs.release.outputs.TAG }} --dir dist -p "*.whl" -p "*.tar.gz"

      # trusted publishing workflow:
      # https://docs.pypi.org/trusted-publishers/adding-a-publisher/
      - name: Publish To PyPi
        uses: pypa/gh-action-pypi-publish@release/v1.9