-
Notifications
You must be signed in to change notification settings - Fork 0
119 lines (104 loc) · 3.72 KB
/
release.yml
File metadata and controls
119 lines (104 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Release
# Triggered by pushing a vX.Y.Z tag. The full pipeline:
# 1. tag matches pyproject.toml version
# 2. tests pass on Python 3.11/3.12/3.13
# 3. wheel + sdist build
# 4. publish to PyPI via Trusted Publishing (OIDC; no token stored)
# 5. server.json version is synced to the tag, then mcp-publisher publishes
# to the MCP Registry via GitHub OIDC (no token stored)
# 6. GitHub Release is created with notes from the tag annotation
#
# Setup, one-time, on PyPI:
# https://pypi.org/manage/project/web3-docs-mcp/settings/publishing/
# → "Add a new trusted publisher"
# → owner=dioptx, repo=web3-docs, workflow=release.yml, environment=pypi
#
# Setup, one-time, on GitHub:
# Settings → Environments → New environment → name "pypi" (no protection
# rules needed for a personal project; required by Trusted Publishing).
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
permissions:
contents: write # for `gh release create`
id-token: write # for PyPI Trusted Publishing + MCP Registry OIDC
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
python-version: ["3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
- run: uv python install ${{ matrix.python-version }}
- run: uv sync --extra test
- run: uv run pytest -q
release:
needs: test
runs-on: ubuntu-latest
environment: pypi # required name for PyPI Trusted Publishing config
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
- name: Verify tag matches pyproject.toml version
id: version
run: |
tag="${GITHUB_REF#refs/tags/v}"
ver=$(awk -F'"' '/^version = /{print $2; exit}' pyproject.toml)
if [ "$tag" != "$ver" ]; then
echo "::error::Tag v$tag does not match pyproject.toml version $ver"
exit 1
fi
echo "version=$ver" >> "$GITHUB_OUTPUT"
- name: Build wheel + sdist
run: uv build
- name: Publish to PyPI (Trusted Publishing — no token)
uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: true
- name: Wait for PyPI propagation
env:
VER: ${{ steps.version.outputs.version }}
run: |
for i in $(seq 1 30); do
curl -sf "https://pypi.org/pypi/web3-docs-mcp/$VER/json" >/dev/null && exit 0
sleep 5
done
echo "::error::PyPI propagation timed out after 150s"; exit 1
- name: Sync server.json version to tag
env:
VER: ${{ steps.version.outputs.version }}
run: |
jq --arg v "$VER" '.version = $v | (.packages[].version) = $v' \
server.json > server.json.tmp
mv server.json.tmp server.json
- name: Install mcp-publisher
run: |
curl -sL "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_linux_amd64.tar.gz" \
| sudo tar -xz -C /usr/local/bin mcp-publisher
- name: Validate server.json
run: mcp-publisher validate
- name: Publish to MCP Registry (GitHub OIDC — no token)
run: |
mcp-publisher login github-oidc
mcp-publisher publish
- name: Create GitHub Release with build artifacts
env:
GH_TOKEN: ${{ github.token }}
VER: ${{ steps.version.outputs.version }}
run: |
gh release create "v$VER" \
--title "v$VER" \
--notes-from-tag \
dist/*