Skip to content

CM-22319 - Run secrets scanning asynchronously using polling mechanis… #74

CM-22319 - Run secrets scanning asynchronously using polling mechanis…

CM-22319 - Run secrets scanning asynchronously using polling mechanis… #74

Workflow file for this run

name: Build and Publish pre-release
on:
push:
branches:
- main
jobs:
pre_release:
name: Pre-Release
runs-on: ubuntu-latest
permissions:
actions: write
id-token: write
steps:
- name: Run Cimon
uses: cycodelabs/cimon-action@v0
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
prevent: true
allowed-hosts: >
files.pythonhosted.org
install.python-poetry.org
pypi.org
upload.pypi.org
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python 3.7
uses: actions/setup-python@v4
with:
python-version: '3.7'
- name: Load cached Poetry setup
id: cached-poetry
uses: actions/cache@v3
with:
path: ~/.local
key: poetry-ubuntu-0 # increment to reset cache
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@v1
with:
version: 1.5.1
- name: Add Poetry to PATH
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install Poetry Plugin
run: poetry self add "poetry-dynamic-versioning[plugin]"
- name: Check Pre-Release Version
id: check-version
run: |
echo "::debug::Package version: $(poetry version --short)"
[[ "$(poetry version --short)" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || echo prerelease=true >> $GITHUB_OUTPUT
- name: Exit if not Pre-Release Version
if: steps.check-version.outputs.prerelease != 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh run cancel ${{ github.run_id }}
gh run watch ${{ github.run_id }}
- name: Build package
run: poetry build
- name: Publish a Python distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1