Split workflow into parts

carlcsaposs-canonical · carlcsaposs-canonical · commit b218e3a7bc91 · 2025-04-28T12:34:12.000+02:00
Unable to use reusable workflow with trusted publishing pypi/warehouse#11096 Using trusted publishing in a composite action is also not supported https://github.com/marketplace/actions/pypi-publish#non-goals
diff --git a/.github/workflows/release_python_package.md b/.github/workflows/release_python_package.md
@@ -35,12 +35,39 @@ on:
       - main
 
 jobs:
-  release:
-    name: Release to PyPI
-    uses: canonical/data-platform-workflows/.github/workflows/release_python_package.yaml@v0.0.0
+  release-part1:
+    name: Release to PyPI (part 1)
+    uses: canonical/data-platform-workflows/.github/workflows/release_python_package_part1.yaml@v0.0.0
+
+  # Separate job is workaround for https://github.com/pypi/warehouse/issues/11096
+  release-trusted-publishing:
+    name: Release to PyPI (trusted publishing)
+    needs:
+      - release-part1
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    environment: production
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ needs.release-part1.outputs.artifact-name }}
+          path: dist/
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
     permissions:
-      contents: write  # Needed to create GitHub release
       id-token: write  # Needed for PyPI trusted publishing
+
+  release-part2:
+    name: Release to PyPI (part 2)
+    needs:
+      - release-part1
+      - release-trusted-publishing
+    uses: canonical/data-platform-workflows/.github/workflows/release_python_package_part2.yaml@v0.0.0
+    with:
+      git-tag: ${{ needs.release-part1.outputs.git-tag }}
+    permissions:
+      contents: write  # Needed to create GitHub release
 ```
 
 ### Step 3: Add `check_pr.yaml` file to `.github/workflows/`
diff --git a/.github/workflows/release_python_package_part1.yaml b/.github/workflows/release_python_package_part1.yaml
@@ -1,25 +1,31 @@
 on:
   workflow_call:
-
-concurrency:
-  # Prevent race conditions
-  # (If multiple commits have been pushed since the last release, this workflow may get triggered
-  # on multiple commits. Without this, if the)
-  group: dpw-release-python-package-${{ github.ref }}
-  cancel-in-progress: true
+    outputs:
+      git-tag:
+        description: Semantic version git tag
+        value: ${{ jobs.tag.outputs.tag }}
+      artifact-name:
+        description: Python package distributions are uploaded to this GitHub artifact name
+        value: python-package-distributions
 
 jobs:
   tag:
     name: Tag release
     runs-on: ubuntu-latest
+    concurrency:
+      # Prevent race conditions
+      # (If multiple commits have been pushed since the last release, this workflow may get triggered
+      # on multiple commits. Without this, if the) TODO
+      group: dpw-release-python-package-${{ github.ref }}
+      cancel-in-progress: true
     timeout-minutes: 5
     steps:
       - name: Get workflow version
         id: workflow-version
         uses: canonical/get-workflow-version-action@v1
         with:
           repository-name: canonical/data-platform-workflows
-          file-name: release_python_package.yaml
+          file-name: release_python_package_part1.yaml
           github-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Install CLI
         run: pipx install git+https://github.com/canonical/data-platform-workflows@'${{ steps.workflow-version.outputs.sha }}'#subdirectory=python/cli
@@ -59,28 +65,5 @@ jobs:
       - name: Store the distribution packages
         uses: actions/upload-artifact@v4
         with:
-          name: python-package-distributions
-          path: dist/
-
-  release:
-    name: Release to PyPI
-    needs:
-      - tag
-      - build
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    environment: production
-    steps:
-      - name: Download all the dists
-        uses: actions/download-artifact@v4
-        with:
-          name: python-package-distributions
+          name: python-package-distributions  # Keep in sync with `artifact-name` output
           path: dist/
-      - name: Publish to PyPI
-        # Use trusted publishing
-        # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
-        uses: pypa/gh-action-pypi-publish@release/v1
-      - name: Create GitHub release
-        run: gh release create '${{ needs.tag.outputs.tag }}' --verify-tag --generate-notes
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release_python_package_part2.yaml b/.github/workflows/release_python_package_part2.yaml
@@ -0,0 +1,20 @@
+on:
+  workflow_call:
+    git-tag:
+      description: |
+        Semantic version git tag
+
+        Use output from canonical/data-platform-workflows release_python_package_part1.yaml
+      required: true
+      type: string
+
+jobs:
+  release:
+    name: Create GitHub release
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Create GitHub release
+        run: gh release create '${{ inputs.git-tag }}' --verify-tag --generate-notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
