From 8800e716ed41bfab6284289fbb8a93253fded2ef Mon Sep 17 00:00:00 2001 From: Gaurav Harsha Date: Mon, 9 Mar 2026 17:50:09 -0400 Subject: [PATCH 01/10] update python deployment github action to 1) restrict trigger only by green-mbpt, 2) automatically update the version.py and h5py attributes before deployment --- .github/workflows/build_wheels.yaml | 103 +++++++++++++++++++++++++--- 1 file changed, 92 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 900d436..2e4ca91 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -1,26 +1,107 @@ -name: Build and Publish +# Triggered by repository_dispatch from green-mbpt when a new tag is created. +# Updates version.py, updates HDF5 file version attributes, commits changes, +# creates a matching tag, and deploys the package to PyPI. + +# NOTE: A direct / manual push for release is not allowed. Releas can only be triggered +# via repository_dispatch from green-mbpt. This is to ensure that the version update and +# deployment steps are always executed when a new tag is created. + +name: Update Version and Deploy on: - push: - branches: - - main - tags: - - 'v*' - pull_request: - workflow_dispatch: + repository_dispatch: + types: [version-update] +# Canceling in-progress runs is disabled to ensure that the deployment step is not accidentally canceled if multiple tags are created in quick succession. The concurrency group is still defined to prevent multiple runs for the same tag, but it won't cancel an already running deployment if a new tag is pushed while it's still running. concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true + group: ${{ github.workflow }}-${{ github.event.client_payload.tag }} + cancel-in-progress: false # safer for PyPI deployments jobs: + update-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Generate token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.GREEN_TAG_APP_ID }} + private-key: ${{ secrets.GREEN_TAG_APP_PRIVATE_KEY }} + owner: Green-Phys + + - name: Checkout green-grids + uses: actions/checkout@v4 + with: + token: ${{ steps.generate-token.outputs.token }} + + - name: Install h5py + run: pip install h5py + + - name: Update version.py + run: | + TAG_NAME=${{ github.event.client_payload.tag }} + VERSION=${TAG_NAME#v} + sed -i "s/__version__ = \".*\"/__version__ = \"$VERSION\"/" \ + python/green_grids/version.py + + - name: Update data.h5 version attributes + run: | + TAG_NAME=${{ github.event.client_payload.tag }} + VERSION=${TAG_NAME#v} + python3 - < Date: Mon, 9 Mar 2026 19:57:19 -0400 Subject: [PATCH 02/10] Update .github/workflows/build_wheels.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/build_wheels.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 2e4ca91..4f636bb 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -2,7 +2,7 @@ # Updates version.py, updates HDF5 file version attributes, commits changes, # creates a matching tag, and deploys the package to PyPI. -# NOTE: A direct / manual push for release is not allowed. Releas can only be triggered +# NOTE: A direct / manual push for release is not allowed. Release can only be triggered # via repository_dispatch from green-mbpt. This is to ensure that the version update and # deployment steps are always executed when a new tag is created. From c7a961bcf6e5a9658e610e7d1ed5da3e35223d8f Mon Sep 17 00:00:00 2001 From: Gaurav Harsha Date: Tue, 10 Mar 2026 12:12:26 -0400 Subject: [PATCH 03/10] copilot recommendation for quoting the tag values --- .github/workflows/build_wheels.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 4f636bb..de58cfe 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -39,14 +39,14 @@ jobs: - name: Update version.py run: | - TAG_NAME=${{ github.event.client_payload.tag }} + TAG_NAME="${{ github.event.client_payload.tag }}" VERSION=${TAG_NAME#v} sed -i "s/__version__ = \".*\"/__version__ = \"$VERSION\"/" \ python/green_grids/version.py - name: Update data.h5 version attributes run: | - TAG_NAME=${{ github.event.client_payload.tag }} + TAG_NAME="${{ github.event.client_payload.tag }}" VERSION=${TAG_NAME#v} python3 - < Date: Tue, 10 Mar 2026 12:16:06 -0400 Subject: [PATCH 04/10] more comments from copilot review --- .github/workflows/build_wheels.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index de58cfe..fb2e337 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -65,6 +65,7 @@ jobs: - name: Commit and push run: | TAG_NAME="${{ github.event.client_payload.tag }}" + DEFAULT_BRANCH="${{ github.event.repository.default_branch }}" git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add python/green_grids/version.py data/ir/*.h5 data/cheb/*.h5 @@ -72,13 +73,13 @@ jobs: echo "No changes to commit, version already up to date" else git commit -m "Release $TAG_NAME" - git push origin main + git push origin "HEAD:${DEFAULT_BRANCH}" fi - name: Create and push tag run: | TAG_NAME="${{ github.event.client_payload.tag }}" - if git ls-remote --tags origin | grep -q "refs/tags/${TAG_NAME}$"; then + if git ls-remote --tags origin | grep -F -q "refs/tags/$TAG_NAME"; then echo "Tag $TAG_NAME already exists on remote, skipping" else git tag $TAG_NAME From 431dd3cec80298e8620fc5593ae8e8b094b59b9e Mon Sep 17 00:00:00 2001 From: Gaurav Harsha Date: Tue, 10 Mar 2026 12:44:17 -0400 Subject: [PATCH 05/10] move variable defs to env --- .github/workflows/build_wheels.yaml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index fb2e337..2a6d2e5 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -38,15 +38,17 @@ jobs: run: pip install h5py - name: Update version.py + env: + TAG_NAME: ${{ github.event.client_payload.tag }} run: | - TAG_NAME="${{ github.event.client_payload.tag }}" VERSION=${TAG_NAME#v} - sed -i "s/__version__ = \".*\"/__version__ = \"$VERSION\"/" \ + sed -i "s/__version__ = '.*'/__version__ = '$VERSION'/" \ python/green_grids/version.py - name: Update data.h5 version attributes + env: + TAG_NAME: ${{ github.event.client_payload.tag }} run: | - TAG_NAME="${{ github.event.client_payload.tag }}" VERSION=${TAG_NAME#v} python3 - < Date: Tue, 10 Mar 2026 14:24:30 -0400 Subject: [PATCH 06/10] add dry run mode for testing --- .github/workflows/build_wheels.yaml | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 2a6d2e5..bec93df 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -11,6 +11,16 @@ name: Update Version and Deploy on: repository_dispatch: types: [version-update] + workflow_dispatch: + inputs: + tag: + description: 'Tag to create (e.g. v0.3.3-test)' + required: true + dry_run: + description: 'Dry run - skip commit and tag creation' + required: true + default: 'true' + type: boolean # Canceling in-progress runs is disabled to ensure that the deployment step is not accidentally canceled if multiple tags are created in quick succession. The concurrency group is still defined to prevent multiple runs for the same tag, but it won't cancel an already running deployment if a new tag is pushed while it's still running. concurrency: @@ -39,7 +49,7 @@ jobs: - name: Update version.py env: - TAG_NAME: ${{ github.event.client_payload.tag }} + TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} run: | VERSION=${TAG_NAME#v} sed -i "s/__version__ = '.*'/__version__ = '$VERSION'/" \ @@ -47,7 +57,7 @@ jobs: - name: Update data.h5 version attributes env: - TAG_NAME: ${{ github.event.client_payload.tag }} + TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} run: | VERSION=${TAG_NAME#v} python3 - < Date: Tue, 10 Mar 2026 14:37:54 -0400 Subject: [PATCH 07/10] hard wire dry run --- .github/workflows/build_wheels.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index bec93df..69605bb 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -14,17 +14,16 @@ on: workflow_dispatch: inputs: tag: - description: 'Tag to create (e.g. v0.3.3-test)' + description: 'Tag to create (e.g. v0.3.3-test). Always a dry run — no commits, tags, or PyPI uploads.' required: true - dry_run: - description: 'Dry run - skip commit and tag creation' - required: true - default: 'true' - type: boolean -# Canceling in-progress runs is disabled to ensure that the deployment step is not accidentally canceled if multiple tags are created in quick succession. The concurrency group is still defined to prevent multiple runs for the same tag, but it won't cancel an already running deployment if a new tag is pushed while it's still running. +# Canceling in-progress runs is disabled to ensure that the deployment step is not +# accidentally canceled if multiple tags are created in quick succession. +# The concurrency group is still defined to prevent multiple runs for the same tag, +# but it won't cancel an already running deployment if a new tag is pushed while +# it's still running. concurrency: - group: ${{ github.workflow }}-${{ github.event.client_payload.tag }} + group: ${{ github.workflow }}-${{ github.event.client_payload.tag || github.event.inputs.tag }} cancel-in-progress: false # safer for PyPI deployments jobs: @@ -78,7 +77,7 @@ jobs: env: TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} - DRY_RUN: ${{ github.event.inputs.dry_run }} + DRY_RUN: ${{ github.event_name == 'workflow_dispatch' }} run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" @@ -98,7 +97,7 @@ jobs: - name: Create and push tag env: TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} - DRY_RUN: ${{ github.event.inputs.dry_run }} + DRY_RUN: ${{ github.event_name == 'workflow_dispatch' }} run: | if git ls-remote --tags origin | grep -F -q "refs/tags/$TAG_NAME"; then echo "Tag $TAG_NAME already exists on remote, skipping" @@ -111,6 +110,7 @@ jobs: build_sdist: needs: [update-and-deploy] + if: github.event_name == 'repository_dispatch' name: Build source distribution runs-on: ubuntu-latest steps: @@ -124,7 +124,7 @@ jobs: - uses: actions/checkout@v4 with: - ref: ${{ github.event.client_payload.tag }} + ref: ${{ github.event.client_payload.tag || github.event.inputs.tag }} fetch-depth: 0 token: ${{ steps.generate-token.outputs.token }} From e37950ea2b44157e15bcd0c722148528066ca4bd Mon Sep 17 00:00:00 2001 From: Gaurav Harsha Date: Tue, 10 Mar 2026 15:40:05 -0400 Subject: [PATCH 08/10] cleanup based on copilot reviews --- .github/workflows/build_wheels.yaml | 38 ++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 69605bb..66b6644 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -43,6 +43,20 @@ jobs: with: token: ${{ steps.generate-token.outputs.token }} + - name: Validate tag name + env: + TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} + run: | + if [ -z "$TAG_NAME" ]; then + echo "Error: TAG_NAME is empty" + exit 1 + fi + if ! echo "$TAG_NAME" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then + echo "Error: TAG_NAME '$TAG_NAME' does not match expected format vX.Y.Z" + exit 1 + fi + echo "TAG_NAME '$TAG_NAME' is valid" + - name: Install h5py run: pip install h5py @@ -59,17 +73,20 @@ jobs: TAG_NAME: ${{ github.event.client_payload.tag || github.event.inputs.tag }} run: | VERSION=${TAG_NAME#v} - python3 - < Date: Tue, 10 Mar 2026 16:16:49 -0400 Subject: [PATCH 09/10] more modifications to clean up build_wheels.yaml --- .github/workflows/build_wheels.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 66b6644..2341120 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -51,14 +51,19 @@ jobs: echo "Error: TAG_NAME is empty" exit 1 fi - if ! echo "$TAG_NAME" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then - echo "Error: TAG_NAME '$TAG_NAME' does not match expected format vX.Y.Z" + if ! echo "$TAG_NAME" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9._-]+)?$'; then + echo "Error: TAG_NAME '$TAG_NAME' does not match expected format vX.Y.Z or vX.Y.Z-suffix" exit 1 fi echo "TAG_NAME '$TAG_NAME' is valid" + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + - name: Install h5py - run: pip install h5py + run: python3 -m pip install h5py - name: Update version.py env: @@ -169,12 +174,12 @@ jobs: - uses: actions/upload-artifact@v4 with: - name: sdist + name: distributions path: dist/* if-no-files-found: error upload_pypi: - needs: [build_sdist] + needs: [build_distributions] runs-on: ubuntu-latest environment: release permissions: @@ -184,7 +189,7 @@ jobs: steps: - uses: actions/download-artifact@v4 with: - pattern: sdist + pattern: distributions path: dist merge-multiple: true From a0d9e06fad9a38428010db111cddde330448cc86 Mon Sep 17 00:00:00 2001 From: Gaurav Harsha Date: Tue, 10 Mar 2026 17:22:20 -0400 Subject: [PATCH 10/10] typo in the name of section --- .github/workflows/build_wheels.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_wheels.yaml b/.github/workflows/build_wheels.yaml index 2341120..b72c432 100644 --- a/.github/workflows/build_wheels.yaml +++ b/.github/workflows/build_wheels.yaml @@ -130,7 +130,7 @@ jobs: git push origin "$TAG_NAME" fi - build_sdist: + build_distributions: needs: [update-and-deploy] if: github.event_name == 'repository_dispatch' name: Build source distribution