.github/workflows/deploy_release_candidate_pypi.yaml

name: deploy_release_candidate_pypi

# Workflow added after https://github.com/apache/beam/commit/4183e747becebd18becee5fff547af365910fc9c
# If help is needed debugging issues, you can view the release guide at that commit for guidance on how to do this manually.
# (https://github.com/apache/beam/blob/4183e747becebd18becee5fff547af365910fc9c/website/www/site/content/en/contribute/release-guide.md)
on:
  workflow_dispatch:
    inputs:
      RELEASE:
        description: Beam version of current release (e.g. 2.XX.0)
        required: true
        default: '2.XX.0'
      RC:
        description: Integer RC version for the release (e.g. 3 for RC3)
        required: true
      PYPI_API_TOKEN:
        description: PyPi API token to perform the PyPi upload with
        required: true

env:
  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

jobs:
  deploy_release_candidate_pypi:
    runs-on: [self-hosted, ubuntu-20.04, main]
    steps:
    - name: Mask PyPi id/password
      run: |
        # Workaround for Actions bug - https://github.com/actions/runner/issues/643
        PYPI_API_TOKEN=$(jq -r '.inputs.PYPI_API_TOKEN' $GITHUB_EVENT_PATH)
        echo "::add-mask::$PYPI_API_TOKEN"
    - name: Checkout
      uses: actions/checkout@v4
    - name: Setup environment
      uses: ./.github/actions/setup-environment-action
      with:
        python-version: 3.11
        disable-cache: true
    - name: Install dependencies
      run: |
        pip install python-dateutil
        pip install requests
        pip install twine
    - name: Deploy to Pypi
      env:
        RC_TAG: "v${{ github.event.inputs.RELEASE }}-RC${{ github.event.inputs.RC }}"
        GIT_REPO_BASE_URL: https://github.com/apache/beam
        RELEASE_DIR: "beam/${{ github.event.inputs.RELEASE }}"
        RELEASE: "${{ github.event.inputs.RELEASE }}"
        SCRIPT_DIR: release/src/main/scripts
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SVN_ARTIFACTS_DIR: "beam/${{ github.event.inputs.RELEASE }}/python"
      run: |
        git fetch --all --tags --prune
        RELEASE_COMMIT=$(git rev-list -n 1 $RC_TAG)

        PYTHON_ARTIFACTS_DIR="./python"
        python "release/src/main/scripts/download_github_actions_artifacts.py" \
          --github-token-var GITHUB_TOKEN \
          --repo-url "apache/beam" \
          --rc-tag "${RC_TAG}" \
          --release-commit "${RELEASE_COMMIT}" \
          --artifacts_dir "${PYTHON_ARTIFACTS_DIR}" \
          --rc_number "${{ github.event.inputs.RC }}" \
          --yes True

        cd "${PYTHON_ARTIFACTS_DIR}"
        ls

        echo "------Checking Hash Value for apache_beam-${RELEASE}rc${{ github.event.inputs.RC }}.tar.gz-----"
        sha512sum -c "apache_beam-${RELEASE}rc${{ github.event.inputs.RC }}.tar.gz.sha512"
        
        for artifact in *.whl; do
          echo "----------Checking Hash Value for ${artifact} wheel-----------"
          sha512sum -c "${artifact}.sha512"
        done
        
        echo "===================Removing sha512 files======================="
        rm $(ls | grep -i ".*.sha512$")

        echo "====================Upload rc to pypi========================"
        mkdir dist && mv $(ls | grep apache) dist && cd dist
        echo "Will upload the following files to PyPI:"
        ls

        twine upload * -u __token__ -p "${{ github.event.inputs.PYPI_API_TOKEN }}"