planetlabs
diff --git a/‎…b/actions/python-common-setup/action.yml‎ ‎…ctions/python-build-env-setup/action.yml‎.github/actions/python-common-setup/action.yml renamed to .github/actions/python-build-env-setup/action.yml
Lines changed: 6 additions & 3 deletions b/‎…b/actions/python-common-setup/action.yml‎ ‎…ctions/python-build-env-setup/action.yml‎.github/actions/python-common-setup/action.yml renamed to .github/actions/python-build-env-setup/action.yml
Lines changed: 6 additions & 3 deletions
diff --git a/‎.github/actions/version-dot-buildnum-fetch/action.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/actions/version-dot-buildnum-fetch/action.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/actions/version-dot-buildnum-generate/action.yml‎
Lines changed: 95 additions & 0 deletions b/‎.github/actions/version-dot-buildnum-generate/action.yml‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎.github/workflows/release-build.yml‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/release-build.yml‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.github/workflows/release-orchestrate.yml‎
Lines changed: 75 additions & 0 deletions b/‎.github/workflows/release-orchestrate.yml‎
Lines changed: 75 additions & 0 deletions
@@ -5,9 +5,7 @@ inputs:
   python-version:
     description: 'Python version to use'
     required: true
-    default: 3.13
-
-# outputs:
+    default: "3.13"
 
 runs:
   using: "composite"
@@ -30,3 +28,8 @@ runs:
       shell: bash
       run: |
         pip install --upgrade nox
+
+    - name: "Build Environment"
+      shell: bash
+      run: |
+        printenv | sort
@@ -0,0 +1,25 @@
+name: 'Pull generated version and build number'
+description: |
+  Pull generated build number artifacts.
+
+inputs:
+  version-file:
+    description: |
+      file to save the version and build number file for the local build.
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Pull Build Version"
+      uses: actions/download-artifact@v4
+      with:
+        name: version-with-buildnum-file
+        path: version-with-buildnum.artifact
+    - name: "Install Build Version File"
+      shell: bash
+      run: |
+        if [ -n "${{ inputs.version-file }}" ]
+        then
+          cp -f version-with-buildnum.artifact/version-with-buildnum.txt ${{ inputs.version-file }}
+        fi
@@ -0,0 +1,95 @@
+name: 'Generate a version-with-buildnum.txt file'
+description: |
+  Generate a version string that includes a generated build number and build
+  variant appended.  The version.txt file is used to obtain the branch
+  invariant portion of the full version.  The generated build number will
+  be unique (within reason) and increasing so that within a lineage the full
+  version number encodes relative position of any build.  The generated build
+  number is not guaranteed to be sequential.
+  
+  The current implementation uses a time based build number.  Sequence numbers
+  from the CI/CD system were also considered, and can work just as well.
+  Repository hashes were not used since they neither encode the relative
+  build position nor are they unique upon rebuild.
+  
+  The generated version is output both as a job output string and as a
+  build artifact file that contains the same.
+  
+  This action assumes it is working with a Semantic Versioning version
+  number. The form of the final, full version number is
+    <branch invariant version>.<build number>-<build variant>
+  
+  References:
+    https://semver.org/
+    https://packaging.python.org/en/latest/specifications/version-specifiers/
+
+# TODO: Detect branch for consideration of constructing a build_variant automatically?
+#       Unless we have a strict branching/release policy, this may never be possible.
+# TODO: add support for epochs (e.g. "<epoch>!" prefix)
+# TODO: add support for local variants (e.g. "+<local variant>" suffix)
+# TODO: Can/should we *also* encode the SHA?  While I dislike its lack of sequence
+#       or uniqueness, it *does* encode useful information.
+
+inputs:
+  build-variant:
+    description: |
+      Build variant. E.g. "dev", "beta", "rc", etc. Use the keyword "release" for
+      production releases that should not specify a variant.
+    required: true
+
+outputs:
+  version-with-buildnum:
+    description: 'Full version with variant build number appended'
+    value: ${{ steps.generate-version-with-buildnum.outputs.version-with-buildnum }}
+  version:
+    description: 'Just the simple branch invariant version'
+    value: ${{ steps.generate-version-with-buildnum.outputs.version }}
+  buildnum:
+    description: 'Just the generated build number'
+    value: ${{ steps.generate-version-with-buildnum.outputs.buildnum }}
+  variant-normal:
+    description: 'Normalized build variant string'
+    value: ${{ steps.generate-version-with-buildnum.outputs.variant-normal }}
+  variant-raw:
+    description: 'Raw build variant string (same as input)'
+    value: ${{ steps.generate-version-with-buildnum.outputs.variant-raw }}
+
+runs:
+  using: "composite"
+  steps:
+    - id: generate-version-with-buildnum
+      name: "Prepare build version file"
+      shell: bash
+      run: |
+        # Should be closely synonymous with SCM branch
+        version_invariant=$(head -1 version.txt  | tr -d '\n')
+
+        # "pre-release" in semver
+        if [ "${{ inputs.build-variant }}" = "release" ]
+        then
+            version_variant=""
+        else
+            version_variant=${{ inputs.build-variant }}
+        fi
+
+        # Generated build number
+        build_timestamp_b10=$(date +%s)                                # Time based build number - Base 10
+        build_timestamp_b16=$(printf '%x' ${build_timestamp_b10})      # Time based build number - Base 16 - More compact, but might be interpreted as a non-digit
+        build_timestamp_bx16=$(printf '0x%x' ${build_timestamp_b10})   # As above, with leading '0x' so it's never not seen as hex (but is less compact)
+        # Python packaging doesn't like the "x" in the build number build numbers (even though it makes it less ambigious)
+        # Reverting to base 10 for now.  *sigh*
+        version_buildnum=${build_timestamp_b10}
+
+        # Putting it all together
+        printf "${version_invariant}.${version_buildnum}${version_variant:+-}${version_variant}" > version-with-buildnum.txt
+        echo "Created version-with-buildnum.txt : $(cat version-with-buildnum.txt)"
+        echo "version-with-buildnum=$(cat version-with-buildnum.txt)" | tee -a $GITHUB_OUTPUT
+        echo "version=$(cat version.txt)" | tee -a $GITHUB_OUTPUT
+        echo "buildnum=${version_buildnum}" | tee -a $GITHUB_OUTPUT
+        echo "variant-normal=${version_variant}" | tee -a $GITHUB_OUTPUT
+        echo "variant-raw=${{ inputs.build-variant }}" | tee -a $GITHUB_OUTPUT
+    - name: Save Artifacts - version-with-buildnum.txt
+      uses: actions/upload-artifact@v4
+      with:
+        name: version-with-buildnum-file
+        path: version-with-buildnum.txt
@@ -0,0 +1,67 @@
+name: Build Release Artifacts
+
+permissions:
+  actions: read
+  contents: read
+
+on:
+  workflow_dispatch:
+  workflow_call:
+
+env:
+  PYTHON_VERSION: "3.13"
+
+jobs:
+  build-packages:
+    name: Build Distribution Packages
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: Prepare common Python build environment
+        uses: ./.github/actions/python-build-env-setup
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+      - name: "Pull Build Number"
+        uses: ./.github/actions/version-dot-buildnum-fetch
+        with:
+          version-file: version-with-buildnum.txt
+      - name: 'Nox: Build Packages'
+        run: |
+          nox -s pkg_build_wheel
+      - name: 'Nox: Check Packages'
+        run: |
+          nox -s pkg_check
+      - name: "Save Artifacts - Wheel"
+        uses: actions/upload-artifact@v4
+        with:
+          name: planet-auth-wheel
+          path: dist/planet_auth*.whl
+      - name: "Save Artifacts - Source Package"
+        uses: actions/upload-artifact@v4
+        with:
+          name: planet-auth-src-targz
+          path: dist/planet_auth*.tar.gz
+
+  build-docs:
+    name: "Build Documentation Packages"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: Prepare common Python build environment
+        uses: ./.github/actions/python-build-env-setup
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+      # - name: "Pull Build Number"
+      #   uses: ./.github/actions/version-dot-buildnum-fetch
+      #   with:
+      #     version-file: version-with-buildnum.txt
+      - name: "Nox: MKDocs Build"
+        run: |
+          nox -s mkdocs_build
+      - name: "Save Artifacts - MkDocs"
+        uses: actions/upload-artifact@v4
+        with:
+          name: planet-auth-mkdocs-site
+          path: site/**
@@ -0,0 +1,75 @@
+name: Release Orchestration
+
+permissions:
+  actions: read
+  contents: read
+
+# TODO: insure we can only release from privileged branches/tags?
+
+on:
+  # push:  # Just for testing  FIXME: Remove this.
+  workflow_dispatch:
+    inputs:
+      build-variant:
+        description: "Build Variant"
+        type: choice
+        default: "dev"
+        options:
+          - dev
+          - alpha
+          - beta
+          - rc
+          - release
+
+env:
+  PYTHON_VERSION: "3.13"
+
+jobs:
+  generate-build-number:
+    name: "Generate build number"
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: "Generate unique version and build numbers"
+        id: gen-buildnum
+        uses: ./.github/actions/version-dot-buildnum-generate
+        with:
+          build-variant: ${{ inputs.build-variant }}
+      - name: "Tag repository"
+        # Tagging is part of the build number generation in part because
+        # tag uniqueness serves as a synchronization mechanism to prevent
+        # multiple releases of the same version.
+        run: |
+          set -x
+          git config --global user.email "planet-auth-python-github-cicd@planet.com"
+          git config --global user.name  "CICD for github repository ${GITHUB_REPOSITORY}"
+          if [ "${{ steps.gen-buildnum.outputs.variant-raw }}" = "release" ]
+          then
+            git tag -a -m "test tag comment for final release" "${{steps.gen-buildnum.outputs.version}}"
+            git push origin                                    "${{steps.gen-buildnum.outputs.version}}"
+          fi
+          git tag -a -m "test tag comment" "${{steps.gen-buildnum.outputs.version-with-buildnum}}"
+          git push origin                  "${{steps.gen-buildnum.outputs.version-with-buildnum}}"
+  test:
+    name: "Prerelease Tests"
+    uses: ./.github/workflows/test.yml
+    needs: generate-build-number # Doesn't really need it, but gates the pipeline to not waste time.
+  package:
+    name: "Build Release Artifacts"
+    uses: ./.github/workflows/release-build.yml
+    needs: [test, generate-build-number]
+  publish:
+    name: "Publish Release Artifacts"
+    uses: ./.github/workflows/release-publish.yml
+    needs: [package, generate-build-number]
+    secrets:
+      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
+      PYPI_API_TOKEN_TEST: ${{ secrets.PYPI_API_TOKEN_TEST }}
+    # with:
+    #   version-with-buildnumber: ${{needs.generate-build-number.outputs.version-with-buildnum}}