From 8d2a2417bc749097cc3e17a3a5aed39f8846983d Mon Sep 17 00:00:00 2001
From: MarkoSagadin <marko.sagadin42@gmail.com>
Date: Thu, 7 Nov 2024 09:05:05 +0100
Subject: [PATCH] infra: make publish-release workflow non-reusable

This seems to be needed to make sure that trusted publishing (see below
link) works properly, since the readme says that it can't work from an
reusable workflow.

I ran into this issue when trying to build the release, the
publish-release workflow was failing with a big amount of text:
https://github.com/IRNAS/irnas-east-software/actions/runs/11718734433/job/32640627624

Relevant issues that helped to get a sense of what is happening:
https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing
https://github.com/pypi/warehouse/issues/11096
https://github.com/pypa/gh-action-pypi-publish/issues/166
---
 .github/workflows/create-release.yaml  | 52 +++++++++++++++++++++--
 .github/workflows/publish-release.yaml | 59 --------------------------
 2 files changed, 48 insertions(+), 63 deletions(-)
 delete mode 100644 .github/workflows/publish-release.yaml

diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
index 8fa4677..4544fe5 100644
--- a/.github/workflows/create-release.yaml
+++ b/.github/workflows/create-release.yaml
@@ -59,11 +59,55 @@ jobs:
     with:
       checkout_ref: ${{ inputs.version }}
 
-  call-publish-release:
+  publish-new-release:
     needs: call-build
-    uses: ./.github/workflows/publish-release.yaml
-    with:
-      release_version: ${{ inputs.version }}
+    runs-on: ubuntu-22.04
+    environment:
+      name: pypi
+      url: https://pypi.org/p/east-tool
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+      contents: write
+
+    steps:
+      - name: Start
+        run: |
+          version_cut=$(echo "${{ inputs.version }}" | cut -c 2-)
+          echo "release_version=${{ inputs.version }}" >> $GITHUB_ENV
+          echo "release_version_cut=$version_cut" >> $GITHUB_ENV
+
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.release_version }}
+
+      - name: Get latest Changelog entry
+        id: changelog-reader
+        uses: mindsers/changelog-reader-action@v2.2.3
+        with:
+          version: ${{ env.release_version_cut }}
+
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+      # You wonder how there isn't any token? east is configured to use OIDC,
+      # check on pypi under Publishing section what is that.
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Publish Release
+        if: ${{ !env.ACT }}
+        uses: softprops/action-gh-release@v2.0.9
+        with:
+          files: dist/*
+          tag_name: ${{ env.release_version }}
+          body: |
+            # Release notes
+
+            ${{ steps.changelog-reader.outputs.changes }}
 
   cleanup-on-failure:
     # Only run cleanup if either call-build or call-publish-release fail.
diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml
deleted file mode 100644
index 00ebe37..0000000
--- a/.github/workflows/publish-release.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-name: "Publish Release"
-
-on:
-  workflow_call:
-    inputs:
-      release_version:
-        required: true
-        type: string
-
-jobs:
-  publish-new-release:
-    runs-on: ubuntu-22.04
-    environment:
-      name: pypi
-      url: https://pypi.org/p/east-tool
-    permissions:
-      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
-      contents: write
-    # runs-on: self-hosted
-
-    steps:
-      - name: Start
-        run: |
-          version_cut=$(echo "${{ inputs.release_version }}" | cut -c 2-)
-          echo "release_version=${{ inputs.release_version }}" >> $GITHUB_ENV
-          echo "release_version_cut=$version_cut" >> $GITHUB_ENV
-
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.release_version }}
-
-      - name: Get latest Changelog entry
-        id: changelog-reader
-        uses: mindsers/changelog-reader-action@v2.2.3
-        with:
-          version: ${{ env.release_version_cut }}
-
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: dist
-          path: dist
-
-      # You wonder how there isn't any token? east is configured to use OIDC,
-      # check on pypi under Publishing section what is that.
-      - name: Publish distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-
-      - name: Publish Release
-        if: ${{ !env.ACT }}
-        uses: softprops/action-gh-release@v2.0.9
-        with:
-          files: dist/*
-          tag_name: ${{ env.release_version }}
-          body: |
-            # Release notes
-
-            ${{ steps.changelog-reader.outputs.changes }}