dependencies: (deps): bump the actions group across 1 directory with 6 updates #149
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to PyPI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| release: | |
| types: [published] | |
| jobs: | |
| # Setup build separate from publish for added security | |
| # See https://github.com/pypa/gh-action-pypi-publish/issues/217#issuecomment-1965727093 | |
| build: | |
| runs-on: ubuntu-latest | |
| # Environment is encouraged for increased security | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 | |
| with: | |
| # This fetch element is only important if you are use SCM based | |
| # versioning (that looks at git tags to gather the version). | |
| # setuptools-scm needs tags to form a valid version number | |
| fetch-tags: true | |
| - name: Setup Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| # You can modify what version of Python you want to use for your release | |
| python-version: "3.11" | |
| - name: Install hatch | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install hatch twine | |
| - name: Build package using Hatch | |
| run: | | |
| hatch build --clean | |
| twine check dist/* | |
| echo "" | |
| echo "Generated files:" | |
| ls -lh dist/ | |
| # Store an artifact of the build to use in the publish step below | |
| - name: Store the distribution packages | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| if-no-files-found: error | |
| publish: | |
| name: >- | |
| Publish Python 🐍 distribution 📦 to PyPI | |
| # Only publish to PyPI with a release trigger in your repository. | |
| if: github.repository_owner == '' && github.event_name == 'release' | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| # Environment required here for trusted publisher | |
| environment: | |
| name: pypi | |
| # Modify the url to be the name of your package | |
| url: https://pypi.org/p/csvplus | |
| permissions: | |
| id-token: write # this permission is mandatory for PyPI publishing | |
| steps: | |
| - name: Download dists | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| merge-multiple: true | |
| - name: Publish package to PyPI | |
| # Only publish to real PyPI on release. This action uses sigstore for additional security. | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b #v1.14.0 |