-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (117 loc) Β· 3.79 KB
/
publish-pypi.yaml
File metadata and controls
132 lines (117 loc) Β· 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# .github/workflows/publish-pypi.yml
# uses trusted publishing to publish the package to PyPI and create a GitHub
# release as described here:
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
name: Publish to TestPyPI and PyPI and create GitHub release
on:
push:
tags:
# only run workflow for tags in release format
- "v[0-9]+.[0-9]+.[0-9]+"
branches:
- main
permissions:
contents: read
jobs:
build:
name: Build distribution π¦
runs-on: ubuntu-latest
steps:
- name: Checkout ποΈ
uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python π
uses: actions/setup-python@v6
- name: Install uv π
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #v7.6.0
with:
version: "0.9.16"
- name: Build package for distribution π οΈ
run: |
uv build
- name: Upload distribution packages π€
uses: actions/upload-artifact@v7
with:
name: package-distribution
path: dist/
publish-to-pypi:
name: Publish Python distribution to PyPI
# publish only on tag pushes that aren't part of a scheduled workflow run
if: startsWith(github.ref, 'refs/tags/') && github.event_name != 'schedule'
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/pyprefab
permissions:
id-token: write # needed for trusted publishing (i.e., OIDC)
steps:
- name: Download distribution artifacts π₯
uses: actions/download-artifact@v8
with:
name: package-distribution
path: dist/
- name: Publish distribution to PyPI π
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e #v1.13.0
github-release:
name: >-
Sign the Python distributions with Sigstore
and upload them to GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest
permissions:
contents: write # required for creating GitHub Releases
id-token: write # required for sigstore
steps:
- name: Download distribution artifacts π₯
uses: actions/download-artifact@v8
with:
name: package-distribution
path: dist/
- name: Sign the dists with Sigstore π
uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d #v3.2.0
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release π οΈ
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
"$GITHUB_REF_NAME"
--repo "$GITHUB_REPOSITORY"
- name: Upload artifact signatures to GitHub Release π€
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
"$GITHUB_REF_NAME" dist/**
--repo "$GITHUB_REPOSITORY"
publish-to-testpypi:
name: Publish Python distribution to test PyPI
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi-test
url: https://test.pypi.org/p/pyprefab
permissions:
id-token: write # needed for trusted publishing (i.e., OIDC)
steps:
- name: Download distribution artifacts π₯
uses: actions/download-artifact@v8
with:
name: package-distribution
path: dist/
- name: Publish distribution to test PyPI π
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e #v1.13.0
with:
repository-url: https://test.pypi.org/legacy/