Publish libeCalc package to PyPI #167
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish libeCalc package to PyPI | |
| on: | |
| workflow_run: | |
| workflows: [release-please] | |
| types: | |
| - completed | |
| # Note! We cannot trigger on published event, since that can only be triggered when done manually (or with a | |
| # separate PAT token, not the standard GITHUB_TOKEN), and we want to use the standard GITHUB_TOKEN). | |
| # Therefore we trigger this workflow independently, after the trigger-publish workflow has run, in | |
| # order for this workflow to be the owner of the PyPI publishing job, and can be verified. This limits | |
| # us to only allow this workflow to be allowed to publish to PyPI trustedly. | |
| workflow_dispatch: # Trigger manually, if needed. | |
| # NOTE!: When using Trusted Publishing to PyPI, we cannot do that from within a reusable workflow, therefore | |
| # we make it independent, and trigger it with published event from release-please workflow, instead of calling explicitly. | |
| permissions: {} | |
| jobs: | |
| check-release-created: # Parses JSON file from release-please workflow to see if a release was created | |
| permissions: | |
| actions: read # to dl artifacts from triggering workflow | |
| contents: read | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Download release-please outputs | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: release-please-outputs | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: list contents | |
| run: ls -al | |
| - name: echo artifact | |
| run: cat outputs.json | jq . | |
| - name: Output release created | |
| id: release-created | |
| run: | | |
| echo "release_created=$(cat outputs.json | jq -r '.release_created')" >> $GITHUB_OUTPUT | |
| outputs: | |
| release-created: ${{ steps.release-created.outputs.release_created }} | |
| publish-libecalc-to-pypi: | |
| needs: check-release-created | |
| if: ${{ needs.check-release-created.outputs.release-created == 'true' }} | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/project/libecalc/ | |
| #name: testpypi | |
| #url: https://test.pypi.org/p/libecalc # NOTE: If/when we need to test publishing etc to PyPI, we can use Test PyPI | |
| permissions: | |
| id-token: write # Required for Trusted Publishing to PyPI, the pypa action uses this | |
| contents: read | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| # NOTE: Make sure we publish from the main branch, not the triggering ref | |
| ref: ${{ github.event.repository.default_branch }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python | |
| run: uv python install | |
| - name: Install the project | |
| run: uv sync --locked --all-extras --dev | |
| - name: Build the libecalc package (wheel and sdist by default) | |
| run: uv build | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| # repository-url: https://test.pypi.org/legacy/ # NOTE: Only needed to specify for Test PyPI | |
| packages-dir: dist/ |