chore(ci): 注释说明 PyPI 发布使用 PYPI_PASSWORD Secret #58
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | ||
|
Check failure on line 1 in .github/workflows/release.yml
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - beta | ||
| workflow_dispatch: | ||
| inputs: | ||
| ref: | ||
| description: Git ref to build (tag/sha/branch). Leave empty to use current. | ||
| required: false | ||
| default: "" | ||
| permissions: | ||
| contents: write | ||
| jobs: | ||
| release: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| released: ${{ steps.semantic.outputs.released }} | ||
| version: ${{ steps.semantic.outputs.version }} | ||
| tag: ${{ steps.semantic.outputs.tag }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Python Semantic Release | ||
| id: semantic | ||
| if: github.event_name == 'push' | ||
| uses: python-semantic-release/python-semantic-release@master | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| publish-npm: | ||
| needs: release | ||
| runs-on: ubuntu-latest | ||
| if: ((github.event_name == 'push' && needs.release.outputs.released == 'true') || github.event_name == 'workflow_dispatch') && hashFiles('package.json') != '' | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ inputs.ref || needs.release.outputs.tag || github.sha }} | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "20" | ||
| registry-url: "https://registry.npmjs.org" | ||
| - name: Publish to npm | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: npm publish --access public | ||
| publish-pypi: | ||
| needs: release | ||
| runs-on: ubuntu-latest | ||
| if: (github.event_name == 'push' && needs.release.outputs.released == 'true') || github.event_name == 'workflow_dispatch' | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ inputs.ref || needs.release.outputs.tag || github.sha }} | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.11" | ||
| # 按 CHANGELOG 刷新 docs/releases/ 下的版本说明(与仓库 scripts/、secbot_agent/ 结构无关,在仓库根目录执行即可) | ||
| - name: Refresh versioned release docs | ||
| run: | | ||
| python -m utils.release_docs version-docs --changelog CHANGELOG.md --output-dir docs/releases | ||
| - name: Build package | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| python -m pip install build twine | ||
| python -m build | ||
| python -m twine check dist/* | ||
| # 仓库 Settings → Secrets:PYPI_PASSWORD = PyPI 上创建的 API token 字符串(勿用 .pypirc) | ||
| - name: Upload to PyPI | ||
| env: | ||
| TWINE_USERNAME: __token__ | ||
| TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | ||
| run: | | ||
| python -m twine upload --non-interactive --skip-existing dist/* | ||
