|
1 | | -name: Release |
| 1 | +name: Publish Python 🐍 distribution 📦 to PyPI |
2 | 2 |
|
3 | 3 | on: |
4 | | - release: |
5 | | - types: [created] |
| 4 | + push: |
| 5 | + # Only run this workflow when a tag with the pattern 'v*' is pushed |
| 6 | + tags: |
| 7 | + - 'v*' |
6 | 8 |
|
7 | 9 | jobs: |
8 | | - release: |
9 | | - runs-on: ubuntu-latest |
| 10 | + # Step 1: Build the Python package |
| 11 | + build: |
| 12 | + name: Build distribution 📦 |
| 13 | + runs-on: ubuntu-20.04 |
10 | 14 | steps: |
11 | 15 | - uses: actions/checkout@v4 |
| 16 | + with: |
| 17 | + persist-credentials: false |
12 | 18 |
|
13 | 19 | - name: Set up Python |
14 | 20 | uses: actions/setup-python@v4 |
15 | 21 | with: |
16 | 22 | python-version: '3.7' |
17 | 23 |
|
18 | | - - name: Install dependencies |
| 24 | + - name: Install build dependencies |
19 | 25 | run: | |
20 | 26 | python -m pip install --upgrade pip |
21 | | - pip install build twine wheel |
| 27 | + pip install build pytest |
22 | 28 | pip install -e . |
23 | 29 |
|
24 | 30 | - name: Run tests |
25 | | - run: | |
26 | | - pip install pytest |
27 | | - pytest tests/ |
| 31 | + run: pytest tests/ |
28 | 32 |
|
29 | 33 | - name: Build package |
30 | | - run: | |
31 | | - python -m build |
| 34 | + run: python -m build |
| 35 | + |
| 36 | + - name: Store the distribution packages |
| 37 | + uses: actions/upload-artifact@v4 |
| 38 | + with: |
| 39 | + name: python-package-distributions |
| 40 | + path: dist/ |
| 41 | + |
| 42 | + # Step 2: Publish the distribution to PyPI |
| 43 | + publish-to-pypi: |
| 44 | + name: Publish to PyPI |
| 45 | + needs: build |
| 46 | + runs-on: ubuntu-latest |
| 47 | + |
| 48 | + steps: |
| 49 | + - name: Download distribution packages |
| 50 | + uses: actions/download-artifact@v4 |
| 51 | + with: |
| 52 | + name: python-package-distributions |
| 53 | + path: dist/ |
32 | 54 |
|
33 | 55 | - name: Publish to PyPI |
| 56 | + |
| 57 | + with: |
| 58 | + # If using a secret-based token: |
| 59 | + username: '__token__' |
| 60 | + password: ${{ secrets.PYPI_API_TOKEN }} |
| 61 | + |
| 62 | + # Step 3: Sign the distribution and create a GitHub release |
| 63 | + github-release: |
| 64 | + name: Sign the distribution 📦 with Sigstore and upload to GitHub Release |
| 65 | + needs: publish-to-pypi |
| 66 | + runs-on: ubuntu-latest |
| 67 | + permissions: |
| 68 | + contents: write # Required to create GitHub Releases |
| 69 | + id-token: write # Required for sigstore |
| 70 | + |
| 71 | + steps: |
| 72 | + - name: Download distribution packages |
| 73 | + uses: actions/download-artifact@v4 |
| 74 | + with: |
| 75 | + name: python-package-distributions |
| 76 | + path: dist/ |
| 77 | + |
| 78 | + - name: Sign the dists with Sigstore |
| 79 | + |
| 80 | + with: |
| 81 | + inputs: >- |
| 82 | + ./dist/*.tar.gz |
| 83 | + ./dist/*.whl |
| 84 | +
|
| 85 | + - name: Create GitHub Release |
| 86 | + env: |
| 87 | + GITHUB_TOKEN: ${{ github.token }} |
| 88 | + run: | |
| 89 | + # $GITHUB_REF_NAME is the tag name, e.g. 'v1.0.0' |
| 90 | + gh release create "$GITHUB_REF_NAME" \ |
| 91 | + --repo "$GITHUB_REPOSITORY" \ |
| 92 | + --title "Release $GITHUB_REF_NAME" \ |
| 93 | + --notes "See CHANGELOG for details." |
| 94 | +
|
| 95 | + - name: Upload artifact signatures to GitHub Release |
34 | 96 | env: |
35 | | - TWINE_USERNAME: __token__ |
36 | | - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} |
| 97 | + GITHUB_TOKEN: ${{ github.token }} |
37 | 98 | run: | |
38 | | - twine upload dist/* |
| 99 | + gh release upload "$GITHUB_REF_NAME" dist/** \ |
| 100 | + --repo "$GITHUB_REPOSITORY" |
0 commit comments