Publish Python Package #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Python Package | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| workflow_dispatch: | |
| inputs: | |
| repository: | |
| description: "Target index for publish" | |
| required: true | |
| default: testpypi | |
| type: choice | |
| options: | |
| - testpypi | |
| - pypi | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build Distribution Artifacts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out source | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Validate tag matches pyproject version | |
| if: github.event_name == 'push' | |
| run: | | |
| PYTHONPATH=src python -m agentrules.core.utils.release_metadata \ | |
| --tag "${GITHUB_REF_NAME}" | |
| - name: Guard manual PyPI publish to tagged refs only | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.repository == 'pypi' | |
| run: | | |
| if [ "${GITHUB_REF_TYPE}" != "tag" ]; then | |
| echo "Manual PyPI publish must run from a tag ref (vX.Y.Z)." | |
| exit 1 | |
| fi | |
| PYTHONPATH=src python -m agentrules.core.utils.release_metadata \ | |
| --tag "${GITHUB_REF_NAME}" | |
| - name: Install build tooling | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install --upgrade build twine | |
| - name: Build sdist and wheel | |
| run: python -m build | |
| - name: Check built metadata | |
| run: python -m twine check dist/* | |
| - name: Upload distribution artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-dist | |
| path: dist/* | |
| publish-testpypi: | |
| name: Publish to TestPyPI | |
| needs: build | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.repository == 'testpypi' | |
| runs-on: ubuntu-latest | |
| environment: testpypi | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-dist | |
| path: dist | |
| - name: Publish package distributions to TestPyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| packages-dir: dist | |
| publish-pypi: | |
| name: Publish to PyPI | |
| needs: build | |
| if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.repository == 'pypi') | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-dist | |
| path: dist | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist |