-
Notifications
You must be signed in to change notification settings - Fork 147
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add PyPI trusted publishing workflow
- Publishes to Test PyPI for every commit to main - Publishes to PyPI for version tags
- Loading branch information
1 parent
38d42de
commit 9289d9d
Showing
1 changed file
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| --- | ||
| name: PyPI package | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| tags: ["v[0-9]+.[0-9]+.[0-9]+*"] | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| attestations: write | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| jobs: | ||
| package: | ||
| name: Build & verify package | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # needed for setuptools_scm version determination | ||
| # HACK: for now, disable local versions so we can push to Test PyPI on main | ||
| - name: Disable local version | ||
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | ||
| run: | | ||
| sed -i '/\[tool\.setuptools_scm\]/a local_scheme = "no-local-version"' pyproject.toml | ||
| git update-index --assume-unchanged pyproject.toml | ||
| - uses: hynek/build-and-inspect-python-package@v2 | ||
| with: | ||
| attest-build-provenance-github: 'true' | ||
|
|
||
| release-test-pypi: | ||
| name: Publish dev package to test.pypi.org | ||
| if: github.repository_owner == 'nickstenning' && github.ref == 'refs/heads/main' | ||
| runs-on: ubuntu-latest | ||
| needs: package | ||
| environment: test-pypi | ||
| steps: | ||
| - name: Download packages | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: Packages | ||
| path: dist | ||
| - name: Upload package to Test PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| repository-url: https://test.pypi.org/legacy/ | ||
|
|
||
| release-pypi: | ||
| name: Publish released package to pypi.org | ||
| if: github.repository_owner == 'nickstenning' && startsWith(github.ref, 'refs/tags/') | ||
| runs-on: ubuntu-latest | ||
| needs: package | ||
| environment: pypi | ||
| steps: | ||
| - name: Download packages | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: Packages | ||
| path: dist | ||
| - name: Upload package to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 |