Skip to content

Build Package

Build Package #2

Workflow file for this run

# Runs the test suite, including intergration and sanity checks - do not
# release to PYPI if anything fails.
# Triggered on tagged release.
# If tests pass, uses hatch to build the distribution, releases with GitHub &
# deploys to PyPI.
name: Build Package
on:
push:
tags:
- v*.*.*
jobs:
build:
name: Integration
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # sha for 4.1.7
- name: Set up Python 3.11
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # sha for 5.1.0
with:
python-version: 3.11
cache: "pip"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install '.[test,dev]'
- name: Install java
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11.0.21'
- name: Check Java Install
run: |
java --version
- name: Run All tests, including integration & sanitycheck
run: |
pytest --runinteg --sanitycheck
- name: Install hatch
run: |
pip install hatch
- name: Build a binary wheel and a source tarball
run: |
hatch build
- name: Store the distribution
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # sha for v4.3.3
with:
name: python-package-distributions
path: ./dist/*
publish-to-pypi:
name: >-
Publish Python 🐍 distribution 📦 to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/assess-gtfs # Replace <package-name> with your PyPI project name
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
contents: write
pages: write
steps:
- name: Download all the dists
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
github-release:
name: >-
Sign the Python 🐍 distribution 📦 with Sigstore
and upload them to GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: Download all the dists
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--notes ""
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'