Merge pull request #29 from hamnis/dependabot/github_actions/actions/… #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish to PyPI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- 'v*.*.*' | |
jobs: | |
linting: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out source repository | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: Install pip package(s) | |
run: pip install hatch | |
- name: Run black formatter check | |
run: hatch run lint:black --check --verbose src tests | |
- name: Run flake8 linter | |
run: hatch run lint:flake8 | |
- name: Run unit and integrations tests | |
run: hatch run test:pytest --cov=maven_artifact --cov-report=xml --cov-report=html | |
build-and-publish: | |
needs: linting | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
steps: | |
- name: Check out source repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 #full history | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: Install dependencies | |
run: | | |
pip install hatch | |
env: | |
GNUPGHOME: ${{ runner.workspace }}/.gnupg | |
- name: Build package | |
run: hatch build | |
# ! gpg steps are probably not needed since gh-action-pypi-publish is used | |
# - name: Import GPG key | |
# run: echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import --batch --passphrase "${{ secrets.GPG_PASSPHRASE }}" | |
# - name: Sign package | |
# run: | | |
# gpg --batch --yes --detach-sign --armor dist/* | |
# gpg --batch --yes --print-md SHA256 dist/* > dist/*.sha256 | |
- name: Publish distribution 📦 to Test PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
repository-url: https://test.pypi.org/legacy/ | |
sign-artifacts: true | |
skip-existing: true | |
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: Publish distribution 📦 to PyPI | |
if: startsWith(github.ref, 'refs/tags') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
sign-artifacts: true | |
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} |