Skip to content
This repository has been archived by the owner on Sep 24, 2024. It is now read-only.

Adds first PyPI publishing workflow #10

Adds first PyPI publishing workflow

Adds first PyPI publishing workflow #10

Workflow file for this run

name: Publish Python 🐍 distribution πŸ“¦ to PyPI and TestPyPI
on:
push:
tags:
- "v*"
pull_request:
branches:
- "main"
- "dev"
- "release/v[0-9].[0-9]"
workflow_dispatch:
jobs:
build:
name: Build distribution πŸ“¦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
publish-to-testpypi:
name: >-
Publish Python 🐍 distribution πŸ“¦ to PyPI
needs:
- build
runs-on: ubuntu-latest
env:
POETRY_PYPI_TOKEN_TESTPYPI: ${{ secrets.PYPI_TEST_KEY }}
POETRY_PYPI_TOKEN: ${{ secrets.PYPI_KEY }}
steps:
- uses: actions/checkout@v4
- name: prepare with poetry
run: |
export VENV_PATH="$HOME/venv"
python3 -m venv $VENV_PATH
$VENV_PATH/bin/pip install -U pip setuptools
$VENV_PATH/bin/pip install poetry
export POETRY="$VENV_PATH/bin/poetry"
cd "$GITHUB_WORKSPACE"
$POETRY config repositories.testpypi https://test.pypi.org/legacy/
$POETRY publish --repository testpypi --build
github-release:
name: >-
Sign the Python 🐍 distribution πŸ“¦ with Sigstore
and upload them to GitHub Release
needs:
- publish-to-testpypi
runs-on: ubuntu-latest
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'