From dc8b09c768bf1ee5eab50a86ee77715bc9a94dae Mon Sep 17 00:00:00 2001 From: Jim Robinson-Bohnslav Date: Sun, 12 Jan 2025 01:26:04 -0500 Subject: [PATCH] update release action --- .github/workflows/release.yml | 92 +++++++++++++++++++++++++++++------ 1 file changed, 77 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 20ee0b3..85aa768 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,38 +1,100 @@ -name: Release +name: Publish Python 🐍 distribution 📦 to PyPI on: - release: - types: [created] + push: + # Only run this workflow when a tag with the pattern 'v*' is pushed + tags: + - 'v*' jobs: - release: - runs-on: ubuntu-latest + # Step 1: Build the Python package + build: + name: Build distribution 📦 + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.7' - - name: Install dependencies + - name: Install build dependencies run: | python -m pip install --upgrade pip - pip install build twine wheel + pip install build pytest pip install -e . - name: Run tests - run: | - pip install pytest - pytest tests/ + run: pytest tests/ - name: Build package - run: | - python -m build + run: python -m build + + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + # Step 2: Publish the distribution to PyPI + publish-to-pypi: + name: Publish to PyPI + needs: build + runs-on: ubuntu-latest + + steps: + - name: Download distribution packages + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@v1.12.3 + with: + # If using a secret-based token: + username: '__token__' + password: ${{ secrets.PYPI_API_TOKEN }} + + # Step 3: Sign the distribution and create a GitHub release + github-release: + name: Sign the distribution 📦 with Sigstore and upload to GitHub Release + needs: publish-to-pypi + runs-on: ubuntu-latest + permissions: + contents: write # Required to create GitHub Releases + id-token: write # Required for sigstore + + steps: + - name: Download distribution packages + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v3.0.0 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + # $GITHUB_REF_NAME is the tag name, e.g. 'v1.0.0' + gh release create "$GITHUB_REF_NAME" \ + --repo "$GITHUB_REPOSITORY" \ + --title "Release $GITHUB_REF_NAME" \ + --notes "See CHANGELOG for details." + + - name: Upload artifact signatures to GitHub Release env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} run: | - twine upload dist/* + gh release upload "$GITHUB_REF_NAME" dist/** \ + --repo "$GITHUB_REPOSITORY"