-
Notifications
You must be signed in to change notification settings - Fork 6
118 lines (105 loc) · 3.54 KB
/
python-publish.yml
File metadata and controls
118 lines (105 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# This workflow will upload a Python Package to PyPI when a release is created
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
name: Upload Python Package
on:
workflow_run:
workflows: ["CI"]
types: [completed]
branches:
- 'v[0-9]*'
concurrency:
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref_name }}
cancel-in-progress: false
permissions:
contents: read
jobs:
release-build:
runs-on: ubuntu-latest
# Only run if CI succeeded AND it was a tag push.
# Exclude PRs to avoid accidental triggers/publishing.
if: |
github.event_name == 'workflow_run' &&
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event != 'pull_request' &&
github.event.workflow_run.event == 'push' &&
startsWith(github.event.workflow_run.head_branch, 'v') &&
github.event.workflow_run.head_repository.full_name == github.repository
permissions:
contents: read
id-token: write
attestations: write
outputs:
is_stable: ${{ steps.check_version.outputs.is_stable }}
version: ${{ steps.check_version.outputs.version }}
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
- name: Check version type
id: check_version
run: |
VERSION=${{ github.event.workflow_run.head_branch }}
echo "version=${VERSION#v}" >> $GITHUB_OUTPUT
# Regex for stable release: vX.Y.Z
if [[ $VERSION =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "is_stable=true" >> $GITHUB_OUTPUT
else
echo "is_stable=false" >> $GITHUB_OUTPUT
fi
- name: Set up uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
- name: Build release distributions
run: uv build --wheel --sdist
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v4
with:
subject-path: "dist/*"
- name: Upload distributions
uses: actions/upload-artifact@v7
with:
name: release-dists
path: dist/
pypi-publish:
runs-on: ubuntu-latest
needs:
- release-build
if: needs.release-build.outputs.is_stable == 'true'
permissions:
id-token: write
environment:
name: pypi
url: https://pypi.org/project/PyStormTracker/${{ needs.release-build.outputs.version }}
steps:
- name: Retrieve release distributions
uses: actions/download-artifact@v8
with:
name: release-dists
path: dist/
- name: Publish release distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages-dir: dist/
test-pypi-publish:
runs-on: ubuntu-latest
needs:
- release-build
if: needs.release-build.outputs.is_stable == 'false'
permissions:
id-token: write
environment:
name: testpypi
url: https://test.pypi.org/project/PyStormTracker/${{ needs.release-build.outputs.version }}
steps:
- name: Retrieve release distributions
uses: actions/download-artifact@v8
with:
name: release-dists
path: dist/
- name: Publish release distributions to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
packages-dir: dist/