This project publishes to PyPI from GitHub Actions and can mirror artifacts to GitHub Packages.
The publish workflow supports two authentication paths:
- Trusted publishing (OIDC) via PyPI trusted publisher.
- API token fallback via repository secret
PYPI_API_TOKEN.
If PYPI_API_TOKEN is set, it is used first. Otherwise the workflow uses trusted publishing.
The publish workflow includes a GitHub Packages (Python) upload step using the repository GITHUB_TOKEN.
- repository URL:
https://pypi.pkg.github.com/<OWNER>/ - install index URL:
https://pypi.pkg.github.com/<OWNER>/simple/
- Create the project on PyPI (if it does not exist yet).
- In PyPI project settings, configure a trusted publisher:
- Owner:
ychampion - Repository:
codeclaw - Workflow:
.github/workflows/publish.yml - Environment:
pypi
- Owner:
- Ensure this GitHub repo has an environment named
pypi.
If you are not using trusted publishing:
- Create a PyPI API token scoped to the
codeclawproject. - Add GitHub Actions secret
PYPI_API_TOKENin this repository.
- Validate locally:
python -m pytest -qpython -m buildpython -m twine check dist/*python -m codeclaw --help
- Create and push tag:
git tag -a vX.Y.Z -m "CodeClaw vX.Y.Z"git push origin vX.Y.Z
- GitHub Actions
publish.ymlruns on tag push and uploads artifacts to PyPI.
If publish fails with invalid-publisher, trusted publisher claims do not match PyPI settings.
Expected claims for this repo:
- repository:
ychampion/codeclaw - workflow:
.github/workflows/publish.yml - environment:
pypi
For debugging, note that workflow_ref differs by trigger:
- tag publish:
ychampion/codeclaw/.github/workflows/publish.yml@refs/tags/vX.Y.Z... - manual dispatch from
main:ychampion/codeclaw/.github/workflows/publish.yml@refs/heads/main