Upload Python Package #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upload Python Package | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| commit: | |
| description: "Commit to build from" | |
| required: true | |
| default: "main" | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up uv and Python | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| enable-cache: true | |
| python-version: "3.13" | |
| cache-dependency-glob: "pyproject.toml" | |
| - name: Install python packages | |
| run: | | |
| uv sync | |
| - name: Build a binary wheel and a source tarball | |
| run: | | |
| uv build --sdist --wheel --out-dir dist | |
| - name: Publish build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pypi-dists | |
| path: "./dist" | |
| pypi-publish: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - release-build | |
| permissions: | |
| # IMPORTANT: this permission is mandatory for trusted publishing | |
| id-token: write | |
| # Dedicated environments with protections for publishing are strongly recommended. | |
| # For more information, see: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules | |
| environment: | |
| name: pypi | |
| # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: | |
| # url: https://pypi.org/p/YOURPROJECT | |
| # | |
| # ALTERNATIVE: if your GitHub Release name is the PyPI project version string | |
| # ALTERNATIVE: exactly, uncomment the following line instead: | |
| # url: https://pypi.org/project/YOURPROJECT/${{ github.event.release.name }} | |
| steps: | |
| - name: Retrieve release distributions | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pypi-dists | |
| path: dist/ | |
| - name: Publish release distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist/ | |
| github-release: | |
| name: >- | |
| Sign the Python 🐍 distribution 📦 with Sigstore | |
| and upload them to GitHub Release | |
| needs: | |
| - pypi-publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: Download all the dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pypi-dists | |
| path: dist/ | |
| - name: Sign the dists with Sigstore | |
| uses: sigstore/[email protected] | |
| with: | |
| inputs: >- | |
| ./dist/*.tar.gz | |
| ./dist/*.whl | |
| - name: Create GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: >- | |
| gh release create | |
| "$GITHUB_REF_NAME" | |
| --repo "$GITHUB_REPOSITORY" | |
| --notes "" | |
| - name: Upload artifact signatures to GitHub Release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # Upload to GitHub Release using the `gh` CLI. | |
| # `dist/` contains the built packages, and the | |
| # sigstore-produced signatures and certificates. | |
| run: >- | |
| gh release upload | |
| "$GITHUB_REF_NAME" dist/** | |
| --repo "$GITHUB_REPOSITORY" |