Skip to content

Commit

Permalink
Revamp publishing workflow (#78)
Browse files Browse the repository at this point in the history 
* Revamp publishing workflow

* Add condition for PyPI push

* attestations are now enabled by default

Co-authored-by: Saransh Chopra <[email protected]>

* Inspect sdist + wheel, pin actions to hashes

---------

Co-authored-by: Saransh Chopra <[email protected]>
  • Loading branch information
@agriyakhetarpal @Saransh-cpp
agriyakhetarpal and Saransh-cpp authored Dec 16, 2024
1 parent 977f137 commit 67ecc95
Showing 1 changed file with 68 additions and 23 deletions.
91 changes: 68 additions & 23 deletions .github/workflows/publish_pypi.yml
View file
Original file line number Diff line number Diff line change
@@ -1,38 +1,83 @@
name: Build and publish package to PyPI

on:
push:
tags:
- '*'
release:
types: [published]
workflow_dispatch:
inputs:
target:
description: 'Deployment target. Can be "pypi" or "testpypi"'
default: "pypi"
description: 'Deployment target. Can be "pypi" or "testpypi", or left as blank to skip publishing. Default is blank.'
default: ""

jobs:
publish_pypi:
name: Build wheels on ubuntu-latest
build:
name: Build sdist and wheel
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: 3.8
- name: Install dependencies
python-version: "3.x"

- name: Build distributions
run: pipx run build

- name: Build, inspect, and display contents of distributions
shell: bash
run: |
python -m pip install --upgrade pip
pip install build
- name: Build package
run: python -m build
- name: Publish on PyPI
if: github.event.inputs.target == 'pypi'
uses: pypa/gh-action-pypi-publish@release/v1
mkdir -p output/sdist
tar -xf dist/*.tar.gz -C output/sdist
echo -e '## View source distribution (SDist) contents\n' >> $GITHUB_STEP_SUMMARY
echo -e '```\n' >> $GITHUB_STEP_SUMMARY
(cd output/sdist && tree -a * | sed 's/^/ /' | tee -a $GITHUB_STEP_SUMMARY)
echo -e '\n```\n' >> $GITHUB_STEP_SUMMARY
mkdir -p output/wheel
pipx run wheel unpack dist/*.whl -d output/wheel
echo -e '## View binary distribution (wheel) contents\n' >> $GITHUB_STEP_SUMMARY
echo -e '```\n' >> $GITHUB_STEP_SUMMARY
(cd output/wheel && tree -a * | sed 's/^/ /' | tee -a $GITHUB_STEP_SUMMARY)
echo -e '\n```\n' >> $GITHUB_STEP_SUMMARY
- name: Upload sdist and wheel artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Publish on TestPyPI
name: distributions
path: dist/*

publish:
name: Publish to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/bpx
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
needs: [build]
if: >-
github.event_name == 'release' &&
github.event.action == 'published' ||
github.event_name == 'workflow_dispatch' &&
github.event.inputs.target == 'pypi' ||
github.event.inputs.target == 'testpypi'
steps:
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: dist
merge-multiple: true

- name: Upload to PyPI
if: github.event.inputs.target == 'pypi' || github.event_name == 'release' && github.event.action == 'published'
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
with:
packages-dir: dist

- name: Upload to TestPyPI
if: github.event.inputs.target == 'testpypi'
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
with:
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
repository_url: https://test.pypi.org/legacy/
repository-url: https://test.pypi.org/legacy/
packages-dir: dist

0 comments on commit 67ecc95

Please sign in to comment.