Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revamp publishing workflow #78

Merged
merged 4 commits into from
Dec 16, 2024
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 47 additions & 22 deletions .github/workflows/publish_pypi.yml
Original file line number Diff line number Diff line change
@@ -1,38 +1,63 @@
name: Build and publish package to PyPI

on:
push:
tags:
- '*'
release:
types: [published]
workflow_dispatch:
inputs:
target:
description: 'Deployment target. Can be "pypi" or "testpypi"'
default: "pypi"
description: 'Deployment target. Can be "pypi" or "testpypi", or blank to skip publishing.'
default: ""

jobs:
publish_pypi:
name: Build wheels on ubuntu-latest
build:
name: Build sdist and wheel
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
agriyakhetarpal marked this conversation as resolved.
Show resolved Hide resolved
- name: Build package
run: python -m build
- name: Publish on PyPI
if: github.event.inputs.target == 'pypi'
run: pipx run build
agriyakhetarpal marked this conversation as resolved.
Show resolved Hide resolved

- name: Upload sdist and wheel artifacts
uses: actions/upload-artifact@v4
with:
name: distributions
path: dist/*

publish:
name: Publish to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
Comment on lines +53 to +54
Copy link
Collaborator Author

@agriyakhetarpal agriyakhetarpal Dec 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This environment would need to be set up in the GitHub and PyPI settings before we are able to publish wheels.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, it would be nice to have more than one reviewer that approves the deployment – the idea is that it should be very hard for someone unauthorised to push to PyPI.

url: https://pypi.org/p/bpx
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
needs: [build]
if: >-
github.event_name == 'release' &&
github.event.action == 'published' ||
github.event_name == 'workflow_dispatch' &&
github.event.inputs.target == 'pypi' ||
github.event.inputs.target == 'testpypi'
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: dist
merge-multiple: true

- name: Upload to PyPI
if: github.event.inputs.target == 'pypi' || github.event_name == 'release' && github.event.action == 'published'
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Publish on TestPyPI
packages-dir: dist
attestations: true
agriyakhetarpal marked this conversation as resolved.
Show resolved Hide resolved

- name: Upload to TestPyPI
if: github.event.inputs.target == 'testpypi'
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
repository_url: https://test.pypi.org/legacy/
repository-url: https://test.pypi.org/legacy/
packages-dir: dist
agriyakhetarpal marked this conversation as resolved.
Show resolved Hide resolved
attestations: true
Loading