From 0fa851f25a8a7fdb9f0ea73335d72e492aaa91d0 Mon Sep 17 00:00:00 2001 From: Peter Wagner Date: Thu, 12 Dec 2024 07:59:44 -0500 Subject: [PATCH] reusable workflow: uv -> pypi release --- .github/workflows/py-release-uv.yaml | 60 ++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/py-release-uv.yaml diff --git a/.github/workflows/py-release-uv.yaml b/.github/workflows/py-release-uv.yaml new file mode 100644 index 0000000..5b03c9b --- /dev/null +++ b/.github/workflows/py-release-uv.yaml @@ -0,0 +1,60 @@ +name: Release + +on: + workflow_call: + inputs: + environment: + description: "GitHub environment for the workflow" + type: string + default: "pypi" + +permissions: + # for uploading artifacts to GitHub release + contents: write + + # for trusted publishing and attest-build-provenance + id-token: write + + # for attest-build-provenance + attestations: write + +jobs: + release: + name: Release + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + + steps: + - name: 📥 Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: 🏗️ Setup uv + uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0 + - name: 🏗️ Install Python + run: uv python install + + - name: 🔄 Sync Dependencies + run: uv sync --all-extras --dev + - name: 📦 Build Package + run: uv build + + - name: 🚀 Publish to PyPI + uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + + - name: 🗑️ Clean signable artifacts + run: rm dist/*.publish.attestation + + - name: 🔐 Generate Build Provenance + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + with: + subject-path: "dist/*" + + - name: 📥 Upload to GitHub + run: | + for file in dist/*; do + gh release upload "${GH_VERSION}" "$file" + done + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_VERSION: ${{ github.event.release.tag_name }}