-
Notifications
You must be signed in to change notification settings - Fork 7
115 lines (98 loc) · 3.5 KB
/
pypi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Publish archives to PyPI and TestPyPI using GitHub Actions.
#
# NOTE: Pin actions to a specific commit to avoid having the authentication
# token stolen if the Action is compromised. See the comments and links here:
# https://github.com/pypa/gh-action-pypi-publish/issues/27
#
name: pypi
# Only run for pushes to the main branch and releases.
on:
pull_request:
push:
branches:
- main
release:
types:
- published
# Use bash by default in all jobs
defaults:
run:
shell: bash
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE
- name: Checkout
uses: actions/checkout@v4
with:
# Need to fetch more than the last commit so that setuptools_scm can
# create the correct version string. If the number of commits since
# the last release is greater than this, the version will still be
# wrong. Increase if necessary.
fetch-depth: 100
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Need the tags so that setuptools-scm can form a valid version number
- name: Fetch git tags
run: git fetch origin 'refs/tags/*:refs/tags/*'
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install requirements
run: python -m pip install -r env/requirements-build.txt
- name: List installed packages
run: python -m pip freeze
- name: Build source and wheel distributions
run: |
make build
echo ""
echo "Generated files:"
ls -lh dist/
- name: Check the archives
run: twine check dist/*
# Store the archives as a build artifact so we can deploy them later
- name: Upload archives as artifacts
# Only if not a pull request
if: success() && github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
publish:
runs-on: ubuntu-latest
needs: build
# Only publish from the origin repository, not forks
if: github.repository_owner == 'fatiando' && github.event_name != 'pull_request'
environment: pypi
permissions:
# This permission allows trusted publishing to PyPI (without an API token)
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Fetch the built archives from the "build" job
- name: Download built archives artifact
uses: actions/download-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
- name: Publish to Test PyPI
# Only publish to TestPyPI when a PR is merged (pushed to main)
if: success() && github.event_name == 'push'
uses: pypa/[email protected]
with:
repository_url: https://test.pypi.org/legacy/
# Allow existing releases on test PyPI without errors.
# NOT TO BE USED in PyPI!
skip_existing: true
- name: Publish to PyPI
# Only publish to PyPI when a release triggers the build
if: success() && github.event_name == 'release'
uses: pypa/[email protected]