| # Adapted from https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ |
| |
| name: Publish to PyPI |
| on: push |
| permissions: |
| contents: read |
| |
| jobs: |
| |
| build: |
| name: Build distribution |
| runs-on: ubuntu-latest |
| |
| steps: |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| - name: Set up Python |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 |
| with: |
| python-version: "3.x" |
| - name: Install pypa/build |
| run: python3 -m pip install build --user |
| - name: Build a binary wheel and a source tarball |
| run: python3 -m build |
| - name: Store the distribution packages |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 |
| with: |
| name: python-package-distributions |
| path: dist/ |
| |
| publish-to-pypi: |
| name: >- |
| Publish to PyPI |
| if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes |
| needs: |
| - build |
| runs-on: ubuntu-latest |
| environment: |
| name: pypi |
| url: https://pypi.org/p/idna # Replace <package-name> with your PyPI project name |
| permissions: |
| id-token: write # IMPORTANT: mandatory for trusted publishing |
| |
| steps: |
| - name: Download all the dists |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 |
| with: |
| name: python-package-distributions |
| path: dist/ |
| - name: Publish distribution to PyPI |
| uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 |
| |
| github-release: |
| name: Sign and upload GitHub Release |
| needs: |
| - publish-to-pypi |
| runs-on: ubuntu-latest |
| |
| permissions: |
| contents: write # IMPORTANT: mandatory for making GitHub Releases |
| id-token: write # IMPORTANT: mandatory for sigstore |
| |
| steps: |
| - name: Download the dists |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 |
| with: |
| name: python-package-distributions |
| path: dist/ |
| - name: Sign with Sigstore |
| uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0 |
| with: |
| inputs: >- |
| ./dist/*.tar.gz |
| ./dist/*.whl |
| - name: Create GitHub Release |
| env: |
| GITHUB_TOKEN: ${{ github.token }} |
| run: >- |
| gh release create |
| '${{ github.ref_name }}' |
| --repo '${{ github.repository }}' |
| --notes "" |
| - name: Upload artifact signatures to GitHub Release |
| env: |
| GITHUB_TOKEN: ${{ github.token }} |
| # Upload to GitHub Release using the `gh` CLI. |
| # `dist/` contains the built packages, and the |
| # sigstore-produced signatures and certificates. |
| run: >- |
| gh release upload |
| '${{ github.ref_name }}' dist/** |
| --repo '${{ github.repository }}' |
| |
| publish-to-testpypi: |
| name: Publish to Test PyPI |
| needs: |
| - build |
| runs-on: ubuntu-latest |
| |
| environment: |
| name: testpypi |
| url: https://test.pypi.org/p/idna |
| |
| permissions: |
| id-token: write # IMPORTANT: mandatory for trusted publishing |
| |
| steps: |
| - name: Download all the dists |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 |
| with: |
| name: python-package-distributions |
| path: dist/ |
| - name: Publish distribution to TestPyPI |
| uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 |
| with: |
| verbose: true |
| print-hash: true |
| repository-url: https://test.pypi.org/legacy/ |
| skip-existing: true |
