ci: Soft-removal of Python 3.8 support #909
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| workflow_dispatch: | |
| inputs: | |
| publish: | |
| description: "Publish to PyPI?" | |
| required: true | |
| default: false | |
| type: boolean | |
| tag: | |
| description: "Tag to use for release" | |
| required: true | |
| permissions: read-all | |
| jobs: | |
| build: | |
| name: Build wheel and sdist | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.inputs.tag || github.ref }} | |
| persist-credentials: false | |
| - uses: hynek/build-and-inspect-python-package@f01e4d047aadcc0c054c95ec9900da3ec3fc7a0f # v2.10.0 | |
| upload-to-release: | |
| name: Upload to GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: Packages | |
| path: dist | |
| - uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 | |
| with: | |
| file: dist/** | |
| tag: ${{ github.event.inputs.tag || github.ref }} | |
| overwrite: false | |
| file_glob: true | |
| publish: | |
| name: Publish to PyPI | |
| if: startsWith(github.ref, 'refs/tags/') || github.event.inputs.publish == 'true' | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/citric | |
| permissions: | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: Packages | |
| path: dist | |
| - uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2 | |
| sign: | |
| name: Sign the distribution package | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for attestations | |
| attestations: write # IMPORTANT: mandatory for attestations | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: Packages | |
| path: dist | |
| - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 | |
| id: attest | |
| with: | |
| subject-path: "./dist/citric*" | |
| - uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 | |
| with: | |
| file: ${{ steps.attest.outputs.bundle-path }} | |
| tag: ${{ github.event.inputs.tag || github.ref }} | |
| overwrite: false | |
| asset_name: attestations.intoto.jsonl |