From 5f63b537696f4e648fecfee7bc4dd78a4129b6fd Mon Sep 17 00:00:00 2001 From: Justin Mayer Date: Sun, 2 Jul 2023 16:24:45 +0200 Subject: [PATCH] Upload package in CI via PyPI trusted publisher --- .github/workflows/main.yml | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ba310ef..045dd9a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -46,10 +46,10 @@ jobs: with: retry: true - - name: Install poetry + - name: Install Poetry run: pipx install poetry - - name: Setup Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.9" @@ -64,6 +64,7 @@ jobs: - name: Run linters run: poetry run invoke lint --diff + deploy: name: Deploy environment: Deployment @@ -71,31 +72,37 @@ jobs: runs-on: ubuntu-latest if: github.ref=='refs/heads/main' && github.event_name!='pull_request' + permissions: + contents: write + id-token: write + steps: - uses: actions/checkout@v3 + with: + token: ${{ secrets.GH_TOKEN }} - - name: Setup Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.9" - name: Check release id: check_release - continue-on-error: true run: | python -m pip install --upgrade pip - python -m pip install poetry githubrelease httpx==0.16.1 autopub + python -m pip install autopub[github] autopub check - name: Publish - if: steps.check_release.outcome=='success' + if: ${{ steps.check_release.outputs.autopub_release=='true' }} env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }} run: | - git remote set-url origin https://$GITHUB_TOKEN@github.com/${{ github.repository }} autopub prepare - poetry build autopub commit + autopub build autopub githubrelease - poetry publish -u __token__ -p $PYPI_PASSWORD + + - name: Upload package to PyPI + if: ${{ steps.check_release.outputs.autopub_release=='true' }} + uses: pypa/gh-action-pypi-publish@release/v1