Skip to content

Commit

Permalink
Set up trusted publishing pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
stefsmeets committed Jun 17, 2024
1 parent 9b3bdc4 commit ddb98aa
Showing 1 changed file with 49 additions and 6 deletions.
55 changes: 49 additions & 6 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,66 @@ on:
types: [created]

jobs:
build:
fix_release_deps:
permissions: write-all
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Install dependencies
run: |
python -m pip install --upgrade pip pip-tools setuptools
- name: Set configuration
run: |
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
- name: Create requirements files
run: |
python tools/generate_requirements_txt.py
pip-compile -o requirements_full.txt pyproject.toml
git add requirements_full.txt requirements.txt
git commit -m "Updated requirements.txt files" || true
- name: Bump version to new tag
run: |
python -m pip install bump-my-version
bump-my-version bump --new-version $GITHUB_REF_NAME patch
git commit -am "Bump version to: $GITHUB_REF_NAME"
- name: Push back changes to main and tag
run: |
git tag --force $GITHUB_REF_NAME HEAD
git push --force --tags
git switch -C main
git push --set-upstream -f origin main
deploy:
needs: fix_release_deps
runs-on: ubuntu-latest
environment: release
permissions:
# IMPORTANT: this permission is mandatory for trusted publishing
id-token: write

steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.ref_name }}

- uses: actions/setup-python@v4
with:
python-version: '3.12'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -U build setuptools wheel
python -m pip install build setuptools>=61.2 wheel
python -m build --no-isolation
- name: Publish package
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN }}

0 comments on commit ddb98aa

Please sign in to comment.