From 7585471432f4872bc80164383e0c634d160aa352 Mon Sep 17 00:00:00 2001 From: Eric Berquist Date: Thu, 15 Feb 2024 09:48:05 -0500 Subject: [PATCH] start package publishing workflow --- .github/dependabot.yml | 3 +- .github/workflows/publish.yml | 120 ++++++++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e69d8ff..0f2aa23 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,8 +8,7 @@ updates: - package-ecosystem: pip directory: "/" schedule: - interval: daily - time: "10:00" + interval: weekly allow: - dependency-type: direct - dependency-type: indirect diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..046a814 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,120 @@ +--- +name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI + +# yamllint disable-line rule:truthy +on: push + +jobs: + build: + name: Build distribution 📦 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + - name: Install pypa/build + run: >- + python3 -m + pip install + build + --user + - name: Build a binary wheel and a source tarball + run: python3 -m build + - name: Store the distribution packages + uses: actions/upload-artifact@v3 + with: + name: python-package-distributions + path: dist/ + + # publish-to-pypi: + # name: >- + # Publish Python 🐍 distribution 📦 to PyPI + # # only publish to PyPI on tag pushes + # if: startsWith(github.ref, 'refs/tags/v') + # needs: + # - build + # runs-on: ubuntu-latest + # environment: + # name: pypi + # url: https://pypi.org/p/pyresponse + # permissions: + # id-token: write # IMPORTANT: mandatory for trusted publishing + + # steps: + # - name: Download all the dists + # uses: actions/download-artifact@v3 + # with: + # name: python-package-distributions + # path: dist/ + # - name: Publish distribution 📦 to PyPI + # uses: pypa/gh-action-pypi-publish@release/v1 + + # github-release: + # name: >- + # Sign the Python 🐍 distribution 📦 with Sigstore + # and upload them to GitHub Release + # needs: + # - publish-to-pypi + # runs-on: ubuntu-latest + + # permissions: + # contents: write # IMPORTANT: mandatory for making GitHub Releases + # id-token: write # IMPORTANT: mandatory for sigstore + + # steps: + # - name: Download all the dists + # uses: actions/download-artifact@v3 + # with: + # name: python-package-distributions + # path: dist/ + # - name: Sign the dists with Sigstore + # uses: sigstore/gh-action-sigstore-python@v1.2.3 + # with: + # inputs: >- + # ./dist/*.tar.gz + # ./dist/*.whl + # - name: Create GitHub Release + # env: + # GITHUB_TOKEN: ${{ github.token }} + # run: >- + # gh release create + # '${{ github.ref_name }}' + # --repo '${{ github.repository }}' + # --notes "" + # - name: Upload artifact signatures to GitHub Release + # env: + # GITHUB_TOKEN: ${{ github.token }} + # # Upload to GitHub Release using the `gh` CLI. + # # `dist/` contains the built packages, and the + # # sigstore-produced signatures and certificates. + # run: >- + # gh release upload + # '${{ github.ref_name }}' dist/** + # --repo '${{ github.repository }}' + + publish-to-testpypi: + name: Publish Python 🐍 distribution 📦 to TestPyPI + needs: + - build + runs-on: ubuntu-latest + + environment: + name: testpypi + url: https://test.pypi.org/p/pyresponse + + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + + steps: + - name: Download all the dists + uses: actions/download-artifact@v3 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/