Use dedicated GitHub Actions job for PyPI

This project uses pypa/gh-action-pypi-publish to publish Python packages to PyPI with an OIDC trusted publisher (6e532c6). pypa/gh-action-pypi-publish is set up as a Docker action referencing the Dockerfile. The downside to using the Dockerfile for the action is that the Docker image must be built every time the action is used. This will hopefully change in the near future if Docker images are pre-built and pushed to a registry (pypa/gh-action-pypi-publish#230). In the meantime, this commit will move related steps to a dedicated GitHub Actions job so that the Docker image is not built every time GitHub Actions jobs run. 6e532c6 https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action https://docs.pypi.org/trusted-publishers/ https://github.com/pypa/gh-action-pypi-publish
br3ndonland · Jul 14, 2024 · d0e973c · d0e973c
1 parent a80ba80
commit d0e973c
Showing 1 changed file with 32 additions and 8 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -30,9 +30,14 @@ jobs:
           else
             environment_name=""
           fi
-          timestamp="$(date -Iseconds)"
-          url="https://api.github.com/repos/${{ github.repository }}/deployments"
-          environment_url="$url?timestamp=$timestamp"
+          if [ "$environment_name" = "PyPI" ]; then
+            url="https://pypi.org/project/${GITHUB_REPOSITORY##*/}/"
+            environment_url="$url$GITHUB_REF_NAME/"
+          else
+            timestamp="$(date -Iseconds)"
+            url="https://api.github.com/repos/$GITHUB_REPOSITORY/deployments"
+            environment_url="$url?timestamp=$timestamp"
+          fi
           echo "environment-name=$environment_name" >>"$GITHUB_OUTPUT"
           echo "environment-url=$environment_url" >>"$GITHUB_OUTPUT"
       - name: Create annotation for deployment environment
@@ -41,9 +46,6 @@ jobs:
   ci:
     runs-on: ubuntu-latest
     needs: [setup]
-    environment:
-      name: ${{ needs.setup.outputs.environment-name }}
-      url: ${{ needs.setup.outputs.environment-url }}&python=${{ matrix.python-version }}
     permissions:
       id-token: write
     strategy:
@@ -130,15 +132,37 @@ jobs:
         run: hatch run ${{ env.HATCH_ENV }}:coverage report
       - name: Build Python package
         run: hatch build
-      - name: Publish Python package to PyPI
+      - name: Upload Python package artifacts
         if: >
           github.ref_type == 'tag' &&
           matrix.python-version == '3.12' &&
           needs.setup.outputs.environment-name == 'PyPI'
+        uses: actions/upload-artifact@v4
+        with:
+          if-no-files-found: error
+          name: fastenv-${{ github.ref_name }}
+          path: dist
+  pypi:
+    environment:
+      name: ${{ needs.setup.outputs.environment-name }}
+      url: ${{ needs.setup.outputs.environment-url }}
+    if: github.ref_type == 'tag' && needs.setup.outputs.environment-name == 'PyPI'
+    needs: [setup, ci]
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download Python package artifacts
+        uses: actions/download-artifact@v4
+        with:
+          merge-multiple: true
+          name: fastenv-${{ github.ref_name }}
+          path: dist
+      - name: Publish Python package to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1.8
   changelog:
     if: github.ref_type == 'tag'
-    needs: [ci]
+    needs: [ci, pypi]
     permissions:
       contents: write
       pull-requests: write