Skip to content
Build package and publish to GitHub and Test PyPI

Bump to version 0.0.6 #15

Sign in to view logs

Bump to version 0.0.6

Bump to version 0.0.6 #15

Workflow file for this run

.github/workflows/publish.yml at bc5be82
name: Build package and publish to GitHub and Test PyPI
on:
push:
tags:
- 'v*'
jobs:
check_publish:
name: "Check if we should publish"
runs-on: ubuntu-latest
outputs:
result: ${{ steps.check_pyproject_toml.outputs.version_exit_code }}
steps:
- name: "Checkout repository"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: "Setup Python"
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: "3.x"
- name: "Check pyproject.toml for a new version"
id: check_pyproject_toml
run: |
cd ./publish && echo "version_exit_code=$((python3 check_pyproject.py --tag ${{ github.ref_name }}) 2>&1)" >> $GITHUB_OUTPUT
fail_if_output_not_zero:
name: "Fail the job if the publish check doesn't return '0'"
runs-on: ubuntu-latest
needs: [ check_publish ]
if: needs.check_publish.outputs.result != '0'
steps:
- run: |
echo "Job failed, there is an issue with the tag; check that the version exists in pyproject and not in pypi" && exit 1
build:
name: "Build package"
runs-on: ubuntu-latest
needs: [ check_publish ]
if: needs.check_publish.outputs.result == '0'
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: "Checkout repository"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: "Setup Python"
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: "3.x"
- name: "Install dependencies"
run: pip install -r requirements/build.txt
# Use the commit date instead of the current date during the build.
- name: "Build dists"
run: |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) \
python -m build
# Generate hashes used for provenance.
- name: "Generate hashes"
id: hash
run: |
cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- name: "Upload dists"
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: "dist"
path: "dist/"
if-no-files-found: error
retention-days: 5
provenance:
name: "Generate provenance"
needs: [ build ]
permissions:
actions: read
contents: write
id-token: write # Needed to access the workflow's OIDC identity.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: true
publish-to-test-pypi:
name: "Publish to Test PyPI"
needs: [ build, provenance ]
permissions:
id-token: write # Needed for trusted publishing to PyPI.
runs-on: "ubuntu-latest"
environment:
name: "testpypi"
url: "https://test.pypi.org/p/ngohub/${{ github.ref_name }}/"
steps:
- name: "Download dists"
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: "dist"
path: "dist/"
- name: "Publish dists to Test PyPI"
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
with:
repository-url: https://test.pypi.org/legacy/
publish-to-pypi:
name: "Publish to PyPI"
if: startsWith(github.ref, 'refs/tags/')
needs: [ publish-to-test-pypi ]
permissions:
contents: write # Needed for making GitHub releases
id-token: write # Needed for trusted publishing to PyPI.
runs-on: "ubuntu-latest"
environment:
name: "Publish"
url: "https://pypi.org/p/ngohub/${{ github.ref_name }}/"
steps:
- name: "Download dists"
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: "dist"
path: "dist/"
- name: "Publish dists to PyPI"
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0