From b71ccf668c63c36af9a114e17ce5abf97f9cf7a9 Mon Sep 17 00:00:00 2001 From: "M.P. Korstanje" Date: Thu, 14 Nov 2024 23:07:58 +0100 Subject: [PATCH] Python: Replace publish action (#317) Replaces `cucumber/action-publish-pypi` with `pypa/gh-action-pypi-publish@release/v1`. The motivation for using actions in the cucumber org is to ensure that we do not hand release tokens to untrusted code. As the party publishing our python packages, the Python Package Authority can be trusted. Additionally, their action uses trusted publishers which authorizes GitHub with OIDC so no long-lived tokens are used. --- .github/workflows/release-pypi.yaml | 10 +++++++--- .github/workflows/test-python.yml | 6 ++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-pypi.yaml b/.github/workflows/release-pypi.yaml index 9b562cb6a..3bb95d6a3 100644 --- a/.github/workflows/release-pypi.yaml +++ b/.github/workflows/release-pypi.yaml @@ -26,6 +26,10 @@ jobs: - name: Show Python version run: python --version - - uses: cucumber/action-publish-pypi@v3.0.0 - with: - working-directory: "python" + - name: Install Python package dependencies + run: | + python -m pip install build twine + python -m build + twine check --strict dist/* + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 76db6ecff..c21b15be7 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -50,9 +50,11 @@ jobs: run: python --version - name: Install Python package dependencies run: | - python -m pip install -U pip setuptools wheel - pip install -U -r requirements.txt + python -m pip install build twine pip setuptools wheel + pip install -r requirements.txt pip install -e . + python -m build + twine check --strict dist/* - name: Run tests run: pytest