Publish Python π distribution π¦ to PyPI and TestPyPI #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Python π distribution π¦ to PyPI and TestPyPI | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| build: | |
| name: Build distribution π¦ | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/[email protected] | |
| with: | |
| python-version: "3.x" | |
| - name: Install Poetry | |
| uses: snok/[email protected] | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: Run tests | |
| env: | |
| AUTHSIGNAL_API_URL: ${{ secrets.AUTHSIGNAL_API_URL }} | |
| AUTHSIGNAL_API_SECRET: ${{ secrets.AUTHSIGNAL_API_SECRET }} | |
| run: poetry run python -m authsignal.client_tests | |
| - name: Build and store main distribution | |
| run: | | |
| poetry build | |
| ls -la dist/ | |
| - name: Store main distribution packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| # Build TestPyPI version | |
| - name: Clean build artifacts | |
| run: rm -rf dist/* | |
| - name: Extract version from version.py | |
| run: | | |
| export PYTHONPATH=${PYTHONPATH}:$(pwd)/authsignal | |
| echo "BASE_VERSION=$(python -c 'from version import VERSION; print(VERSION)')" >> $GITHUB_ENV | |
| - name: Build and store TestPyPI distribution | |
| run: | | |
| poetry version "${BASE_VERSION}.dev$(date +%s)" | |
| poetry build | |
| ls -la dist/ | |
| - name: Store test distribution packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package-distributions-testing | |
| path: dist/ | |
| publish-to-pypi: | |
| name: >- | |
| Publish Python π distribution π¦ to PyPI | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: | |
| - build | |
| - publish-to-testpypi | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/authsignal | |
| permissions: | |
| id-token: write # needed for both trusted publishing and sigstore | |
| contents: write | |
| steps: | |
| - name: Download all the dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions | |
| path: dist/ | |
| # Add signing steps before publishing | |
| - name: Set up Python environment | |
| uses: actions/[email protected] | |
| with: | |
| python-version: "3.x" | |
| - name: Install cryptography version 43 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install cryptography==43.* | |
| - name: Sign the dists with Sigstore | |
| uses: sigstore/[email protected] | |
| with: | |
| inputs: >- | |
| ./dist/*.tar.gz | |
| ./dist/*.whl | |
| - name: Publish distribution π¦ to PyPI | |
| uses: pypa/[email protected] | |
| publish-to-testpypi: | |
| name: Publish Python π distribution π¦ to TestPyPI | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/authsignal | |
| permissions: | |
| id-token: write # IMPORTANT: mandatory for trusted publishing | |
| steps: | |
| - name: Download all the test dists | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: python-package-distributions-testing | |
| path: dist/ | |
| - name: Publish distribution π¦ to TestPyPI | |
| uses: pypa/[email protected] | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ |