kjd
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 104 additions & 25 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 104 additions & 25 deletions
@@ -1,35 +1,114 @@
-# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# Adapted from https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
 
-name: "Publish to PyPI"
+name: Publish to PyPI
+on: push
+jobs:
 
-on:
- push:
- tags:
- - "*"
+ build:
+ name: Build distribution
+ runs-on: ubuntu-latest
 
-permissions:
- contents: "read"
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ - name: Set up Python
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+ with:
+ python-version: "3.x"
+ - name: Install pypa/build
+ run: python3 -m pip install build --user
+ - name: Build a binary wheel and a source tarball
+ run: python3 -m build
+ - name: Store the distribution packages
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4
+ with:
+ name: python-package-distributions
+ path: dist/
 
-jobs:
- publish:
- name: "Publish to PyPI"
- runs-on: "ubuntu-latest"
+ publish-to-pypi:
+ name: >-
+ Publish to PyPI
+ if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
+ needs:
+ - build
+ runs-on: ubuntu-latest
  environment:
- name: "publish"
+ name: pypi
+ url: https://pypi.org/p/idna # Replace <package-name> with your PyPI project name
+ permissions:
+ id-token: write # IMPORTANT: mandatory for trusted publishing
+
  steps:
- - name: "Checkout repository"
- uses: "actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b"
+ - name: Download all the dists
+ uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+ with:
+ name: python-package-distributions
+ path: dist/
+ - name: Publish distribution to PyPI
+ uses: pypa/gh-action-pypi-publish@release/v1
 
- - name: "Setup Python"
- uses: "actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5"
+ github-release:
+ name: Sign and upload GitHub Release
+ needs:
+ - publish-to-pypi
+ runs-on: ubuntu-latest
+
+ permissions:
+ contents: write # IMPORTANT: mandatory for making GitHub Releases
+ id-token: write # IMPORTANT: mandatory for sigstore
+
+ steps:
+ - name: Download the dists
+ uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
  with:
- python-version: "3.x"
+ name: python-package-distributions
+ path: dist/
+ - name: Sign with Sigstore
+ uses: sigstore/gh-action-sigstore-python@v2.1.1
+ with:
+ inputs: >-
+ ./dist/*.tar.gz
+ ./dist/*.whl
+ - name: Create GitHub Release
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ run: >-
+ gh release create
+ '${{ github.ref_name }}'
+ --repo '${{ github.repository }}'
+ --notes ""
+ - name: Upload artifact signatures to GitHub Release
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ # Upload to GitHub Release using the `gh` CLI.
+ # `dist/` contains the built packages, and the
+ # sigstore-produced signatures and certificates.
+ run: >-
+ gh release upload
+ '${{ github.ref_name }}' dist/**
+ --repo '${{ github.repository }}'
+
+# publish-to-testpypi:
+# name: Publish to Test PyPI
+# needs:
+# - build
+# runs-on: ubuntu-latest
+
+# environment:
+# name: testpypi
+# url: https://test.pypi.org/p/idna
 
- - name: "Build dists"
- run: |
- python -m pip install build
- python -m build
+# permissions:
+# id-token: write # IMPORTANT: mandatory for trusted publishing
 
- - name: "Publish to PyPI"
- uses: "pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f"
+# steps:
+# - name: Download all the dists
+# uses: actions/download-artifact@v4
+# with:
+# name: python-package-distributions
+# path: dist/
+# - name: Publish distribution to TestPyPI
+# uses: pypa/gh-action-pypi-publish@release/v1
+# with:
+# verbose: true
+# print-hash: true
+# repository-url: https://test.pypi.org/legacy/