Skip to content

Commit

Permalink
CI - Swap to trusted publisher for releases (pydata#1758)
Browse files Browse the repository at this point in the history
* 👷 Remove token based release from CI

* Add package inspection step
  • Loading branch information
trallard authored Apr 8, 2024
1 parent 525e52d commit 662758e
Showing 1 changed file with 40 additions and 15 deletions.
55 changes: 40 additions & 15 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,34 +1,59 @@
# This will run every time a tag is created and pushed to the repository.
# This will run every time a release is created and published.
# It calls our tests workflow via a `workflow_call`, and if tests pass
# then it triggers our upload to PyPI for a new release.
name: Publish to PyPI
on:
release:
types: ["published"]
types:
- published
workflow_dispatch:

env:
FORCE_COLOR: "1" # Make tools pretty.

permissions:
contents: read
id-token: write # needed for PyPI upload

jobs:
# calls our tests workflow
tests:
uses: ./.github/workflows/tests.yml
publish:
name: publish

build-package:
name: "Build & verify PST package"
needs: [tests] # require tests to pass before deploy runs
runs-on: ubuntu-latest
steps:
- name: Checkout source
- name: "Checkout repository 🛎"
uses: actions/checkout@v4
- name: Set up Python 3.9

- name: "Set up Python 3.9"
uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Install gettext for translations

- name: "Install gettext for translations 🌐"
run: |
sudo apt-get install gettext
- name: Build package
run: |
python -m pip install -U pip build
python -m build
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
- name: "Build and inspect package 📦"
uses: hynek/build-and-inspect-python-package@v2
id: baipp

- run: echo Packages can be found at ${{ steps.baipp.outputs.dist }}

release-pypi:
runs-on: ubuntu-latest
needs: [build-package]
steps:
- name: "Download PST built package 📦"
uses: actions/download-artifact@v4
with:
user: __token__
password: ${{ secrets.PYPI_KEY }}
name: PST-package
path: dist

- name: "Publish PST package to PyPI 🚀"
uses: pypa/gh-action-pypi-publish@release/v1
# only publish if this is a published release by pydata
if: github.repository_owner == 'pydata' && github.event_name == 'release' && github.event.action == 'published'

0 comments on commit 662758e

Please sign in to comment.