fixup! Use trusted publishing for PyPI #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous delivery - PyPI | |
| on: | |
| push: | |
| pull_request: | |
| release: | |
| types: [released] | |
| env: | |
| POETRY_SPEC: poetry >=1,<2 | |
| jobs: | |
| check-package-version: | |
| name: Check package version | |
| runs-on: ubuntu-latest | |
| container: python:3.9-slim | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Poetry | |
| run: pip install "${POETRY_SPEC}" | |
| - name: Check package version format | |
| shell: bash | |
| run: | | |
| PACKAGE_VERSION=$(poetry version --short) | |
| echo "PACKAGE_VERSION = $PACKAGE_VERSION" | |
| if [[ $PACKAGE_VERSION =~ ^[0-9]+.[0-9]+.[0-9]+(-rc\.[1-9])?$ ]]; then exit 0; else exit 1; fi | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| container: python:3.9-slim | |
| needs: check-package-version | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Poetry | |
| run: pip install "${POETRY_SPEC}" | |
| - name: Build | |
| run: poetry build | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nitrokey-pypi | |
| path: dist | |
| publish-testpypi: | |
| name: Publish to TestPyPI | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/nitrokey | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nitrokey-pypi | |
| path: dist | |
| - name: Publish to TestPyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| verbose: true | |
| check-tag-version: | |
| name: Check tag version | |
| runs-on: ubuntu-latest | |
| container: python:3.9-slim | |
| if: github.event.name == 'release' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Poetry | |
| run: pip install "${POETRY_SPEC}" | |
| - name: Check tag version | |
| shell: bash | |
| run: | | |
| VERSION_TAG="${{ github.event.release.tag_name }}" | |
| PACKAGE_VERSION="v"$(poetry version --short) | |
| echo "VERSION_TAG = $VERSION_TAG" | |
| echo "PACKAGE_VERSION = $PACKAGE_VERSION" | |
| if [ $VERSION_TAG == $PACKAGE_VERSION ]; then exit 0; else exit 1; fi | |
| publish-pypi: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [build, check-tag-version] | |
| if: github.event.name == 'release' | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/nitrokey | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nitrokey-pypi | |
| path: dist | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |