Merge branch 'main' into tlsdc/docs #180
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish | |
# based on official doc | |
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ | |
on: [push, workflow_dispatch] | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- name: Install pypa/build | |
run: python3 -m pip install build --user | |
- name: Build a binary wheel and a source tarball (agentlab) | |
run: python3 -m build . --outdir dist/ | |
- name: Store the distribution packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
publish-to-pypi: | |
name: Publish to PyPI | |
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes # tweak so it doesnt publish all tags | |
needs: | |
- build | |
runs-on: ubuntu-22.04 | |
environment: pypi | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download all the distribution packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Publish all distribution packages to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
github-release: | |
name: Sign packages with Sigstore and upload them to GitHub Release | |
needs: | |
- publish-to-pypi | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write # IMPORTANT: mandatory for making GitHub Releases | |
id-token: write # IMPORTANT: mandatory for sigstore | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Set up Python for Sigstore | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- name: Install Sigstore and cryptography dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install cryptography==43.0.3 | |
- name: Sign the dists with Sigstore | |
uses: sigstore/[email protected] | |
with: | |
inputs: >- | |
./dist/*.tar.gz | |
./dist/*.whl | |
- name: Create GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
run: >- | |
gh release create | |
'${{ github.ref_name }}' | |
--repo '${{ github.repository }}' | |
--notes "" | |
- name: Upload artifact signatures to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Upload to GitHub Release using the `gh` CLI. | |
# `dist/` contains the built packages, and the | |
# sigstore-produced signatures and certificates. | |
run: >- | |
gh release upload | |
'${{ github.ref_name }}' dist/** | |
--repo '${{ github.repository }}' | |
- name: Set GitHub Release as pre-release | |
if: contains(github.ref, '.dev') # only set tags vA.B.C.devD as pre-release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
run: >- | |
gh release edit | |
'${{ github.ref_name }}' | |
--repo '${{ github.repository }}' | |
--prerelease | |
# publish-to-testpypi: | |
# name: Publish to TestPyPI | |
# needs: | |
# - build | |
# runs-on: ubuntu-latest | |
# environment: testpypi | |
# permissions: | |
# id-token: write # IMPORTANT: mandatory for trusted publishing | |
# steps: | |
# - name: Download all the distribution packages | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: python-package-distributions | |
# path: dist/ | |
# - name: Publish distribution packages to TestPyPI | |
# uses: pypa/gh-action-pypi-publish@release/v1 | |
# with: | |
# repository-url: https://test.pypi.org/legacy/ |