-
Notifications
You must be signed in to change notification settings - Fork 25
156 lines (131 loc) · 4.46 KB
/
pypi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Build and Publish
# based on official doc
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
on:
push:
tags:
- 'v*'
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Install pypa/build
run: python3 -m pip install build --user
- name: Build a binary wheel and a source tarball (agentlab)
run: python3 -m build . --outdir dist/
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
publish-to-pypi:
name: Publish to PyPI
needs:
- build
runs-on: ubuntu-22.04
environment: pypi
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Extract tag name
run: echo "TAG_NAME=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Validate tag format
id: validate_tag
run: |
if [[ "${{ env.TAG_NAME }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(\.dev[0-9]+)?$ ]]; then
echo "valid=true" >> $GITHUB_ENV
else
echo "valid=false" >> $GITHUB_ENV
fi
- name: Exit if invalid tag
if: env.valid == 'false'
run: |
echo "The tag ${{ env.TAG_NAME }} is not a valid semantic version. Exiting."
exit 1
- name: Download all the distribution packages
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish all distribution packages to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
github-release:
name: Sign packages with Sigstore and upload them to GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-22.04
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Set up Python for Sigstore
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Install Sigstore and cryptography dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install cryptography==43.0.3
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--notes ""
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
- name: Set GitHub Release as pre-release
if: contains(github.ref, '.dev') # only set tags vA.B.C.devD as pre-release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release edit
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--prerelease
# publish-to-testpypi:
# name: Publish to TestPyPI
# needs:
# - build
# runs-on: ubuntu-latest
# environment: testpypi
# permissions:
# id-token: write # IMPORTANT: mandatory for trusted publishing
# steps:
# - name: Download all the distribution packages
# uses: actions/download-artifact@v4
# with:
# name: python-package-distributions
# path: dist/
# - name: Publish distribution packages to TestPyPI
# uses: pypa/gh-action-pypi-publish@release/v1
# with:
# repository-url: https://test.pypi.org/legacy/