Skip to content
Build, test, and upload PyPI package

Sign with sigstore #5

Sign in to view logs

Sign with sigstore

Sign with sigstore #5

Workflow file for this run

.github/workflows/pypi.yaml at 63ac34e
---
name: Build, test, and upload PyPI package
on:
push:
branches:
- main
tags:
- "v*"
pull_request:
branches:
- main
release:
types:
- published
workflow_dispatch:
permissions:
contents: read
# see https://docs.pypi.org/trusted-publishers/
id-token: write
jobs:
build-package:
name: Build and check packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# for setuptools-scm
fetch-depth: 0
- uses: hynek/build-and-inspect-python-package@v2
publish-test-pypi:
name: Publish packages to test.pypi.org
# environment: publish-test-pypi
# TODO: move to instructlab
if: |
github.repository_owner == 'tiran' && (
github.event.action == 'published' ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' && github.ref == 'refs/heads/main')
)
runs-on: ubuntu-latest
needs: build-package
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@v4
with:
name: Packages
path: dist
- name: Upload to Test PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
publish-pypi:
name: Publish release to pypi.org
# environment: publish-pypi
# TODO: move to instructlab
if: |
github.repository_owner == 'tiran' && (
github.event.action == 'published' ||
github.event_name == 'workflow_dispatch'
)
runs-on: ubuntu-latest
needs: build-package
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@v4
with:
name: Packages
path: dist
- uses: sigstore/[email protected]
with:
upload-signing-artifact: true
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Upload to PyPI
uses: pypa/gh-action-pypi-publish@release/v1