Skip to content

Commit

Permalink
[PR #7359/7911f1e9 backport][3.8]  Set up secretless publishing to P…
Browse files Browse the repository at this point in the history
…yPI (#7360)

Co-authored-by: Sviatoslav Sydorenko <[email protected]>
  • Loading branch information
patchback[bot] and webknjaz authored Jul 9, 2023
1 parent 8d45f9c commit 3577b1e
Showing 1 changed file with 30 additions and 2 deletions.
32 changes: 30 additions & 2 deletions .github/workflows/ci.yml → .github/workflows/ci-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -347,9 +347,17 @@ jobs:

deploy:
name: Deploy
environment: release
needs: [build-tarball, build-wheels]
runs-on: ubuntu-latest

permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for trusted publishing & sigstore

environment:
name: pypi
url: https://pypi.org/p/aiohttp

steps:
- name: Checkout
uses: actions/[email protected]
Expand All @@ -376,7 +384,27 @@ jobs:
name: aiohttp
version_file: aiohttp/__init__.py
github_token: ${{ secrets.GITHUB_TOKEN }}
pypi_token: ${{ secrets.PYPI_API_TOKEN }}
dist_dir: dist
fix_issue_regex: "`#(\\d+) <https://github.com/aio-libs/aiohttp/issues/\\1>`_"
fix_issue_repl: "(#\\1)"

- name: >-
Publish 🐍📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
- name: Sign the dists with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Upload artifact signatures to GitHub Release
# Confusingly, this action also supports updating releases, not
# just creating them. This is what we want here, since we've manually
# created the release above.
uses: softprops/action-gh-release@v1
with:
# dist/ contains the built packages, which smoketest-artifacts/
# contains the signatures and certificates.
files: dist/**

0 comments on commit 3577b1e

Please sign in to comment.