Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement current best practice for using Github Actions for package building and PyPI distribution #182

Merged
merged 8 commits into from
Aug 22, 2024
129 changes: 104 additions & 25 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -1,35 +1,114 @@
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# Adapted from https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/

name: "Publish to PyPI"
name: Publish to PyPI
on: push
jobs:

on:
push:
tags:
- "*"
build:
name: Build distribution
runs-on: ubuntu-latest

permissions:
contents: "read"
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Set up Python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
with:
python-version: "3.x"
- name: Install pypa/build
run: python3 -m pip install build --user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Store the distribution packages
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4
with:
name: python-package-distributions
path: dist/

jobs:
publish:
name: "Publish to PyPI"
runs-on: "ubuntu-latest"
publish-to-pypi:
name: >-
Publish to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
needs:
- build
runs-on: ubuntu-latest
environment:
name: "publish"
name: pypi
url: https://pypi.org/p/idna # Replace <package-name> with your PyPI project name
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing

steps:
- name: "Checkout repository"
uses: "actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b"
- name: Download all the dists
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1

- name: "Setup Python"
uses: "actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5"
github-release:
name: Sign and upload GitHub Release
needs:
- publish-to-pypi
runs-on: ubuntu-latest

permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore

steps:
- name: Download the dists
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
python-version: "3.x"
name: python-package-distributions
path: dist/
- name: Sign with Sigstore
uses: sigstore/[email protected]
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
'${{ github.ref_name }}'
--repo '${{ github.repository }}'
--notes ""
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'

# publish-to-testpypi:
# name: Publish to Test PyPI
# needs:
# - build
# runs-on: ubuntu-latest

# environment:
# name: testpypi
# url: https://test.pypi.org/p/idna

- name: "Build dists"
run: |
python -m pip install build
python -m build
# permissions:
# id-token: write # IMPORTANT: mandatory for trusted publishing

- name: "Publish to PyPI"
uses: "pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f"
# steps:
# - name: Download all the dists
# uses: actions/download-artifact@v4
# with:
# name: python-package-distributions
# path: dist/
# - name: Publish distribution to TestPyPI
# uses: pypa/gh-action-pypi-publish@release/v1
# with:
# verbose: true
# print-hash: true
# repository-url: https://test.pypi.org/legacy/