Skip to content

Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#33) #95

Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#33)

Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#33) #95

Workflow file for this run

# Publish archives to PyPI and TestPyPI using GitHub Actions.
#
# NOTE: Pin actions to a specific commit to avoid having the authentication
# token stolen if the Action is compromised. See the comments and links here:
# https://github.com/pypa/gh-action-pypi-publish/issues/27
#
name: pypi
# Only run for pushes to the main branch and releases.
on:
pull_request:
push:
branches:
- main
release:
types:
- published
# Use bash by default in all jobs
defaults:
run:
shell: bash
###############################################################################
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Need to fetch more than the last commit so that setuptools_scm can
# create the correct version string. If the number of commits since
# the last release is greater than this, the version will still be
# wrong. Increase if necessary.
fetch-depth: 100
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Need the tags so that setuptools-scm can form a valid version number
- name: Fetch git tags
run: git fetch origin 'refs/tags/*:refs/tags/*'
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install requirements
run: |
python -m pip install twine
python -m pip install -r env/requirements-build.txt
- name: List installed packages
run: python -m pip freeze
- name: Don't use local version numbers for TestPyPI uploads
if: github.event_name != 'release'
run: |
# Change setuptools-scm local_scheme to "no-local-version" so the
# local part of the version isn't included, making the version string
# compatible with Test PyPI.
sed --in-place "s/node-and-date/no-local-version/g" pyproject.toml
- name: Build source and wheel distributions
run: |
make build
echo ""
echo "Generated files:"
ls -lh dist/
- name: Check the archives
run: twine check dist/*
# Store the archives as a build artifact so we can deploy them later
- name: Upload archives as artifacts
# Only if not a pull request
if: success() && github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
publish:
runs-on: ubuntu-latest
needs: build
# Only publish from the origin repository, not forks
if: github.repository_owner == 'fatiando' && github.event_name != 'pull_request'
environment: pypi
permissions:
# This permission allows trusted publishing to PyPI (without an API token)
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Fetch the built archives from the "build" job
- name: Download built archives artifact
uses: actions/download-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
- name: Publish to Test PyPI
# Only publish to TestPyPI when a PR is merged (pushed to main)
if: github.event_name == 'push'
uses: pypa/[email protected]
with:
repository_url: https://test.pypi.org/legacy/
# Allow existing releases on test PyPI without errors.
# NOT TO BE USED in PyPI!
skip_existing: true
- name: Publish to PyPI
# Only publish to PyPI when a release triggers the build
if: github.event_name == 'release'
uses: pypa/[email protected]