Skip to content

Commit

Permalink
Use dedicated GitHub Actions job for PyPI
Browse files Browse the repository at this point in the history
This project uses pypa/gh-action-pypi-publish to publish Python packages
to PyPI with an OIDC trusted publisher (6e532c6).

pypa/gh-action-pypi-publish is set up as a Docker action referencing the
Dockerfile. The downside to using the Dockerfile for the action is that
the Docker image must be built every time the action is used. This will
hopefully change in the near future if Docker images are pre-built and
pushed to a registry. In the meantime, this commit will move the related
steps to a dedicated GitHub Actions job so that the Docker image is not
built every time GitHub Actions jobs run.

6e532c6
https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action
https://docs.pypi.org/trusted-publishers/
https://github.com/pypa/gh-action-pypi-publish
  • Loading branch information
br3ndonland committed Jul 14, 2024
1 parent a80ba80 commit 096b11d
Showing 1 changed file with 26 additions and 8 deletions.
34 changes: 26 additions & 8 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,8 @@ jobs:
else
environment_name=""
fi
timestamp="$(date -Iseconds)"
url="https://api.github.com/repos/${{ github.repository }}/deployments"
environment_url="$url?timestamp=$timestamp"
url="https://pypi.org/project/${GITHUB_REPOSITORY##*/}/"
environment_url="$url$GITHUB_REF_NAME/"
echo "environment-name=$environment_name" >>"$GITHUB_OUTPUT"
echo "environment-url=$environment_url" >>"$GITHUB_OUTPUT"
- name: Create annotation for deployment environment
Expand All @@ -41,9 +40,6 @@ jobs:
ci:
runs-on: ubuntu-latest
needs: [setup]
environment:
name: ${{ needs.setup.outputs.environment-name }}
url: ${{ needs.setup.outputs.environment-url }}&python=${{ matrix.python-version }}
permissions:
id-token: write
strategy:
Expand Down Expand Up @@ -130,15 +126,37 @@ jobs:
run: hatch run ${{ env.HATCH_ENV }}:coverage report
- name: Build Python package
run: hatch build
- name: Publish Python package to PyPI
- name: Upload Python package artifacts
if: >
github.ref_type == 'tag' &&
matrix.python-version == '3.12' &&
needs.setup.outputs.environment-name == 'PyPI'
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: fastenv-${{ github.ref_name }}
path: dist
pypi:
environment:
name: ${{ needs.setup.outputs.environment-name }}
url: ${{ needs.setup.outputs.environment-url }}
if: github.ref_type == 'tag' && needs.setup.outputs.environment-name == 'PyPI'
needs: [setup, ci]
permissions:
id-token: write
runs-on: ubuntu-latest
steps:
- name: Download Python package artifacts
uses: actions/download-artifact@v4
with:
merge-multiple: true
name: fastenv-${{ github.ref_name }}
path: dist
- name: Publish Python package to PyPI
uses: pypa/gh-action-pypi-publish@release/v1.8
changelog:
if: github.ref_type == 'tag'
needs: [ci]
needs: [ci, pypi]
permissions:
contents: write
pull-requests: write
Expand Down

0 comments on commit 096b11d

Please sign in to comment.