mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
faef040407
Add workflow with two jobs to build and publish on PyPI. The release job waits for the build job and uses a custom release environment, which can be configured to require review. To share the build artifacts between the jobs and to make them available for intermediate review, they are stored using 'actions/upload-artifact' and 'actions/download-artifact'. https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts To upload the build artifacts to PyPI, the PyPA recommended 'pypa/gh-action-pypi-publish' is used. https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ **Caveat** The URL to grab the artifacts, e.g. for review, requires knowledge of action ID and artifact ID, and a login token (no special permissions). This makes it a bit cumbersome to fetch the artifacts with a script and compare them to a local build. https://docs.github.com/en/actions/managing-workflow-runs/downloading-workflow-artifacts Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
name: CD
|
|
concurrency: cd
|
|
|
|
# Trigger workflow on release tag push
|
|
on:
|
|
push:
|
|
# TODO: Should we restrict to vX.Y.Z tags?
|
|
tags: v*
|
|
|
|
jobs:
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@0ebf233433c08fb9061af664d501c3f3ff0e9e20
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install build dependency
|
|
run: python3 -m pip install --upgrade pip build
|
|
|
|
- name: Build binary wheel and source tarball
|
|
run: python3 -m build --sdist --wheel --outdir dist/ .
|
|
|
|
- name: Store build artifacts for review and release
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: build-artifacts
|
|
path: dist
|
|
|
|
release-on-pypi:
|
|
name: Release on PyPI
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
environment: release
|
|
steps:
|
|
- name: Fetch build artifacts
|
|
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
|
|
with:
|
|
name: build-artifacts
|
|
path: dist
|
|
|
|
- name: Publish binary wheel and source tarball on PyPI
|
|
uses: pypa/gh-action-pypi-publish@717ba43cfbb0387f6ce311b169a825772f54d295
|
|
with:
|
|
user: __token__
|
|
password: ${{ secrets.PYPI_API_TOKEN }}
|