ci: Update setup for publishing

.github/workflows/build.yml

@@ -359,15 +359,13 @@ jobs:
 
   release:
     name: Release
-
     if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true'
-
     runs-on: ubuntu-latest
-    environment: Publish
+    environment: pypipublish
     needs: [linux, windows, macos_x86, macos_aarch64, sdist]
     permissions:
-      # IMPORTANT: this permission is mandatory for Trusted Publishing
       id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
@@ -377,10 +375,12 @@ jobs:
           merge-multiple: true
       - name: List contents of dist directory
         run: ls -la dist/
-      - name: Publish to PyPi
+      - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          packages_dir: dist
-          username: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
+          packages-dir: dist
+          # verbose: true
+          # print-hash: true
+          # Uncomment below for test runs, otherwise fails on existing packages being reuploaded
+          skip-existing: true
 

.github/workflows/upload-test.yml

@@ -0,0 +1,98 @@
+name: Upload Test for Pypi.
+
+on:
+  workflow_dispatch:
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        target: [aarch64]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
+          cache: "pip"
+      - run: pip install -r requirements.txt
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
+        if: ${{ matrix.target == 'aarch64' }}
+      - name: Build wheels
+        uses: PyO3/maturin-action@v1
+        with:
+          target: ${{ matrix.target }}
+          maturin-version: "1.2.0"
+          args: --release --out dist --find-interpreter
+          sccache: "true"
+          manylinux: ${{ matrix.target == 'aarch64' && 'manylinux_2_28' || 'auto' }}
+          before-script-linux: |
+            pip install uniffi-bindgen==0.24.1
+
+            # ISSUE: https://github.com/sfackler/rust-openssl/issues/2036#issuecomment-1724324145
+            # If we're running on rhel centos, install needed packages.
+            if command -v yum &> /dev/null; then
+                yum update -y && yum install -y perl-core openssl openssl-devel pkgconfig libatomic
+
+                # If we're running on i686 we need to symlink libatomic
+                # in order to build openssl with -latomic flag.
+                if [[ ! -d "/usr/lib64" ]]; then
+                    ln -s /usr/lib/libatomic.so.1 /usr/lib/libatomic.so
+                fi
+            else
+                # If we're running on debian-based system.
+                apt update -y && apt-get install -y libssl-dev openssl pkg-config
+            fi
+      - name: Upload wheels
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels-${{ matrix.target }}
+          path: dist
+
+  sdist:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build sdist
+        uses: PyO3/maturin-action@v1
+        with:
+          command: sdist
+          args: --out dist
+      - name: Upload sdist
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels
+          path: dist
+
+  pypi-publish:
+    name: upload release to PyPI
+    runs-on: ubuntu-latest
+    needs: [linux, sdist]
+
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: testpublish
+    permissions:
+      # IMPORTANT: this permission is mandatory for Trusted Publishing
+      id-token: write
+    steps:
+      # retrieve your distributions here
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download aarch64 wheels artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: wheels-aarch64
+
+      - name: Download sdist artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: sdist
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/

Cargo.toml

@@ -12,7 +12,7 @@ crate-type = ["lib", "cdylib"]
 normal = ["openssl-src"]
 
 [dependencies]
-c2pa = { version = "0.48.1", features = ["file_io", "pdf", "fetch_remote_manifests"]}
+c2pa = { version = "0.49.3", features = ["file_io", "pdf", "fetch_remote_manifests"]}
 thiserror = "1.0.49"
 uniffi = "0.28.2"
 openssl-src = "=300.3.1" # Required for openssl-sys

Makefile

@@ -15,4 +15,8 @@ build-python:
 
 test:
 	python3 ./tests/test_unit_tests.py
-	python3 ./tests/test_api.py
+	python3 ./tests/test_api.py
+
+publish: release
+	python3 -m pip install twine
+	python3 -m twine upload dist/*

pyproject.toml

@@ -3,7 +3,7 @@ requires = ["maturin>=1.7.4,<2.0","uniffi_bindgen>=0.28,<0.30"]
 build-backend = "maturin"
 
 [project]
-name = "c2pa"
+name = "c2pa-python"
 dependencies = ["cffi"]
 requires-python = ">=3.7"
 description = "Python bindings for the C2PA Content Authenticity Initiative (CAI) library"
@@ -27,4 +27,7 @@ urls = {homepage = "https://contentauthenticity.org", repository = "https://gith
 [project.optional-dependencies]
 test = [
   "pytest < 5.0.0"
-]
+]
+
+[tool.maturin]
+module-name = "c2pa"