Skip to content

Bump sigstore/gh-action-sigstore-python in the github-actions group #114

Bump sigstore/gh-action-sigstore-python in the github-actions group

Bump sigstore/gh-action-sigstore-python in the github-actions group #114

Workflow file for this run

# This is mostly experimental. Right now, all it does is create a GitHub release
# and then try to upload to TestPyPI. The second step seems to be consistently
# failing. :)
name: Build and release
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.x"
- run: pip install build
- run: python -m build
- uses: actions/upload-artifact@v4
with:
name: distributions
path: dist/
# publish-pypi:
# runs-on: ubuntu-latest
# if: startsWith(github.ref, 'refs/tags/')
# needs: [build]
# environment:
# name: release
# permissions:
# id-token: write
# steps:
# - uses: actions/download-artifact@v4
# with:
# name: python-package-distributions
# path: dist/
# - uses: pypa/gh-action-pypi-publish@release/v1
publish-testpypi:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs: [build]
environment:
name: release
permissions:
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
github-release:
runs-on: ubuntu-latest
needs: [publish-testpypi]
permissions:
contents: write
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: ./dist/*.tar.gz ./dist/*.whl
- name: Create a GitHub release
run: >-
gh release create --repo '${{ github.repository }}'
'${{ github.ref_name }}'
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Upload signed release files to GitHub release
run: >-
gh release upload --repo '${{ github.repository }}'
'${{ github.ref_name }}'
dist/**
env:
GITHUB_TOKEN: ${{ github.token }}