File tree Expand file tree Collapse file tree 1 file changed +44
-1
lines changed Expand file tree Collapse file tree 1 file changed +44
-1
lines changed Original file line number Diff line number Diff line change 4747 name : python-package-distributions
4848 path : dist/
4949 - name : Publish distribution 📦 to PyPI
50- uses : pypa/gh-action-pypi-publish@release/v1
50+ uses : pypa/gh-action-pypi-publish@release/v1
51+
52+ github-release :
53+ name : >-
54+ Sign the Python 🐍 distribution 📦 with Sigstore
55+ and upload them to GitHub Release
56+ needs :
57+ - publish-to-pypi
58+ runs-on : ubuntu-latest
59+
60+ permissions :
61+ contents : write # IMPORTANT: mandatory for making GitHub Releases
62+ id-token : write # IMPORTANT: mandatory for sigstore
63+
64+ steps :
65+ - name : Download all the dists
66+ uses : actions/download-artifact@v4
67+ with :
68+ name : python-package-distributions
69+ path : dist/
70+ - name : Sign the dists with Sigstore
71+ uses : sigstore/gh-action-sigstore-python@v3.0.0
72+ with :
73+ inputs : >-
74+ ./dist/*.tar.gz
75+ ./dist/*.whl
76+ name : Create GitHub Release
77+ env :
78+ GITHUB_TOKEN : ${{ github.token }}
79+ run : >-
80+ gh release create
81+ '${{ github.ref_name }}'
82+ --repo '${{ github.repository }}'
83+ --notes ""
84+ name : Upload artifact signatures to GitHub Release
85+ env :
86+ GITHUB_TOKEN : ${{ github.token }}
87+ # Upload to GitHub Release using the `gh` CLI.
88+ # `dist/` contains the built packages, and the
89+ # sigstore-produced signatures and certificates.
90+ run : >-
91+ gh release upload
92+ '${{ github.ref_name }}' dist/**
93+ --repo '${{ github.repository }}'
You can’t perform that action at this time.
0 commit comments