From 46eeb8ee664443c1eb3a41d1fdb13b6326ded71c Mon Sep 17 00:00:00 2001 From: Kyle Sunden Date: Wed, 9 Jul 2025 09:40:41 -0500 Subject: [PATCH] Add pypi trusted publisher workflow --- .github/workflows/release.yml | 64 +++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..024c8d9 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,64 @@ +--- + +name: Release +on: + release: + types: + - published + +jobs: + build: + name: Build Release Packages + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 10 + + - name: Set up Python + id: setup + uses: actions/setup-python@v4 + with: + python-version: 3.x + + - name: Install build tools + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade build + + - name: Build packages + run: python -m build + + - name: Save built packages as artifact + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: packages-${{ runner.os }}-${{ steps.setup.outputs.python-version }} + path: dist/ + if-no-files-found: error + retention-days: 5 + + publish: + name: Upload release to PyPI + needs: build + runs-on: ubuntu-latest + environment: release + permissions: + id-token: write + steps: + - name: Download packages + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + pattern: packages-* + path: dist + merge-multiple: true + + - name: Print out packages + run: ls dist + + - name: Generate artifact attestation for sdist and wheel + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + with: + subject-path: dist/cycler-* + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3