diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 63947c9..4138bd5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,12 +7,13 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + contents: read + jobs: - build-n-publish: - name: Build and publish Python 🐍 distributions 📦 to PyPI and TestPyPI - if: startsWith(github.ref, 'refs/tags') + release-build: + name: Build release runs-on: ubuntu-latest - steps: - uses: actions/checkout@v3 - name: Set up Python @@ -20,19 +21,67 @@ jobs: with: python-version: "3.x" - - name: Install pypa/build - run: python -m pip install build --user + - name: Build release distributions + run: | + # NOTE: put your own distribution build steps here. + python -m pip install build --user + python -m build --sdist --wheel --outdir dist/ . + + - name: Upload distributions + uses: actions/upload-artifact@v4 + with: + name: release-dists + path: dist/ - - name: Build a binary wheel and a source tarball - run: python -m build --sdist --wheel --outdir dist/ . + testpypi-publish: + runs-on: ubuntu-latest + needs: + - release-build + + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + # Dedicated environments with protections for publishing are strongly recommended. + environment: + name: testpypi + # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: + url: https://test.pypi.org/project/asciinema-automation/ + + steps: + - name: Retrieve release distributions + uses: actions/download-artifact@v4 + with: + name: release-dists + path: dist/ - name: Publish distribution 📦 to Test PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - password: ${{ secrets.TEST_PYPI_API_TOKEN }} repository-url: https://test.pypi.org/legacy/ - - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + pypi-publish: + if: startsWith(github.ref, 'refs/tags') + runs-on: ubuntu-latest + needs: + - testpypi-publish + + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + # Dedicated environments with protections for publishing are strongly recommended. + environment: + name: pypi + # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: + url: https://pypi.org/project/asciinema-automation/ + + steps: + - name: Retrieve release distributions + uses: actions/download-artifact@v4 with: - password: ${{ secrets.PYPI_API_TOKEN }} + name: release-dists + path: dist/ + + - name: Publish release distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1