CI: Add publishing to PyPI and TestPyPI with trusted publishers #51
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| version: 2 | ||
| updates: | ||
| # Maintain dependencies for GitHub Actions | ||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
| labels: | ||
| - "github-actions" | ||
| - "dependencies" | ||
| reviewers: | ||
| - "asmeurer" | ||
|
There was a problem hiding this comment. This assumes @asmeurer wants to be the person to get the ping. |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| name: publish distributions | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| tags: | ||
| - [0-9]+.[0-9]+ | ||
| - [0-9]+.[0-9]+.[0-9]+ | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| release: | ||
| types: [published] | ||
|
Comment on lines
+12
to
+13
There was a problem hiding this comment. This bit is for publishing on GitHub Release. |
||
| workflow_dispatch: | ||
| inputs: | ||
| publish: | ||
| type: choice | ||
| description: 'Publish to TestPyPI?' | ||
| options: | ||
| - false | ||
| - true | ||
|
Comment on lines
+14
to
+21
There was a problem hiding this comment. This would allow you to create a release to TestPyPI from workflow dispatch. If this isn't of interest this can get removed. There was a problem hiding this comment. This is worth doing at least the first time around. How do you do it? Is there some option when you create the release in the GitHub interface? There was a problem hiding this comment. You do this through workflow dispatch by visiting the GitHub Actions tab for the repo and then selecting this workflow (https://github.com/data-apis/array-api-compat/actions/workflows/publish-package.yml) and then when you click the "Run workflow" button on the right hand side there will be the option to select This is how it looks like for us on
and if it helps, starting around 52 seconds into this video of me making the |
||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build Python distribution | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.x' | ||
|
|
||
| - name: Install python-build and twine | ||
| run: | | ||
| python -m pip install --upgrade pip setuptools | ||
|
There was a problem hiding this comment. If |
||
| python -m pip install build twine | ||
| python -m pip list | ||
|
|
||
| - name: Build a wheel and a sdist | ||
| run: | | ||
| PYTHONWARNINGS=error,default::DeprecationWarning python -m build . | ||
|
|
||
| - name: Verify the distribution | ||
| run: twine check --strict dist/* | ||
|
|
||
| - name: List contents of sdist | ||
| run: python -m tarfile --list dist/array_api_compat-*.tar.gz | ||
|
|
||
| - name: List contents of wheel | ||
| run: python -m zipfile --list dist/array_api_compat-*.whl | ||
|
|
||
| - name: Upload distribution artifact | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: dist-artifact | ||
| path: dist | ||
|
|
||
| publish: | ||
| name: Publish Python distribution to (Test)PyPI | ||
| if: github.event_name != 'pull_request' && github.repository == 'data-apis/array-api-compat' | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| # Mandatory for publishing with a trusted publisher | ||
| # c.f. https://docs.pypi.org/trusted-publishers/using-a-publisher/ | ||
| permissions: | ||
| id-token: write | ||
| # Restrict to the environment set for the trusted publisher | ||
| environment: | ||
| name: publish-package | ||
|
|
||
| steps: | ||
| - name: Download distribution artifact | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: dist-artifact | ||
| path: dist | ||
|
|
||
| - name: List all files | ||
| run: ls -lh dist | ||
|
|
||
| - name: Publish distribution 📦 to Test PyPI | ||
| # Publish to TestPyPI on tag events of if manually triggered | ||
| # Compare to 'true' string as booleans get turned into strings in the console | ||
| if: >- | ||
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) | ||
|
There was a problem hiding this comment. @asmeurer Also catching now that as you use tags that match but not |
||
| || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true') | ||
| uses: pypa/[email protected] | ||
| with: | ||
| repository-url: https://test.pypi.org/legacy/ | ||
| print-hash: true | ||
|
|
||
| - name: Publish distribution 📦 to PyPI | ||
| if: github.event_name == 'release' && github.event.action == 'published' | ||
|
There was a problem hiding this comment. This is assuming that you only want to publish to PyPI via creating a GitHub Release. |
||
| uses: pypa/[email protected] | ||
| with: | ||
| print-hash: true | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This dependabot config is only for updating GitHub Actions, and so the number of PRs generated should be substantially less than if Python packages were being considered.