diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..32420a2f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,60 @@ +name: Release + +on: + workflow_dispatch: + inputs: + deploy-to: + type: choice + description: Choose where to publish (test/prod) + options: + - prod + - test + default: prod + +permissions: read-all + +defaults: + run: + shell: bash + +# will cancel previous workflows triggered by the same event and for the same ref for PRs or same SHA otherwise +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.ref || github.sha }} + cancel-in-progress: true + +jobs: + + release: + name: PyPI - ${{ inputs.deploy-to }} + runs-on: ubuntu-latest + environment: + name: ${{ inputs.deploy-to }} + url: ${{ vars.PYPI_URL }} + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Set up Python 3.11 + uses: actions/setup-python@v4 + with: + python-version: "3.11" + + - name: Install hatch + run: python -m pip install hatch + shell: bash + + - name: Build artifacts + run: hatch build + shell: bash + + - name: Check artifacts + run: hatch run build:check-all + shell: bash + + - name: Publish artifacts to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file