Skip to content

Commit

Permalink
ci: update python-package workflow to use trusted publishing (#50)
Browse files Browse the repository at this point in the history 
* ci: update python-package workflow to use trusted publishing

close #39

Additional changes:
* Only run workflow when a tag is created
* Update action versions + python version used

* use cache

* add back running on PR, build requires tag to be created

* trivial change, mostly to try to tickle GH Actions

---------

Co-authored-by: Reece Hart <reecehart@gmail.com>
  • Loading branch information
@korikuzma @reece
korikuzma and reece authored Sep 1, 2024
1 parent b71c7ba commit 21f173b
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 42 deletions.
91 changes: 49 additions & 42 deletions .github/workflows/python-package.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
name: Python package

on:
Expand All @@ -11,17 +12,17 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: zsh
version: 1.0

- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
python-version: "3.12"
cache: pip
cache-dependency-path: '**/pyproject.yaml'

Expand All @@ -47,15 +48,15 @@ jobs:
python-version: ["3.10", "3.11", "3.12"]

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: zsh
version: 1.0

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: pip
Expand Down Expand Up @@ -83,45 +84,51 @@ jobs:
chmod +x codecov
./codecov
deploy:
build:
name: Build distribution
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs:
- cqa
- test
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: pip
cache-dependency-path: '**/setup.cfg'
- name: Install pypa/build
run: >-
python3 -m
pip install
build
--user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/

publish-to-pypi:
name: >-
Publish Python distribution to PyPI
needs:
- build
runs-on: ubuntu-latest

environment:
name: pypi
url: https://pypi.org/p/biocommons.example
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Environment
run: |
echo "::group::Environment info"
echo github.event_name = ${{ github.event_name }}
echo refs = ${{ github.ref }}
echo tags = ${{ startsWith(github.ref, 'refs/tags') }}
echo "::endgroup::"
- uses: actions/checkout@v3

- uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: zsh
version: 1.0

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: pip
cache-dependency-path: '**/setup.cfg'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: python -m build

- name: Publish package
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,3 +77,7 @@ Try it:

* Quality tools: Code linting and reformatting with Ruff
* GitHub Actions for testing and packaging

## ToDo

* Add devcontainer support

0 comments on commit 21f173b

Please sign in to comment.