Workflow for publishing to TestPyPI.

kevinbackhouse · kevinbackhouse · commit e1fef3d3fa8b · 2025-11-04T18:11:11.000Z
diff --git a/.github/workflows/publish-reusable.yml b/.github/workflows/publish-reusable.yml
@@ -0,0 +1,78 @@
+name: Publish (reusable workflow)
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: 'Version number or tag for the release. For example: v1.0.1'
+        required: true
+        type: string
+      repository_url:
+        description: 'This is the repository-url parameter for pypa/gh-action-pypi-publish'
+        required: true
+        type: string
+      environment:
+        description: 'PyPI/TestPyPI name and url are required'
+        type: environment
+        required: true
+    secrets:
+      GH_TOKEN:
+        required: true
+
+permissions:
+  contents: write
+  id-token: write  # For trusted publishing
+
+jobs:
+  publish:
+    name: Build
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      GITHUB_TOKEN: ${{ github.token }}
+      GITHUB_REPO: ${{ github.repository }}
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+    - name: Set up Python
+      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      with:
+        python-version: "3.13"
+
+    - name: Install Hatch
+      run: pip install --upgrade hatch
+
+    - name: Build the wheel
+      run: python3 -m hatch build
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      with:
+        name: python-package-distributions
+        path: dist/
+
+    - name: Publish to PyPI
+      env:
+        REPOSITORY_URL: ${{ inputs.repository_url }}
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+      with:
+        repository-url: $REPOSITORY_URL
+
+    - name: Sign with sigstore
+      uses: sigstore/gh-action-sigstore-python@f832326173235dcb00dd5d92cd3f353de3188e6c # v3.1.0
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+
+    - name: Create GitHub Release
+      env:
+        VERSION: ${{ inputs.version }}
+      run: gh release create $VERSION --repo $GITHUB_REPO --notes ""
+
+    - name: Upload GitHub Release
+      env:
+        VERSION: ${{ inputs.version }}
+      run: gh release upload $VERSION dist/** --repo $GITHUB_REPO
diff --git a/.github/workflows/publish-to-testpypi.yaml b/.github/workflows/publish-to-testpypi.yaml
@@ -0,0 +1,24 @@
+name: Publish to TestPyPI
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version name for release'
+        required: true
+
+jobs:
+  publish:
+    name: Publish wheel to TestPyPI
+    permissions:
+      contents: write
+      id-token: write  # For trusted publishing
+    uses: .github/workflows/publish-reusable.yml@main
+    with:
+      version: ${{ inputs.version }}
+      repository_url: https://test.pypi.org/legacy/
+      environment:
+        name: testpypi
+        url: https://test.pypi.org/p/seclab-taskflow-agent2
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
