From c49d5a53e3b89d399e6039ea6a6c377b3f8c2299 Mon Sep 17 00:00:00 2001 From: Oriol Arbusi Abadal Date: Tue, 3 Jun 2025 09:50:10 +0200 Subject: [PATCH 1/3] sign pypi --- .github/workflows/release.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e9601a46..4c26cfeb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -155,11 +155,26 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Release + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec + with: + gpg_private_key: ${{ secrets.APIX_BOT_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.APIX_BOT_GPG_PASSPHRASE }} + - name: GPG sign PyPI distributions + run: | + for file in dist/awscdk_resources_mongodbatlas-*.whl dist/awscdk_resources_mongodbatlas-*.tar.gz; do + if [ -f "$file" ]; then + gpg --batch --yes --pinentry-mode loopback --passphrase "$APIX_BOT_GPG_PASSPHRASE" --detach-sign -a "$file" + fi + done + env: + APIX_BOT_GPG_PASSPHRASE: ${{ secrets.APIX_BOT_GPG_PASSPHRASE }} + + - name: Upload to PyPI env: TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - run: npx -p publib@latest publib-pypi + run: twine upload dist/* - name: Extract Version id: extract-version if: ${{ failure() }} From 6e4214ca3123d1e63527bac3e5c277657715778a Mon Sep 17 00:00:00 2001 From: Oriol Date: Tue, 3 Jun 2025 09:55:27 +0200 Subject: [PATCH 2/3] Update .github/workflows/release.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4c26cfeb..2d4333ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -162,7 +162,7 @@ jobs: passphrase: ${{ secrets.APIX_BOT_GPG_PASSPHRASE }} - name: GPG sign PyPI distributions run: | - for file in dist/awscdk_resources_mongodbatlas-*.whl dist/awscdk_resources_mongodbatlas-*.tar.gz; do + for file in dist/*.whl dist/*.tar.gz; do if [ -f "$file" ]; then gpg --batch --yes --pinentry-mode loopback --passphrase "$APIX_BOT_GPG_PASSPHRASE" --detach-sign -a "$file" fi From e9324f8239cb31268feeffe8d58dca73b3fba562 Mon Sep 17 00:00:00 2001 From: Oriol Arbusi Abadal Date: Tue, 3 Jun 2025 15:09:04 +0200 Subject: [PATCH 3/3] correct directory --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d4333ce..15a11388 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -162,7 +162,7 @@ jobs: passphrase: ${{ secrets.APIX_BOT_GPG_PASSPHRASE }} - name: GPG sign PyPI distributions run: | - for file in dist/*.whl dist/*.tar.gz; do + for file in dist/python/*.whl dist/python/*.tar.gz; do if [ -f "$file" ]; then gpg --batch --yes --pinentry-mode loopback --passphrase "$APIX_BOT_GPG_PASSPHRASE" --detach-sign -a "$file" fi