Skip to content
Publish

publish-pypi #69

Sign in to view logs

publish-pypi

publish-pypi #69

Workflow file for this run

.github/workflows/publish.yml at 20ef00b
# Licensed under the Apache License: http://www.apache.org/licenses/LICENSE-2.0
# For details: https://github.com/nedbat/coveragepy/blob/master/NOTICE.txt
name: "Publish"
on:
repository_dispatch:
# Triggered with `make` targets:
types:
- publish-testpypi # `make test_upload`
- publish-pypi # `make pypi_upload`
defaults:
run:
shell: bash
env:
# PYVERSIONS: changing the list of versions will change the number of
# expected distributions. This must match the same number in kit.yml.
EXPECTED: 92
permissions:
contents: read
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
find-run:
name: "Find latest kit.yml run"
runs-on: "ubuntu-latest"
outputs:
run-id: ${{ steps.run-id.outputs.run-id }}
steps:
- name: "Find latest kit.yml run"
id: runs
uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0
with:
route: GET /repos/nedbat/coveragepy/actions/workflows/kit.yml/runs
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Record run id" # zizmor: ignore[template-injection]
id: run-id
run: |
# There must be a shorter way to write this...
[ "${{ fromJson(steps.runs.outputs.data).workflow_runs[0].status}}" = "completed" ] || exit 1
[ "${{ fromJson(steps.runs.outputs.data).workflow_runs[0].conclusion}}" = "success" ] || exit 1
echo "run-id=${{ fromJson(steps.runs.outputs.data).workflow_runs[0].id }}" >> "$GITHUB_OUTPUT"
publish-to-test-pypi:
name: "Publish to Test PyPI"
if: ${{ github.event.action == 'publish-testpypi' }}
permissions:
id-token: write # needed for actions/attest-build-provenance
attestations: write # needed for actions/attest-build-provenance
runs-on: "ubuntu-latest"
environment:
name: "testpypi"
needs:
- find-run
steps:
- name: "Download dists"
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
repository: "nedbat/coveragepy"
run-id: ${{ needs.find-run.outputs.run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
pattern: "dist-*"
merge-multiple: true
path: "dist/"
- name: "What did we get?"
run: |
ls -alR
echo "Number of dists, should be $EXPECTED:"
ls -1 dist | wc -l
files=$(ls dist 2>/dev/null | wc -l) && [ "$files" -eq $EXPECTED ] || exit 1
- name: "Generate attestations"
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: "dist/*"
- name: "Publish dists to Test PyPI"
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
repository-url: https://test.pypi.org/legacy/
publish-to-pypi:
name: "Publish to PyPI"
if: ${{ github.event.action == 'publish-pypi' }}
permissions:
id-token: write # needed for actions/attest-build-provenance
attestations: write # needed for actions/attest-build-provenance
runs-on: "ubuntu-latest"
environment:
name: "pypi"
needs:
- find-run
steps:
- name: "Download dists"
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
repository: "nedbat/coveragepy"
run-id: ${{ needs.find-run.outputs.run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
pattern: "dist-*"
merge-multiple: true
path: "dist/"
- name: "What did we get?"
run: |
ls -alR
echo "Number of dists, should be $EXPECTED:"
ls -1 dist | wc -l
files=$(ls dist 2>/dev/null | wc -l) && [ "$files" -eq $EXPECTED ] || exit 1
- name: "Generate attestations"
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: "dist/*"
- name: "Publish dists to PyPI"
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0