Merge commit 'pull/origin/7'

Author: webknjaz

.yamllint

@@ -0,0 +1,2 @@
+indentation:
+  indent-sequences: false

Dockerfile

@@ -4,17 +4,14 @@ LABEL "maintainer"="Sviatoslav Sydorenko <[email protected]>"
 LABEL "repository"="https://github.com/re-actors/gh-action-pypi-publish"
 LABEL "homepage"="https://github.com/re-actors/gh-action-pypi-publish"
 
-LABEL "com.github.actions.name"="pypi-publish"
-LABEL "com.github.actions.description"="Upload Python distribution packages to PyPI"
-LABEL "com.github.actions.icon"="upload-cloud"
-LABEL "com.github.actions.color"="yellow"
-
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-ADD LICENSE.md /LICENSE.md
-
 RUN pip install --upgrade --no-cache-dir twine
 
-ENTRYPOINT ["twine"]
-CMD ["upload", "dist/*"]
+WORKDIR /app
+COPY LICENSE.md .
+COPY twine-upload.sh .
+
+RUN chmod +x twine-upload.sh
+ENTRYPOINT ["/app/twine-upload.sh"]

README.md

@@ -5,33 +5,50 @@ PyPI.
 
 
 ## Usage
-To use the action simply add the following lines in the end of your
-`.github/main.workflow`.
-
-```hcl
-action "Upload Python dist to PyPI" {
-  uses = "re-actors/pypi-action@master"
-  env = {
-    TWINE_USERNAME = "f'{your_project}-bot'"
-  }
-  secrets = ["TWINE_PASSWORD"]
-}
+
+To use the action add the following step to your workflow file (e.g.:
+`.github/workflows/main.yml`)
+
+
+```yml
+- name: Publish a Python distribution to PyPI
+  uses: pypa/gh-action-pypi-publish@master
+  with:
+    user: __token__
+    password: ${{ secrets.pypi_password }}
 ```
 
-N.B. Use a valid tag, or branch, or commit SHA instead
-of `master` to pin the action to use a specific version of it.
+A common use case is to upload packages only on a tagged commit, to do so add a
+filter to the step:
 
 
-### Environment Variables and Secrets
-- **`TWINE_USERNAME`**: set this one to the username used to authenticate
-against PyPI. _It is recommended to have a separate user account like
-`f'{your_project}-bot'` having the lowest privileges possible on your
-target dist page._
-- **`TWINE_PASSWORD`**: it's a password for the account used in
-`TWINE_USERNAME` env var. **ATTENTION! WARNING! When adding this value
-to the Action node in your workflow, use SECRETS, not normal env vars.**
+```yml
+  if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
+```
+
+So the full step would look like:
+
+
+```yml
+- name: Publish package
+  if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
+  uses: pypa/gh-action-pypi-publish@master
+  with:
+    user: __token__
+    password: ${{ secrets.pypi_password }}
+```
+
+The example above uses the new [API token](https://pypi.org/help/#apitoken)
+feature of PyPI, which is recommended to restrict the access the action has.
+
+The secret used in `${{ secrets.pypi_password }}` needs to be created on the settings
+page of your project on GitHub. See [Creating & using secrets].
 
 
 ## License
+
 The Dockerfile and associated scripts and documentation in this project
 are released under the [BSD 3-clause license](LICENSE.md).
+
+
+[Creating & using secrets]: https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables

action.yml

@@ -0,0 +1,24 @@
+---
+name: pypi-publish
+description: Upload Python distribution packages to PyPI
+inputs:
+  user:
+    description: PyPI user
+    required: false
+    default: __token__
+  password:
+    description: Password for your PyPI user or an access token
+    required: true
+  repository_url:
+    description: The repository URL to use
+    required: false
+branding:
+  color: yellow
+  icon: upload-cloud
+runs:
+  using: docker
+  image: Dockerfile
+  args:
+  - ${{ inputs.user }}
+  - ${{ inputs.password }}
+  - ${{ inputs.repository_url }}

twine-upload.sh

@@ -0,0 +1,7 @@
+#! /usr/bin/env bash
+set -Eeuo pipefail
+
+TWINE_USERNAME="$INPUT_USER" \
+TWINE_PASSWORD="$INPUT_PASSWORD" \
+TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \
+  exec twine upload dist/*