Merge pull request #577 from sanders41/publish-permissions

sanders41 · web-flow · commit 816f95815188 · 2024-10-28T14:20:33.000-04:00
Add permissions to publish
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "python-project-generator"
-version = "1.16.0"
+version = "1.16.1"
 edition = "2021"
 authors = ["Paul Sanders <paul@paulsanders.dev>"]
 description = "Generates a Python project structure."
diff --git a/src/github_actions.rs b/src/github_actions.rs
@@ -1200,6 +1200,9 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      # For PyPI's trusted publishing.
+      id-token: write
     if: "startsWith(github.ref, 'refs/tags/')"
     needs: [linux, windows, macos, sdist]
     steps:
@@ -1226,6 +1229,9 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      # For PyPI's trusted publishing.
+      id-token: write
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python
@@ -1289,6 +1295,9 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      # For PyPI's trusted publishing.
+      id-token: write
     steps:
     - uses: actions/checkout@v4
     - name: Install Pixi
diff --git a/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_pixi.snap b/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_pixi.snap
@@ -1,5 +1,6 @@
 ---
 source: src/github_actions.rs
 expression: content
+snapshot_kind: text
 ---
-"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    - name: Install Pixi\n      uses: prefix-dev/setup-pixi@v0.8.1\n      with:\n        pixi-version: v0.30.0\n    - name: Set up Python\n      run: pixi add python==\"3.12.*\"\n    - name: Build and publish package\n      run: |\n        pixi exec --spec python==\"3.12.*\" --spec python-build pyproject-build\n        pixi exec --spec python==\"3.12.*\" --spec twine twine upload dist/*\n"
+"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    permissions:\n      # For PyPI's trusted publishing.\n      id-token: write\n    steps:\n    - uses: actions/checkout@v4\n    - name: Install Pixi\n      uses: prefix-dev/setup-pixi@v0.8.1\n      with:\n        pixi-version: v0.30.0\n    - name: Set up Python\n      run: pixi add python==\"3.12.*\"\n    - name: Build and publish package\n      run: |\n        pixi exec --spec python==\"3.12.*\" --spec python-build pyproject-build\n        pixi exec --spec python==\"3.12.*\" --spec twine twine upload dist/*\n"
diff --git a/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_pyo3.snap b/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_pyo3.snap
@@ -1,5 +1,6 @@
 ---
 source: src/github_actions.rs
 expression: content
+snapshot_kind: text
 ---
-"name: PyPi Publish\non:\n  release:\n    types:\n    - published\npermissions:\n  contents: read\njobs:\n  linux:\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        target: [x86_64, x86, aarch64, armv7, s390x, ppc64le]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n          manylinux: auto\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-linux-${{ matrix.target }}\n          path: dist\n  windows:\n    runs-on: windows-latest\n    strategy:\n      matrix:\n        target: [x64, x86]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n          architecture: ${{ matrix.target }}\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-windows-${{ matrix.target }}\n          path: dist\n  macos:\n    runs-on: macos-latest\n    strategy:\n      matrix:\n        target: [x86_64, aarch64]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-macos-${{ matrix.target }}\n          path: dist\n  sdist:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build sdist\n        uses: PyO3/maturin-action@v1\n        with:\n          command: sdist\n          args: --out dist\n      - name: Upload sdist\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-sdist\n          path: dist\n  release:\n    name: Release\n    runs-on: ubuntu-latest\n    if: \"startsWith(github.ref, 'refs/tags/')\"\n    needs: [linux, windows, macos, sdist]\n    steps:\n      - uses: actions/download-artifact@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Publish to PyPI\n        uses: PyO3/maturin-action@v1\n        with:\n          command: upload\n          args: --non-interactive --skip-existing wheels-*/*\n"
+"name: PyPi Publish\non:\n  release:\n    types:\n    - published\npermissions:\n  contents: read\njobs:\n  linux:\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        target: [x86_64, x86, aarch64, armv7, s390x, ppc64le]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n          manylinux: auto\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-linux-${{ matrix.target }}\n          path: dist\n  windows:\n    runs-on: windows-latest\n    strategy:\n      matrix:\n        target: [x64, x86]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n          architecture: ${{ matrix.target }}\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-windows-${{ matrix.target }}\n          path: dist\n  macos:\n    runs-on: macos-latest\n    strategy:\n      matrix:\n        target: [x86_64, aarch64]\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build wheels\n        uses: PyO3/maturin-action@v1\n        with:\n          target: ${{ matrix.target }}\n          args: --release --out dist --find-interpreter\n          sccache: 'true'\n      - name: Upload wheels\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-macos-${{ matrix.target }}\n          path: dist\n  sdist:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Build sdist\n        uses: PyO3/maturin-action@v1\n        with:\n          command: sdist\n          args: --out dist\n      - name: Upload sdist\n        uses: actions/upload-artifact@v4\n        with:\n          name: wheels-sdist\n          path: dist\n  release:\n    name: Release\n    runs-on: ubuntu-latest\n    permissions:\n      # For PyPI's trusted publishing.\n      id-token: write\n    if: \"startsWith(github.ref, 'refs/tags/')\"\n    needs: [linux, windows, macos, sdist]\n    steps:\n      - uses: actions/download-artifact@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.12\"\n      - name: Publish to PyPI\n        uses: PyO3/maturin-action@v1\n        with:\n          command: upload\n          args: --non-interactive --skip-existing wheels-*/*\n"
diff --git a/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_setuptools.snap b/src/snapshots/python_project__github_actions__tests__save_pypi_publish_file_setuptools.snap
@@ -1,5 +1,6 @@
 ---
 source: src/github_actions.rs
 expression: content
+snapshot_kind: text
 ---
-"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    - name: Set up Python\n      uses: actions/setup-python@v5\n      with:\n        python-version: \"3.12\"\n        cache: \"pip\"\n    - name: Install Dependencies\n      run: |\n        python -m pip install -U pip\n        python -m pip -r requirements-dev.txt\n        python -m pip install build setuptools wheel twine\n    - name: Build and publish package\n      run: |\n        python -m build\n        twine upload dist/*\n"
+"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    permissions:\n      # For PyPI's trusted publishing.\n      id-token: write\n    steps:\n    - uses: actions/checkout@v4\n    - name: Set up Python\n      uses: actions/setup-python@v5\n      with:\n        python-version: \"3.12\"\n        cache: \"pip\"\n    - name: Install Dependencies\n      run: |\n        python -m pip install -U pip\n        python -m pip -r requirements-dev.txt\n        python -m pip install build setuptools wheel twine\n    - name: Build and publish package\n      run: |\n        python -m build\n        twine upload dist/*\n"

-Original file line number
+Diff line change
@@ @@ -1,5 +1,6 @@ @@
 ---
 source: src/github_actions.rs
 expression: content
 +snapshot_kind: text
 ---
 -"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    - name: Install Pixi\n      uses: prefix-dev/[email protected]\n      with:\n        pixi-version: v0.30.0\n    - name: Set up Python\n      run: pixi add python==\"3.12.*\"\n    - name: Build and publish package\n      run: |\n        pixi exec --spec python==\"3.12.*\" --spec python-build pyproject-build\n        pixi exec --spec python==\"3.12.*\" --spec twine twine upload dist/*\n"
 +"name: PyPi Publish\non:\n  release:\n    types:\n    - published\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    permissions:\n      # For PyPI's trusted publishing.\n      id-token: write\n    steps:\n    - uses: actions/checkout@v4\n    - name: Install Pixi\n      uses: prefix-dev/[email protected]\n      with:\n        pixi-version: v0.30.0\n    - name: Set up Python\n      run: pixi add python==\"3.12.*\"\n    - name: Build and publish package\n      run: |\n        pixi exec --spec python==\"3.12.*\" --spec python-build pyproject-build\n        pixi exec --spec python==\"3.12.*\" --spec twine twine upload dist/*\n"