|
7 | 7 | app-id: |
8 | 8 | type: "string" |
9 | 9 | required: true |
| 10 | + publish: |
| 11 | + description: "Whether to publish to PyPI or not." |
| 12 | + type: "boolean" |
| 13 | + required: false |
| 14 | + default: false |
10 | 15 | secrets: |
11 | 16 | # Needs read and write contents permission to push to main. |
12 | 17 | update-version-gh-token: |
13 | 18 | required: true |
14 | 19 |
|
15 | 20 | jobs: |
16 | | - update-version-and-changelog: |
| 21 | + release: |
17 | 22 | if: "!startsWith(github.event.head_commit.message, 'build(version): ')" |
18 | 23 | runs-on: ubuntu-latest |
19 | | - name: "Update project's version and changelog" |
| 24 | + name: "Update project's version and changelog, then release to PyPI" |
20 | 25 | steps: |
21 | 26 | - name: Harden the runner (Audit all outbound calls) |
22 | 27 | uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 |
@@ -55,92 +60,22 @@ jobs: |
55 | 60 | # env variable containing the new version, created by the Commitizen action |
56 | 61 | tag_name : ${{ env.REVISION }} |
57 | 62 |
|
58 | | - build: |
59 | 63 | # This workflow and the publish workflows are based on: |
60 | 64 | # - https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ |
61 | 65 | # - https://www.andrlik.org/dispatches/til-use-uv-for-build-and-publish-github-actions/ |
62 | 66 | # - https://github.com/astral-sh/trusted-publishing-examples |
63 | | - name: Build Python 🐍 distribution 📦 |
64 | | - runs-on: ubuntu-latest |
65 | | - needs: |
66 | | - - update-version-and-changelog |
67 | | - steps: |
68 | | - - name: Checkout |
69 | | - uses: actions/checkout@v4 |
70 | | - |
71 | 67 | - name: Set up uv |
72 | 68 | uses: astral-sh/setup-uv@445689ea25e0de0a23313031f5fe577c74ae45a1 # v6.3.0 |
73 | 69 | with: |
74 | 70 | enable-cache: true |
75 | 71 | cache-dependency-glob: "uv.lock" |
76 | | - |
77 | 72 | - name: Build |
78 | 73 | # Builds dists from source and stores them in the dist/ directory. |
79 | 74 | run: uv build |
80 | 75 |
|
81 | | - - name: Upload Python package distributions |
82 | | - # Uploads the built distributions so that they can be used in the next steps. |
83 | | - # This is necessary because the next steps needs to run on different environments |
84 | | - # (e.g. publish to TestPyPI and PyPI), and the dist/ directory is not persisted |
85 | | - # between jobs. |
86 | | - uses: actions/upload-artifact@v4 |
87 | | - with: |
88 | | - name: python-package-distributions |
89 | | - path: dist/ |
90 | | - |
91 | | - publish-to-testpypi: |
92 | | - name: Publish Python 🐍 distribution 📦 to TestPyPI |
93 | | - runs-on: ubuntu-latest |
94 | | - environment: testpypi |
95 | | - needs: |
96 | | - - build |
97 | | - permissions: |
98 | | - id-token: write # IMPORTANT: mandatory for trusted publishing. |
99 | | - steps: |
100 | | - - name: Checkout |
101 | | - uses: actions/checkout@v4 |
102 | | - |
103 | | - - name: Download dists |
104 | | - uses: actions/download-artifact@v4 |
105 | | - with: |
106 | | - name: python-package-distributions |
107 | | - path: dist/ |
108 | | - |
109 | | - - name: Set up uv |
110 | | - uses: astral-sh/setup-uv@445689ea25e0de0a23313031f5fe577c74ae45a1 |
111 | | - with: |
112 | | - enable-cache: true |
113 | | - cache-dependency-glob: "uv.lock" |
114 | | - |
115 | | - - name: Publish distribution 📦 to TestPyPI |
116 | | - # This requires an [] |
117 | | - run: uv publish --index testpypi --trusted-publishing always |
118 | | - |
119 | | - # publish-to-pypi: |
120 | | - # name: Publish Python 🐍 distribution 📦 to PyPI |
121 | | - # # Only publish to PyPI on tag pushes. |
122 | | - # if: startsWith(github.ref, 'refs/tags/') |
123 | | - # needs: |
124 | | - # - build |
125 | | - # runs-on: ubuntu-latest |
126 | | - # environment: pypi |
127 | | - # permissions: |
128 | | - # id-token: write # IMPORTANT: mandatory for trusted publishing |
129 | | - # steps: |
130 | | - # - name: Checkout |
131 | | - # uses: actions/checkout@v4 |
132 | | - |
133 | | - # - name: Download dists |
134 | | - # uses: actions/download-artifact@v4 |
135 | | - # with: |
136 | | - # name: python-package-distributions |
137 | | - # path: dist/ |
138 | 76 |
|
139 | | - # - name: Set up uv |
140 | | - # uses: astral-sh/setup-uv@445689ea25e0de0a23313031f5fe577c74ae45a1 |
141 | | - # with: |
142 | | - # enable-cache: true |
143 | | - # cache-dependency-glob: "uv.lock" |
144 | 77 |
|
145 | | - # - name: Publish distribution 📦 to PyPI |
146 | | - # run: uv publish --trusted-publishing always |
| 78 | + - name: Publish distribution 📦 to PyPI |
| 79 | + # Only publish if the option is explicitly set in the calling workflow. |
| 80 | + if: ${{ inputs.publish }} |
| 81 | + run: uv publish --trusted-publishing always |
0 commit comments