-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: use trusted publishing for release #1142
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
name: deploy | ||
|
||
on: | ||
push: | ||
tags: | ||
- "*" | ||
|
||
# Set permissions at the job level. | ||
permissions: {} | ||
|
||
jobs: | ||
package: | ||
runs-on: ubuntu-22.04 | ||
timeout-minutes: 10 | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
persist-credentials: false | ||
|
||
- name: Build and Check Package | ||
uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a # v2.8.0 | ||
|
||
deploy: | ||
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') && github.repository == 'pytest-dev/pytest-django' | ||
needs: [package] | ||
runs-on: ubuntu-22.04 | ||
environment: deploy | ||
timeout-minutes: 15 | ||
permissions: | ||
contents: read | ||
# For trusted publishing. | ||
id-token: write | ||
|
||
steps: | ||
- name: Download Package | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: Packages | ||
path: dist | ||
|
||
- name: Publish package | ||
uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # v1.10.0 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. With this version, it's possible to opt in to uploading digital attestations, FYI. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Will look into it for the next release |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,8 +4,6 @@ on: | |
push: | ||
branches: | ||
- main | ||
tags: | ||
- "*" | ||
pull_request: | ||
branches: | ||
- main | ||
|
@@ -126,34 +124,3 @@ jobs: | |
- name: pypy3-dj32-postgres | ||
python: 'pypy3.9' | ||
allow_failure: false | ||
|
||
deploy: | ||
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') && github.repository == 'pytest-dev/pytest-django' | ||
runs-on: ubuntu-22.04 | ||
timeout-minutes: 15 | ||
permissions: | ||
contents: read | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
persist-credentials: false | ||
|
||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: '3.12' | ||
|
||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install --upgrade build | ||
|
||
- name: Build package | ||
run: python -m build | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's usually nice to keep it in the main workflow and put the job building the artifacts in front of the tests. Then, it'd be possible to test whatever's going to be uploaded, as opposed to building something new and potentially differing. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Agree, but I didn't want to complicate/slow down the test CI for now, but wanted to at least do it right for the deploy workflow. |
||
|
||
- name: Publish package | ||
uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # v1.10.0 | ||
with: | ||
user: __token__ | ||
password: ${{ secrets.pypi_token }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, there's a
github.ref_name
available now.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about
github.ref_name
but maybegithub.ref_type
is better for this?