Merge pull request #198 from hugovk/attest #139
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & maybe upload PyPI package | |
on: | |
push: | |
pull_request: | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
permissions: | |
contents: read | |
env: | |
FORCE_COLOR: 1 | |
jobs: | |
# Always build & lint package. | |
build-package: | |
name: Build & verify package | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hynek/build-and-inspect-python-package@v2 | |
# Upload to real PyPI on GitHub Releases. | |
release-pypi: | |
name: Publish to PyPI | |
environment: release-pypi | |
# Only run for published releases. | |
if: | | |
github.repository_owner == 'python' | |
&& github.event.action == 'published' | |
runs-on: ubuntu-latest | |
needs: build-package | |
permissions: | |
id-token: write | |
steps: | |
- name: Download packages built by build-and-inspect-python-package | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- name: Upload package to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
attestations: true |