61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
name: CI
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
|
|
# Minimal repo-level permissions; job-level permissions override where needed.
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
jobs:
|
|
publish:
|
|
name: Build & Publish to PyPI (Trusted Publishing)
|
|
runs-on: ubuntu-latest
|
|
|
|
# Run in the GitHub environment named "release" so you can gate it with approvals.
|
|
environment: release
|
|
|
|
# Extra permissions required for pypa action to do OIDC exchange:
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Install build tools
|
|
run: |
|
|
python -m pip install --upgrade pip setuptools wheel build
|
|
|
|
- name: Install uv (if needed)
|
|
run: |
|
|
python -m pip install --upgrade uv || true
|
|
|
|
- name: Build package with uv
|
|
run: |
|
|
pwd
|
|
ls -la
|
|
uv build
|
|
|
|
- name: Inspect dist folder
|
|
run: |
|
|
ls -la dist || ls -la build || echo "no dist/ or build/ — check uv output"
|
|
|
|
- name: Publish to PyPI using Trusted Publishing
|
|
# Note: No pypi_token / username / password provided — Trusted Publishing via OIDC is used.
|
|
uses: pypa/gh-action-pypi-publish@release/v1
|
|
with:
|
|
attestations: true # optional (default for Trusted Publishing) - set to false to disable
|