5959 with :
6060 repository-url : https://test.pypi.org/legacy/
6161
62+ publish-to-pypi :
63+ name : Publish Python 🐍 distribution 📦 to PyPI
64+ if : startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
65+ needs :
66+ - build
67+ runs-on : ubuntu-latest
68+
69+ environment :
70+ name : pypi
71+ url : https://pypi.org/p/agrirouter
72+
73+ permissions :
74+ id-token : write # IMPORTANT: mandatory for trusted publishing
75+
76+ steps :
77+ - name : Download all the dists
78+ uses : actions/download-artifact@v3
79+ with :
80+ name : python-package-distributions
81+ path : dist/
82+ - name : Publish distribution 📦 to PyPI
83+ uses : pypa/gh-action-pypi-publish@release/v1
84+
85+ github-release :
86+ name : >-
87+ Sign the Python 🐍 distribution 📦 with Sigstore
88+ and upload them to GitHub Release
89+ needs :
90+ - publish-to-pypi
91+ runs-on : ubuntu-latest
92+
93+ permissions :
94+ contents : write # IMPORTANT: mandatory for making GitHub Releases
95+ id-token : write # IMPORTANT: mandatory for sigstore
96+
97+ steps :
98+ - name : Download all the dists
99+ uses : actions/download-artifact@v3
100+ with :
101+ name : python-package-distributions
102+ path : dist/
103+ - name : Sign the dists with Sigstore
104+ 105+ with :
106+ inputs : >-
107+ ./dist/*.tar.gz
108+ ./dist/*.whl
109+ name : Create GitHub Release
110+ env :
111+ GITHUB_TOKEN : ${{ github.token }}
112+ run : >-
113+ gh release create
114+ '${{ github.ref_name }}'
115+ --repo '${{ github.repository }}'
116+ --notes ""
117+ name : Upload artifact signatures to GitHub Release
118+ env :
119+ GITHUB_TOKEN : ${{ github.token }}
120+ # Upload to GitHub Release using the `gh` CLI.
121+ # `dist/` contains the built packages, and the
122+ # sigstore-produced signatures and certificates.
123+ run : >-
124+ gh release upload
125+ '${{ github.ref_name }}' dist/**
126+ --repo '${{ github.repository }}'
0 commit comments