Add a GitHub Action to publish to PyPI #347
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # Keep GitHub Actions up to date with GitHub's Dependabot... | ||
| # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot | ||
| # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem | ||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: github-actions | ||
| directory: / | ||
| groups: | ||
| github-actions: | ||
| patterns: | ||
| - "*" # Group all Actions updates into a single larger pull request | ||
| schedule: | ||
| interval: weekly |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI | ||
|
|
||
| on: push | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build distribution 📦 | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.x" | ||
| - name: Install pypa/build | ||
| run: >- | ||
| python3 -m | ||
| pip install | ||
| build | ||
| --user | ||
| - name: Build a binary wheel and a source tarball | ||
| run: python3 -m build | ||
| - name: Store the distribution packages | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
|
|
||
| publish-to-pypi: | ||
| name: >- | ||
| Publish Python 🐍 distribution 📦 to PyPI | ||
| if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes | ||
| needs: | ||
| - build | ||
| runs-on: ubuntu-latest | ||
| environment: | ||
| name: pypi | ||
|
Comment on lines
+39
to
+40
There was a problem hiding this comment. I have added publisher on pypi Repository: cpplint/cpplint However, I am a bit concerned about this bit - has a "pypi" environment been created in the Github repo settings? There was a problem hiding this comment. Everyone in the cpplint org can see that tab; I don't think you accepted the maintainer invite. Could you check all your folders for the subject Anyways, I see there's a "testpypi" environment with nothing in it. I suspect that to be a test thing from many years ago and that @cclauss has perhaps yet to set up the environment. There was a problem hiding this comment. I think I can move this forward but I will need a few days to look into it. There was a problem hiding this comment.
Can you please add a second publisher with the same settings but on: |
||
| url: https://pypi.org/p/cpplint | ||
| permissions: | ||
| id-token: write # IMPORTANT: mandatory for trusted publishing | ||
|
|
||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| - name: Publish distribution 📦 to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
|
|
||
| github-release: | ||
| name: >- | ||
| Sign the Python 🐍 distribution 📦 with Sigstore | ||
| and upload them to GitHub Release | ||
| needs: | ||
| - publish-to-pypi | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| id-token: write # IMPORTANT: mandatory for sigstore | ||
|
|
||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| - name: Sign the dists with Sigstore | ||
| uses: sigstore/[email protected] | ||
| with: | ||
| inputs: >- | ||
| ./dist/*.tar.gz | ||
| ./dist/*.whl | ||
| - name: Create GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| run: >- | ||
| gh release create | ||
| "$GITHUB_REF_NAME" | ||
| --repo "$GITHUB_REPOSITORY" | ||
| --notes "" | ||
| - name: Upload artifact signatures to GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| # Upload to GitHub Release using the `gh` CLI. | ||
| # `dist/` contains the built packages, and the | ||
| # sigstore-produced signatures and certificates. | ||
| run: >- | ||
| gh release upload | ||
| "$GITHUB_REF_NAME" dist/** | ||
| --repo "$GITHUB_REPOSITORY" | ||
|
|
||
| publish-to-testpypi: | ||
| name: Publish Python 🐍 distribution 📦 to TestPyPI | ||
| needs: | ||
| - build | ||
| runs-on: ubuntu-latest | ||
|
|
||
| environment: | ||
| name: testpypi | ||
| url: https://test.pypi.org/p/cpplint | ||
|
|
||
| permissions: | ||
| id-token: write # IMPORTANT: mandatory for trusted publishing | ||
|
|
||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| # TODO(cclauss): Uncomment this job step when we have admin access to test.pypi.org | ||
| # - name: Publish distribution 📦 to TestPyPI | ||
| # uses: pypa/gh-action-pypi-publish@release/v1 | ||
| # with: | ||
| # repository-url: https://test.pypi.org/legacy/ | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure this should be run every commit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. We want to build each push but the process will stop at line 35 if this is not a release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why we need to build each push.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Knowing when we can no longer build the project is quite a useful diagnostic.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can try proposing changes to https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#the-whole-ci-cd-workflow
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It says that it's "One popular choice". IMO build breaking while the normal CI doesn't break would be so rare that testing it only on tag push is enough (we don't need to release when we push a tag).
That said, I don't care about this facet too much.