final test of digital attestation in PyPi release #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/ | |
| # https://github.com/pypa/gh-action-pypi-publish | |
| # https://github.com/pypa/sampleproject/blob/main/.github/workflows/release.yml | |
| # this action requires exactly one version to be found in .dist directory | |
| # it will take this version and publish it to PyPi.org webpage | |
| # this published version will be digitally attested. | |
| name: Release - publish attested version to PyPi | |
| on: | |
| push: | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+' | |
| # branches: | |
| # - master | |
| # This will not work because of naming conflict, version will already exist. | |
| # workflow_dispatch: | |
| jobs: | |
| build-and-publish: | |
| name: build and publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # IMPORTANT: this permission is mandatory for trusted publishing | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - name: Install build dependencies | |
| run: python -m pip install -U setuptools wheel build | |
| - name: Build | |
| run: python -m build . | |
| - name: Publish | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| skip-existing: true | |
| verbose: true | |
| print-hash: true | |