File tree Expand file tree Collapse file tree 1 file changed +79
-0
lines changed Expand file tree Collapse file tree 1 file changed +79
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Publish to PyPI
2+
3+ on :
4+ push :
5+ tags :
6+ - " *"
7+
8+ permissions :
9+ contents : read
10+
11+ jobs :
12+ build :
13+ name : " Build dists"
14+ runs-on : " ubuntu-latest"
15+ environment :
16+ name : " publish"
17+ outputs :
18+ hashes : ${{ steps.hash.outputs.hashes }}
19+
20+ steps :
21+ - name : " Checkout repository"
22+ uses : " actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3"
23+
24+ - name : " Setup Python"
25+ uses : " actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b"
26+ with :
27+ python-version : " 3.x"
28+
29+ - name : " Install dependencies"
30+ run : python -m pip install build==0.8.0
31+
32+ - name : " Build dists"
33+ run : |
34+ SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) \
35+ python -m build
36+
37+ name : " Generate hashes"
38+ id : hash
39+ run : |
40+ cd dist && echo "::set-output name=hashes::$(sha256sum * | base64 -w0)"
41+
42+ name : " Upload dists"
43+ uses : " actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce"
44+ with :
45+ name : " dist"
46+ path : " dist/"
47+ if-no-files-found : error
48+ retention-days : 5
49+
50+ provenance :
51+ needs : [build]
52+ permissions :
53+ actions : read
54+ contents : write
55+ id-token : write # Needed to access the workflow's OIDC identity.
56+ uses : " slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0"
57+ with :
58+ base64-subjects : " ${{ needs.build.outputs.hashes }}"
59+ upload-assets : true
60+ compile-generator : true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163
61+
62+ publish :
63+ name : " Publish"
64+ if : startsWith(github.ref, 'refs/tags/')
65+ needs : ["build", "provenance"]
66+ permissions :
67+ contents : write
68+ id-token : write
69+ runs-on : " ubuntu-latest"
70+
71+ steps :
72+ - name : " Download dists"
73+ uses : " actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a"
74+ with :
75+ name : " dist"
76+ path : " dist/"
77+
78+ - name : " Publish dists to PyPI"
79+ uses : " pypa/gh-action-pypi-publish@48b317d84d5f59668bb13be49d1697e36b3ad009"
You can’t perform that action at this time.
0 commit comments