Test and Publish Python 🐍 distribution 📦 to PyPI and TestPyPI #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# GitHub Actions configuration **EXAMPLE**, | |
# MODIFY IT ACCORDING TO YOUR NEEDS! | |
# Reference: https://docs.github.com/en/actions | |
name: Test and Publish Python 🐍 distribution 📦 to PyPI and TestPyPI | |
on: | |
push: | |
# Avoid using all the resources/limits available by checking only | |
# relevant branches and tags. Other branches can be checked via PRs. | |
branches: [main] | |
tags: ["v[0-9]*", "[0-9]+.[0-9]+*"] # Match tags that resemble a version | |
pull_request: # Run in every PR | |
workflow_dispatch: # Allow manually triggering the workflow | |
schedule: | |
# Run roughly every 15 days at 00:00 UTC | |
# (useful to check if updates on dependencies break the package) | |
- cron: "0 0 1,16 * *" | |
permissions: | |
contents: read | |
concurrency: | |
group: >- | |
${{ github.workflow }}-${{ github.ref_type }}- | |
${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
wheel-distribution: ${{ steps.wheel-distribution.outputs.path }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: { fetch-depth: 0 } # deep clone for setuptools-scm | |
- uses: actions/setup-python@v5 | |
id: setup-python | |
with: { python-version: "3.11" } | |
- name: Run static analysis and format checkers | |
run: pipx run pre-commit run --all-files --show-diff-on-failure | |
- name: Build package distribution files 📦 | |
run: >- | |
pipx run --python '${{ steps.setup-python.outputs.python-path }}' | |
tox -e clean,build | |
- name: Record the path of wheel distribution | |
id: wheel-distribution | |
run: echo "path=$(ls dist/*.whl)" >> $GITHUB_OUTPUT | |
- name: Store the distribution files for use in other stages | |
# `tests` and `publish` will use the same pre-built distributions, | |
# so we make sure to release the exact same package that was tested | |
uses: actions/upload-artifact@v3 | |
with: | |
name: python-distribution-files | |
path: dist/ | |
retention-days: 1 | |
test: | |
needs: prepare | |
strategy: | |
matrix: | |
python: | |
# - "3.8" # oldest Python supported by PSF | |
- "3.10" # Required by rhysd/action-setup-vim@v1 on ubuntu-latest | |
# - "3.11" # newest Python that is stable | |
platform: | |
- ubuntu-latest | |
# - macos-latest | |
# - windows-latest | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: nikeee/setup-pandoc@v1 | |
with: | |
pandoc-version: '3.1.3' # Compatible with tests for reference_citation.py | |
- uses: actions/setup-python@v5 | |
id: setup-python | |
with: | |
python-version: ${{ matrix.python }} | |
- uses: rhysd/action-setup-vim@v1 | |
- name: Retrieve pre-built distribution files | |
uses: actions/download-artifact@v3 | |
with: { name: python-distribution-files, path: dist/ } | |
- name: Run tests | |
run: >- | |
pipx run --python '${{ steps.setup-python.outputs.python-path }}' | |
tox --installpkg '${{ needs.prepare.outputs.wheel-distribution }}' | |
-- -rFEx --durations 10 --color yes -vv # pytest args | |
- name: Generate coverage report | |
run: pipx run coverage lcov -o coverage.lcov | |
- name: Upload partial coverage report | |
uses: coverallsapp/github-action@master | |
with: | |
path-to-lcov: coverage.lcov | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
flag-name: ${{ matrix.platform }} - py${{ matrix.python }} | |
parallel: true | |
finalize: | |
needs: test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Finalize coverage report | |
uses: coverallsapp/github-action@master | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
parallel-finished: true | |
publish-to-testpypi: | |
name: Publish Python 🐍 distribution 📦 to TestPyPI | |
needs: finalize | |
runs-on: ubuntu-latest | |
environment: | |
name: testpypi | |
url: https://test.pypi.org/p/panvimwiki | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Retrieve pre-built distribution files | |
uses: actions/download-artifact@v3 | |
with: { name: python-distribution-files, path: dist/ } | |
- name: Publish distribution 📦 to TestPyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
publish-to-pypi: | |
name: >- | |
Publish Python 🐍 distribution 📦 to PyPI | |
needs: [finalize, publish-to-testpypi] | |
if: ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags/') }} | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/panvimwiki # Replace <package-name> with your PyPI project name | |
permissions: | |
# contents: write | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
# - uses: actions/checkout@v4 | |
# - uses: actions/setup-python@v5 | |
# with: {python-version: "3.11"} | |
- name: Retrieve pre-built distribution files | |
uses: actions/download-artifact@v3 | |
with: { name: python-distribution-files, path: dist/ } | |
- name: Publish distribution 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# - name: Publish Package | |
# env: | |
# # TODO: Set your PYPI_TOKEN as a secret using GitHub UI | |
# # - https://pypi.org/help/#apitoken | |
# # - https://docs.github.com/en/actions/security-guides/encrypted-secrets | |
# TWINE_REPOSITORY: pypi | |
# TWINE_USERNAME: __token__ | |
# TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} | |
# run: pipx run tox -e publish | |
github-release: | |
name: >- | |
Sign the Python 🐍 distribution 📦 with Sigstore | |
and upload them to GitHub Release | |
needs: | |
- publish-to-pypi | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # IMPORTANT: mandatory for making GitHub Releases | |
id-token: write # IMPORTANT: mandatory for sigstore | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: { name: python-distribution-files, path: dist/ } | |
- name: Sign the dists with Sigstore | |
uses: sigstore/gh-action-sigstore-python@v2.1.0 | |
with: | |
inputs: >- | |
./dist/*.tar.gz | |
./dist/*.whl | |
- name: Create GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
run: >- | |
gh release create | |
'${{ github.ref_name }}' | |
--repo '${{ github.repository }}' | |
--notes "" | |
- name: Upload artifact signatures to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Upload to GitHub Release using the `gh` CLI. | |
# `dist/` contains the built packages, and the | |
# sigstore-produced signatures and certificates. | |
run: >- | |
gh release upload | |
'${{ github.ref_name }}' dist/** | |
--repo '${{ github.repository }}' |