poetry: pin pydantic and tomlkit to lowest working versions #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: automated tagged release with slsa 3 compliance | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| outputs: | |
| hashes: ${{ steps.hash.outputs.hashes }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: install devbox | |
| uses: jetpack-io/devbox-install-action@v0.8.0 | |
| - name: install dependencies | |
| run: devbox run poetry install | |
| - name: build project | |
| id: build | |
| run: devbox run poetry build | |
| - name: generate provenance subjects | |
| id: hash | |
| run: | | |
| cd dist | |
| HASHES=$(sha256sum * | base64 -w0) | |
| echo "hashes=$HASHES" >> "$GITHUB_OUTPUT" | |
| - name: release to github actions | |
| uses: softprops/action-gh-release@v0.1.15 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| dist/*.whl | |
| - run: devbox run poetry config pypi-token.pypi "${{ secrets.PYPI_TOKEN }}" | |
| - name: release to pypi | |
| run: devbox run poetry publish | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: wheels | |
| path: dist/ | |
| provenance: | |
| needs: [build] | |
| permissions: | |
| actions: read | |
| id-token: write | |
| contents: write | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 | |
| with: | |
| base64-subjects: "${{ needs.build.outputs.hashes }}" | |
| upload-assets: true |