Publish Python π distribution π¦ to PyPI or TestPyPI #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2023 Shukant Pal | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Publish Python π distribution π¦ to PyPI or TestPyPI | |
# https://github.com/pypa/gh-action-pypi-publish strongly recommends a | |
# separate publishing job when building platform-specific distribution | |
# packages, hence this. | |
# | |
# This should not be run until the release artifacts have been deployed. | |
# The only way I can see to trigger this automatically is to have all | |
# platform builds in a single workflow file and use on: `workflow_run` | |
# so this is triggered when that workflow completes. Once all platform | |
# builds are moved to GitHub Actions we can try making each platform | |
# workflow reusable and making another workflow that calls each of | |
# them via `uses` and use `on: workflow_run` here. | |
# | |
# We also have to figure out how to determine if the workflow deployed | |
# to releases. Maybe can use the GitHub REST API to get an artifact | |
# from the triggering workflow that is set only when deploying | |
# releases. See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow. | |
# Alternatively maybe there is some way of querying what triggered | |
# the workflow that we can test in an `if:` in the job as noted below. | |
on: | |
workflow_dispatch: | |
inputs: | |
# repository-url: | |
# description: 'destination repository' | |
# required: true | |
# default: 'https://pypi.org' | |
# type: choice | |
# options: | |
# - https://test.pypi.org | |
# - https://pypi.org | |
test-pypi: | |
type: boolean | |
description: 'Deploy to test pypi registry' | |
required: true | |
default: false | |
prerelease: | |
type: boolean | |
description: 'Deploy pre-release' | |
required: false | |
default: false | |
# Example to try in future. | |
# workflow_run: | |
# workflows: [KTX-Software Build All] | |
# types: | |
# - completed | |
# An unknown is how to limit the trigger to when deploy is run in | |
# Windows CI which is happens when that workflow is triggered by | |
# a push with the tags below. | |
# push: | |
# # Trigger on push of release tags. There is no way to limit the trigger | |
# # to a specific branch. A later build step checks for the main branch. | |
# tags: | |
# - 'v[0-9]+\.[0-9]+\.[0-9]+' | |
# - 'v[0-9]+\.[0-9]+\.[0-9]+-*' | |
env: | |
INPUT_PRERELEASE: ${{ inputs.prerelease }} | |
jobs: | |
publish-to-pypi: | |
name: Publish Python π distribution π¦ to PyPI | |
if: ${{ ! inputs.test-pypi }} | |
runs-on: ubuntu-latest | |
# environment: | |
# name: pypi | |
# url: https://pypi.org/p/pyktx | |
# permissions: | |
# id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
# When using workflow_run it is necessary to check for successful | |
# completion of the workflow with | |
#if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
# Maybe it is possible to test for a release tag here too. | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up .netrc | |
env: | |
GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }} | |
run: echo -e "machine api.github.com login $GH_API_TOKEN" >> ~/.netrc | |
- name: Download pyktx assets from latest (pre-)release | |
run: | | |
echo INPUT_PRERELEASE = $INPUT_PRERELEASE | |
if [ "$INPUT_PRERELEASE" = "true" ]; then | |
option="--pre-release" | |
else | |
option= | |
fi | |
# Omit linux packages since PyPI won't accept them and, at the | |
# moment, we don't have a workflow to build manylinux wheels, which | |
# it will accept. It's non-trivial to implement that. See | |
# https://github.com/pypa/manylinux?tab=readme-ov-file#docker-images | |
ci_scripts/download_release_assets.sh $option --filter '(?:^pyktx)(?!.*linux.*)' --output-dir dist | |
- name: Publish distribution π¦ to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
publish-to-testpypi: | |
name: Publish Python π distribution π¦ to TestPyPI | |
if: ${{ inputs.test-pypi }} | |
runs-on: ubuntu-latest | |
# environment: | |
# name: testpypi | |
# url: https://pypi.org/p/pyktx | |
# permissions: | |
# id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
# When using workflow_run it is necessary to check for successful | |
# completion of the workflow with | |
#if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
# Maybe it is possible to test for a release tag here too. | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up .netrc | |
env: | |
GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }} | |
run: echo -e "machine api.github.com login $GH_API_TOKEN" >> ~/.netrc | |
- name: Download pyktx assets from latest (pre-)release | |
run: | | |
echo INPUT_PRERELEASE = $INPUT_PRERELEASE | |
if [ "$INPUT_PRERELEASE" = "true" ]; then | |
option="--pre-release" | |
else | |
option= | |
fi | |
ci_scripts/download_release_assets.sh $option --filter '(?:^pyktx)(?!.*linux.*)' --output-dir dist | |
- name: Publish distribution π¦ to TestPyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
password: ${{ secrets.TESTPYPI_API_TOKEN }} |