Skip to content

Publish Python 🐍 distribution πŸ“¦ to PyPI or TestPyPI #42

Publish Python 🐍 distribution πŸ“¦ to PyPI or TestPyPI

Publish Python 🐍 distribution πŸ“¦ to PyPI or TestPyPI #42

Workflow file for this run

# Copyright 2023 Shukant Pal
# SPDX-License-Identifier: Apache-2.0
name: Publish Python 🐍 distribution πŸ“¦ to PyPI or TestPyPI
# https://github.com/pypa/gh-action-pypi-publish strongly recommends a
# separate publishing job when building platform-specific distribution
# packages, hence this.
#
# This should not be run until the release artifacts have been deployed.
# The only way I can see to trigger this automatically is to have all
# platform builds in a single workflow file and use on: `workflow_run`
# so this is triggered when that workflow completes. Once all platform
# builds are moved to GitHub Actions we can try making each platform
# workflow reusable and making another workflow that calls each of
# them via `uses` and use `on: workflow_run` here.
#
# We also have to figure out how to determine if the workflow deployed
# to releases. Maybe can use the GitHub REST API to get an artifact
# from the triggering workflow that is set only when deploying
# releases. See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow.
# Alternatively maybe there is some way of querying what triggered
# the workflow that we can test in an `if:` in the job as noted below.
on:
workflow_dispatch:
inputs:
# repository-url:
# description: 'destination repository'
# required: true
# default: 'https://pypi.org'
# type: choice
# options:
# - https://test.pypi.org
# - https://pypi.org
test-pypi:
type: boolean
description: 'Deploy to test pypi registry'
required: true
default: false
prerelease:
type: boolean
description: 'Deploy pre-release'
required: false
default: false
# Example to try in future.
# workflow_run:
# workflows: [KTX-Software Build All]
# types:
# - completed
# An unknown is how to limit the trigger to when deploy is run in
# Windows CI which is happens when that workflow is triggered by
# a push with the tags below.
# push:
# # Trigger on push of release tags. There is no way to limit the trigger
# # to a specific branch. A later build step checks for the main branch.
# tags:
# - 'v[0-9]+\.[0-9]+\.[0-9]+'
# - 'v[0-9]+\.[0-9]+\.[0-9]+-*'
env:
GIT_LFS_SKIP_SMUDGE: 1
INPUT_PRERELEASE: ${{ inputs.prerelease }}
jobs:
publish-to-pypi:
name: Publish Python 🐍 distribution πŸ“¦ to PyPI
if: ${{ ! inputs.test-pypi }}
runs-on: ubuntu-latest
# environment:
# name: pypi
# url: https://pypi.org/p/pyktx
# permissions:
# id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
# When using workflow_run it is necessary to check for successful
# completion of the workflow with
#if: ${{ github.event.workflow_run.conclusion == 'success' }}
# Maybe it is possible to test for a release tag here too.
steps:
- uses: actions/checkout@v4
- name: Set up .netrc
env:
GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
run: echo -e "machine api.github.com login $GH_API_TOKEN" >> ~/.netrc
- name: Download pyktx assets from latest (pre-)release
run: |
echo INPUT_PRERELEASE = $INPUT_PRERELEASE
if [ "$INPUT_PRERELEASE" = "true" ]; then
option="--pre-release"
else
option=
fi
# Omit linux packages since PyPI won't accept them and, at the
# moment, we don't have a workflow to build manylinux wheels, which
# it will accept. It's non-trivial to implement that. See
# https://github.com/pypa/manylinux?tab=readme-ov-file#docker-images
ci_scripts/download_release_assets.sh $option --filter '(?:^pyktx)(?!.*linux.*)' --output-dir dist
- name: Publish distribution πŸ“¦ to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
publish-to-testpypi:
name: Publish Python 🐍 distribution πŸ“¦ to TestPyPI
if: ${{ inputs.test-pypi }}
runs-on: ubuntu-latest
# environment:
# name: testpypi
# url: https://pypi.org/p/pyktx
# permissions:
# id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
# When using workflow_run it is necessary to check for successful
# completion of the workflow with
#if: ${{ github.event.workflow_run.conclusion == 'success' }}
# Maybe it is possible to test for a release tag here too.
steps:
- uses: actions/checkout@v4
- name: Set up .netrc
env:
GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
run: echo -e "machine api.github.com login $GH_API_TOKEN" >> ~/.netrc
- name: Download pyktx assets from latest (pre-)release
run: |
echo INPUT_PRERELEASE = $INPUT_PRERELEASE
if [ "$INPUT_PRERELEASE" = "true" ]; then
option="--pre-release"
else
option=
fi
ci_scripts/download_release_assets.sh $option --filter '(?:^pyktx)(?!.*linux.*)' --output-dir dist
- name: Publish distribution πŸ“¦ to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
password: ${{ secrets.TESTPYPI_API_TOKEN }}