pypi.yml

# This workflows will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries

name: Publish to PyPi

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  release:
    types: [ released ]

permissions:
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
      with:
        egress-policy: audit

    - name: Checkout
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}

    - name: Set up Python
      uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
      with:
        python-version: "3.10"

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install --requirement requirements.txt
        pip freeze
        python -m build
        twine check dist/*
        # dbg
        find dist -name "*.whl" -exec unzip -d dbg {} +
        find dbg -name METADATA -type f -exec cat --number {} +

    - name: Publish
      if: ${{ 'release' == github.event_name }}
      uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
      with:
        user: __token__
        password: ${{ secrets.PYPI_PASSWORD }}