From 8d2753524050722a7bdb5016b89e56f05feb1268 Mon Sep 17 00:00:00 2001 From: Paul Natsuo Kishimoto Date: Mon, 13 Jan 2025 18:50:25 +0100 Subject: [PATCH] Use `uv` in first-party "publish" CI workflow Drop use of iiasa/actions reusable workflow. --- .github/workflows/publish.yaml | 47 ++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 03e0ba37b..e5e697679 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,11 +1,15 @@ name: Build package / publish on: - pull_request: # Check that package can be built even on PRs + # On PR commits, check build completes w/o error. + pull_request: branches: [ main ] push: branches: [ main ] + # Publish on any push of a new tag, including + # 'v*rc*' pushed to a PR branch. tags: [ "v*" ] + # Publish on new releases. release: types: [ published ] @@ -15,7 +19,40 @@ concurrency: jobs: publish: - uses: iiasa/actions/.github/workflows/publish.yaml@main - secrets: - PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - TESTPYPI_TOKEN: ${{ secrets.TESTPYPI_TOKEN }} + environment: + name: publish + + permissions: + id-token: write + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + # On 'pull_request' and some 'push' events, + # setuptools-scm or versioningit will give + # '0.1.dev1'. To confirm that the build system + # generates the desired version string, + # uncomment these lines and adjust fetch-depth. + # with: + # fetch-depth: 10 + # fetch-tags: true + + - uses: astral-sh/setup-uv@v5 + with: + cache-dependency-glob: "**/pyproject.toml" + python-version: "3.13" + + - name: Build + run: uv build + + - name: Publish + if: >- + github.event_name == 'release' || ( + github.event_name == 'push' + && startsWith(github.ref, 'refs/tags') + ) + # Uncomment for testing + # env: + # UV_PUBLISH_URL: https://test.pypi.org/legacy/ + run: uv publish --trusted-publishing=always