This workflow will build the package using the
hynek/build-and-inspect-python-package
action, upload the package to TestPyPI, and then verify that the package
can be installed from TestPyPI.
In order to ensure each version uploaded to TestPyPI is unique, the
workflow will first create a unique .postN version number for the package on top of the
officially released version of the package, incrementing N each time the workflow runs.
Important
When uploading the Python package to test.pypi.org, this workflow
will run in the package-testpypi GitHub Actions environment. It is recommended to
limit this environment to only the main branch. It is also recommended to store the token
for uploading to test.pypi.org as an environment secret so that it can only be
accessed by the package-testpypi environment. This secret will need to be passed in as a
secret when calling the reusable workflow, see the example below.
Important
When calling this reusable workflow, the permissions must be set as follows:
permissions:
contents: read
id-token: write
attestations: writeNote
This workflow uses concurrency to limit the number of builds that can run at the same time
to a single build. This concurrency is shared across the 'pypi (Reusable Workflows)' concurrency
group within the repo that calls this workflow.
Note
This workflow uses the following GitHub Actions:
- actions/checkout
- tektronix/python-package-ci-cd/actions/create_unique_testpypi_version
- hynek/build-and-inspect-python-package
- actions/download-artifact
- pypa/gh-action-pypi-publish
- actions/setup-python
- nick-fields/retry
See the Workflow file for the currently used versions of each GitHub Action.
Tip
See the Workflow file for implementation details.
| Input variable | Necessity | Description | Default |
|---|---|---|---|
package-name |
required | The name of the package to build, upload, and install. | |
repo-name |
required | The full name of the repository to use to gate uploads, in the format owner/repo. |
| Secret variable | Necessity | Description |
|---|---|---|
test-pypi-api-token |
required | The API token for the package on test.pypi.org. |
name: Publish to TestPyPI
on:
push:
branches: [main]
concurrency: # This concurrency is not required, but can be added if extra control of concurrent builds is required
group: pypi
jobs:
package-testpypi:
uses: tektronix/python-package-ci-cd/.github/workflows/[email protected]
with:
package-name: my-package # required
repo-name: owner/my-package # required
permissions:
contents: read
id-token: write
attestations: write
secrets:
test-pypi-api-token: ${{ secrets.TEST_PYPI_API_TOKEN }}