Generate Artifact Attestation (#12) #97
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Release | |
| on: | |
| release: | |
| types: [ published ] | |
| pull_request: | |
| push: | |
| env: | |
| PY_COLORS: "1" | |
| jobs: | |
| build_wheels: | |
| name: Build wheels on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-13, macos-latest, windows-latest] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # fetch tags for setuptools-scm | |
| # Used to host cibuildwhee | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install cibuildwheel | |
| run: python -m pip install cibuildwheel | |
| - name: Build wheels | |
| run: python -m cibuildwheel --output-dir wheelhouse | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: cibw-wheels-${{ matrix.os }}-${{ strategy.job-index }} | |
| path: ./wheelhouse/*.whl | |
| build_sdist: | |
| name: Build source distribution | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # fetch tags for setuptools-scm | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install build | |
| run: python -m pip install build | |
| - name: Build sdist | |
| run: python -m build --sdist | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: cibw-sdist | |
| path: dist/*.tar.gz | |
| upload_pypi: | |
| name: Create release | |
| needs: [ build_wheels, build_sdist ] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/autosar_e2e | |
| permissions: | |
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
| contents: write # for action-gh-release | |
| # upload to PyPI only on release | |
| if: github.event.release && github.event.action == 'published' | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| pattern: cibw-* | |
| path: dist | |
| merge-multiple: true | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: 'dist/*' | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |