Update for trusted publishing (#231) #246
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
env: | |
PYTHON_VERSION: "3.12" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- labeled | |
branches: | |
- main | |
jobs: | |
build-and-publish: | |
name: Publish test release | |
runs-on: ubuntu-latest | |
outputs: | |
build-version: ${{ steps.build.outputs.version }} | |
if: github.ref == 'refs/heads/main' || contains(github.event.pull_request.labels.*.name, 'test-build') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- uses: astral-sh/setup-uv@v3 | |
- name: Publish to Test PyPI | |
id: build | |
env: | |
UV_PUBLISH_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
run: | | |
version=$(./scripts/version dev) | |
echo "version=$version" >> $GITHUB_OUTPUT | |
sed -i -e "s/0.0.0/$version/" pyproject.toml | |
uv build | |
uv publish --publish-url https://test.pypi.org/legacy/ | |
test-install: | |
# We test the install on a clean machine to avoid poetry behavior attempting to | |
# install the project root when it is checked out | |
name: Test install | |
runs-on: ubuntu-latest | |
needs: build-and-publish | |
timeout-minutes: 5 | |
steps: | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "${{ env.PYTHON_VERSION }}" | |
- uses: astral-sh/setup-uv@v3 | |
- name: Wait for package to be available | |
run: > | |
until | |
curl --silent "https://test.pypi.org/simple/packse/" | |
| grep --quiet "${{ needs.build-and-publish.outputs.build-version }}"; | |
do sleep 10; | |
done | |
&& | |
sleep 180 | |
# We sleep for an additional 180 seconds as it seems to take a bit longer for | |
# the package to be consistently available | |
# Note: The above will not sleep forever due to the job level timeout | |
- name: Install release from Test PyPI | |
run: | | |
uv pip install \ | |
--system \ | |
--extra-index-url https://test.pypi.org/simple/ \ | |
--index-strategy unsafe-best-match \ | |
packse==${{ needs.build-and-publish.outputs.build-version }} | |
- name: Check release version | |
run: | | |
installed=$(python3 -c "from importlib.metadata import version; print(version('packse'))") | |
test $installed = ${{ needs.build-and-publish.outputs.build-version }} | |
- name: Check CLI help | |
run: | | |
packse --help |