diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml index 6b6fd5cce..7cb75ff68 100644 --- a/.github/workflows/code.yml +++ b/.github/workflows/code.yml @@ -13,7 +13,7 @@ jobs: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository runs-on: "ubuntu-latest" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Lint run: pip install --user .[dev] && tox -e pre-commit @@ -22,7 +22,7 @@ jobs: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository runs-on: "ubuntu-latest" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 # So we get history for version numbers @@ -32,7 +32,7 @@ jobs: run: SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) pipx run build --sdist --wheel - name: Upload Wheel and Sdist as artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: dist path: dist @@ -56,12 +56,12 @@ jobs: TEST_CL: pyepics steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 # So we get history for version number - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} @@ -89,10 +89,15 @@ jobs: release: needs: [build] runs-on: ubuntu-latest + permissions: + id-token: write # upload to PyPI and make a release on every tag if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') steps: - - uses: actions/download-artifact@v4.1.7 + - uses: actions/download-artifact@v4 + with: + name: dist + path: dist - name: Github Release # We pin to the SHA, not the tag, for security reasons. @@ -105,9 +110,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Publish to PyPI - env: - TWINE_USERNAME: __token__ - # The PYPI_PASSWORD must be a pypi token with the "pypi-" prefix with sufficient permissions to upload this package - # https://pypi.org/help/#apitoken - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} - run: pipx run twine upload dist/* + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: ./dist/ diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 63c571d2a..84b3b60a5 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -16,7 +16,7 @@ jobs: TOX_DIRECT: 1 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 # So we get history for version numbers @@ -24,7 +24,7 @@ jobs: run: sudo apt-get install graphviz - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} @@ -35,7 +35,7 @@ jobs: run: tox -e docs - name: Upload built docs as artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: docs path: build @@ -44,7 +44,7 @@ jobs: run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV - name: Deploy documentation to blueskyproject.io. - if: github.repository_owner == 'bluesky' && github.ref_name == 'master' + if: github.repository_owner == 'bluesky' && github.ref_name == 'main' # We pin to the SHA, not the tag, for security reasons. # https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions uses: peaceiris/actions-gh-pages@bbdfb200618d235585ad98e965f4aafc39b4c501 # v3.7.3 diff --git a/.gitignore b/.gitignore index 43b736ba8..4fea01d5f 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,7 @@ var/ *.egg-info/ .installed.cfg *.egg +.eggs/ # PyInstaller # Usually these files are written by a python script from a template