Python: Replace publish action (#317)

Replaces `cucumber/action-publish-pypi` with `pypa/gh-action-pypi-publish@release/v1`. The motivation for using actions in the cucumber org is to ensure that we do not hand release tokens to untrusted code. As the party publishing our python packages, the Python Package Authority can be trusted. Additionally, their action uses trusted publishers which authorizes GitHub with OIDC so no long-lived tokens are used.
cucumber · Nov 14, 2024 · b71ccf6 · b71ccf6
1 parent bf59166
commit b71ccf6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/.github/workflows/release-pypi.yaml b/.github/workflows/release-pypi.yaml
@@ -26,6 +26,10 @@ jobs:
       - name: Show Python version
         run: python --version
 
-      - uses: cucumber/[email protected]
-        with:
-          working-directory: "python"
+      - name: Install Python package dependencies
+        run: |
+          python -m pip install build twine
+          python -m build
+          twine check --strict dist/*
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml
@@ -50,9 +50,11 @@ jobs:
         run: python --version
       - name: Install Python package dependencies
         run: |
-          python -m pip install -U pip setuptools wheel
-          pip install -U -r requirements.txt
+          python -m pip install build twine pip setuptools wheel
+          pip install -r requirements.txt
           pip install -e .
+          python -m build
+          twine check --strict dist/*
       - name: Run tests
         run: pytest