From c20d47626fdb3e59093d7dd0acc4aae86bcf7987 Mon Sep 17 00:00:00 2001 From: Jordan Duabe Date: Mon, 14 Aug 2023 21:49:18 +0800 Subject: [PATCH] Configure sigstore --- .github/workflows/pypi-publish.yml | 22 +++++++++++++++++----- pyproject.toml | 2 +- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index aa09b31..ab5e1d1 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -2,7 +2,8 @@ name: Publish package to PyPI on: release: - types: [created] + types: + - published workflow_dispatch: jobs: @@ -11,20 +12,31 @@ jobs: runs-on: ubuntu-latest environment: release permissions: + # Used to authenticate to PyPI via OIDC. + # Used to sign the release's artifacts with sigstore-python. id-token: write + + # Used to attach signing artifacts to the published release. + contents: write + steps: - uses: actions/checkout@v3 - - name: Set up Python 3.7 - uses: actions/setup-python@v4 + - uses: actions/setup-python@v4 with: python-version: 3.7 - - name: Build + - name: build run: | python -m pip install poetry poetry install --without test,docs poetry build - - name: Publish package + - name: publish uses: pypa/gh-action-pypi-publish@release/v1 + + - name: sign + uses: sigstore/gh-action-sigstore-python@v2.0.1 + with: + inputs: ./dist/*.whl ./dist/*.tar.gz + release-signing-artifacts: true \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 958c241..96d37fa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "powerline-k8s" -version = "1.5.0" +version = "1.5.1" description = "A custom Powerline segment for displaying the current Kubernetes context and namespace" authors = ["Jordan Duabe "] license = "MIT"