-
Notifications
You must be signed in to change notification settings - Fork 73
130 lines (112 loc) · 4.29 KB
/
pypi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Publish archives to PyPI and TestPyPI using GitHub Actions.
#
# NOTE: Pin actions to a specific commit to avoid having the authentication
# token stolen if the Action is compromised. See the comments and links here:
# https://github.com/pypa/gh-action-pypi-publish/issues/27
#
name: pypi
# Only run for pushes to the main branch and releases.
on:
pull_request:
push:
branches:
- main
release:
types:
- published
# Use bash by default in all jobs
defaults:
run:
shell: bash
jobs:
#############################################################################
# Build the wheel and source archives and check them with Twine
build:
runs-on: ubuntu-latest
# Only publish from the origin repository, not forks
if: github.repository_owner == 'fatiando'
steps:
# Checks-out your repository under $GITHUB_WORKSPACE
- name: Checkout
uses: actions/checkout@v4
with:
# Need to fetch more than the last commit so that setuptools_scm can
# create the correct version string. If the number of commits since
# the last release is greater than this, the version will still be
# wrong. Increase if necessary.
fetch-depth: 100
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Need the tags so that setuptools-scm can form a valid version number
- name: Fetch git tags
run: git fetch origin 'refs/tags/*:refs/tags/*'
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install requirements
run: python -m pip install -r env/requirements-build.txt
- name: List installed packages
run: python -m pip freeze
- name: Don't use local version numbers for TestPyPI uploads
if: github.event_name != 'release'
run: |
# Change setuptools-scm local_scheme to "no-local-version" so the
# local part of the version isn't included, making the version string
# compatible with Test PyPI.
sed --in-place "s/node-and-date/no-local-version/g" pyproject.toml
- name: Build source and wheel distributions
run: |
make build
echo ""
echo "Generated files:"
ls -lh dist/
- name: Check the archives
run: twine check dist/*
# Store the archives as a build artifact so we can deploy them later
- name: Upload archives as artifacts
# Only if not a pull request
if: success() && github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
#############################################################################
# Publish built wheels and source archives to PyPI and test PyPI
publish:
runs-on: ubuntu-latest
needs: build
# Only publish from the origin repository, not forks
if: github.repository_owner == 'fatiando' && github.event_name != 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# The GitHub token is preserved by default but this job doesn't need
# to be able to push to GitHub.
persist-credentials: false
# Fetch the built archives from the "build" job
- name: Download built archives artifact
uses: actions/download-artifact@v4
with:
name: pypi-${{ github.sha }}
path: dist
- name: Publish to Test PyPI
# Only publish to TestPyPI when a PR is merged (pushed to main)
if: success() && github.event_name == 'push'
uses: pypa/[email protected]
with:
user: __token__
password: ${{ secrets.TEST_PYPI_TOKEN}}
repository_url: https://test.pypi.org/legacy/
# Allow existing releases on test PyPI without errors.
# NOT TO BE USED in PyPI!
skip_existing: true
- name: Publish to PyPI
# Only publish to PyPI when a release triggers the build
if: success() && github.event_name == 'release'
uses: pypa/[email protected]
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN}}