Skip to content

Release to PyPi

Release to PyPi #19

Workflow file for this run

name: Release to PyPi
on:
release:
types: [created]
env:
AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader
AWS_REGION: us-west-2
jobs:
upload-to-pypi:
name: Upload to PyPi
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: python3 -m pip install --upgrade pip build setuptools wheel twine
- name: Build pip package
run: python3 -m build
- name: Authenticate GitHub workflow to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Fetch secrets
run: |
echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
echo "TWINE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id PYPI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
- name: set asset path and name
id: get_package_name
run: |
echo "package_name=$(ls dist/*.whl | cut -d / -f 2)" >> $GITHUB_OUTPUT
- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: dist/${{ steps.get_package_name.outputs.package_name }}
asset_name: ${{ steps.get_package_name.outputs.package_name }}
asset_content_type: application/zip
- name: Upload to PyPi
env:
TWINE_USERNAME: __token__
run: python3 -m twine upload dist/*