-
Notifications
You must be signed in to change notification settings - Fork 11
46 lines (44 loc) · 1.66 KB
/
release-pypi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Release to PyPi
on:
release:
types: [created]
env:
AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader
AWS_REGION: us-west-2
jobs:
upload-to-pypi:
name: Upload to PyPi
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: python3 -m pip install --upgrade pip build setuptools wheel twine
- name: Build pip package
run: python3 -m build
- name: Authenticate GitHub workflow to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Fetch secrets
run: |
echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
echo "TWINE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id PYPI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
- name: set asset path and name
id: get_package_name
run: |
echo "package_name=$(ls dist/*.whl | cut -d / -f 2)" >> $GITHUB_OUTPUT
- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: dist/${{ steps.get_package_name.outputs.package_name }}
asset_name: ${{ steps.get_package_name.outputs.package_name }}
asset_content_type: application/zip
- name: Upload to PyPi
env:
TWINE_USERNAME: __token__
run: python3 -m twine upload dist/*