-
-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added release workflow #48
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't correct – the PyPI docs are likely truncated and display only a truncated part of what is needed to be added. You'll need to build an sdist and a wheel in one job using pypa/build
(I like https://github.com/hynek/build-and-inspect-python-package), upload their artifacts, download them in another job, and and trigger the publishing from that job.
Also, you might have done this already, but please ensure that the name of the workflow file matches that set in the PyPI settings for pybamm-cookie
that you might have set up by now (if you have, please feel free to add us there!) and that the name of the environment you added matches the one in the environment:
section here, i.e., release
.
@agriyakhetarpal @Saransh-cpp sorry for the delay, could you verify if the release workflow is now valid? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this still isn't valid, but the structure is getting towards the right place!
- The idea is to build the sdist and wheel in an entirely separate job, upload them as artifacts (you're right – both can be kept in a
dist/
folder). - We don't need to set up
uv
, GHA runners come withpipx
by default, so you can just runpipx run build
instead ofpython -m build
. - Then, in a separate Ubuntu job, download the artifacts, and grant just that job
id-token: write
permissions – the separation of the jobs is important for security reasons: please read the end of the Trusted publishing section of the documentation.
Also, the latest release of pypa/gh-action-pypi-publish
is v1.9.0, could you update that and set it to point to the hash of the v1.9.0 commit? I'll suggest a change below for it.
Co-authored-by: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com>
Co-authored-by: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com>
Thanks for the fixes, @santacodes! Let's create the release in the meeting a short while from now. |
Added
release.yml
file referred from PyPI OIDC docs.