Skip to content

ci: add attestations (#631) #314

ci: add attestations (#631)

ci: add attestations (#631) #314

Workflow file for this run

name: CD
on:
workflow_dispatch:
push:
branches:
- master
- main
release:
types:
- published
jobs:
dist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build wheel and SDist
run: pipx run build
- uses: actions/upload-artifact@v4
with:
path: dist/*
- name: Check metadata
run: pipx run twine check --strict dist/*
zipapp:
name: ZipApp
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: wntrblm/nox@2024.04.15
with:
python-versions: "3.8"
- name: Make ZipApp
run: nox -s zipapp
- uses: actions/upload-artifact@v4
with:
name: zipapp
path: particle.pyz
publish:
needs: [dist]
runs-on: ubuntu-latest
if: github.event_name == 'release' && github.event.action == 'published'
environment:
name: pypi
url: https://pypi.org/p/particle
permissions:
id-token: write
attestations: write
steps:
- uses: actions/download-artifact@v4
with:
name: artifact
path: dist
- name: Generate artifact attestation for sdist and wheel
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-path: "dist/particle*"
- name: Upload package to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: true
- uses: actions/download-artifact@v4
with:
name: zipapp
path: zipapp
- name: Upload ZipApp
uses: softprops/action-gh-release@v2
with:
files: ./zipapp/particle.pyz
- name: Generate artifact attestation for zipapp
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-path: zipapp/particle.pyz