Skip to content

v0.0.17

v0.0.17 #22

Workflow file for this run

on:
release:
types:
- published
name: release
permissions: {}
jobs:
build:
name: Build distributions 📦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version-file: pyproject.toml
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install pypa/build
run: python -m pip install -U build
- name: Build distributions
run: python -m build
- name: Upload distributions
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: distributions
path: dist/
generate-provenance:
name: Generate GitHub build provenances
runs-on: ubuntu-latest
needs: [build]
permissions:
id-token: write # to sign the provenance
attestations: write # to persist the attestation files
steps:
- name: Download distributions
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: distributions
path: dist/
- name: Create provenances
uses: actions/attest-build-provenance@v1
with:
subject-path: 'dist/*'
publish:
name: Publish Python 🐍 distributions 📦 to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/pypi-attestations
needs: [build]
permissions:
id-token: write # trusted publishing + attestations
steps:
- name: Download distributions
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: distributions
path: dist/
- name: publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: true