Publish Package to PyPI #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow publishes the zeusdb package to PyPI. | |
| # This workflow runs manually (via workflow_dispatch). | |
| # Enables trusted publishing to PyPi | |
| name: Publish Package to PyPI | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write # Required for trusted publishing | |
| attestations: write # Required for provenance | |
| jobs: | |
| build-and-publish: | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Install Tools | |
| run: pip install hatch twine | |
| - name: Build package | |
| run: hatch build | |
| - name: Inspect build artifacts | |
| run: | | |
| echo "Contents of dist/ directory:" | |
| ls -lh dist/ | |
| echo "" | |
| echo "File types of artifacts:" | |
| file dist/* || true | |
| - name: Validate distribution metadata with Twine | |
| run: twine check dist/* | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: 'dist/*' | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist |