Update dev (#1537) #982
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build & upload PyPI package | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["*"] | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| # Always build & lint package. | |
| build-package: | |
| name: Build & verify package | |
| runs-on: ubuntu-latest | |
| permissions: | |
| attestations: write # necessary for GitHub attestations | |
| id-token: write # necessary for GitHub attestations | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0 | |
| with: | |
| attest-build-provenance-github: 'true' | |
| # Upload to Test PyPI on every commit on main. | |
| release-test-pypi: | |
| name: Publish in-dev package to test.pypi.org | |
| environment: release-test-pypi | |
| if: github.repository_owner == 'python-attrs' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: build-package | |
| permissions: | |
| id-token: write # necessary for trusted publishing | |
| steps: | |
| - name: Download packages built by build-and-inspect-python-package | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: Packages | |
| path: dist | |
| - name: Upload package to Test PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| # Upload to real PyPI on GitHub Releases. | |
| release-pypi: | |
| name: Publish released package to pypi.org | |
| environment: release-pypi | |
| if: github.repository_owner == 'python-attrs' && github.event.action == 'published' | |
| runs-on: ubuntu-latest | |
| needs: build-package | |
| permissions: | |
| id-token: write # necessary for trusted publishing | |
| steps: | |
| - name: Download packages built by build-and-inspect-python-package | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: Packages | |
| path: dist | |
| - name: Upload package to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| attestations: true |