Skip to content

Commit b946882

Browse files
PastelStormPastelStorm
committed
Enable trusted publishing
1 parent a2bd721 commit b946882

File tree

1 file changed

+18
-13
lines changed

1 file changed

+18
-13
lines changed

.github/workflows/release.yml

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,11 @@ on:
77

88
permissions:
99
contents: read
10-
id-token: write
10+
id-token: write # Required for PyPI trusted publishing / attestations
11+
12+
concurrency:
13+
group: release
14+
cancel-in-progress: false
1115

1216
env:
1317
PYTHON_VERSION: "3.12"
@@ -16,17 +20,18 @@ jobs:
1620
release:
1721
runs-on: ubuntu-latest
1822
steps:
19-
- uses: actions/checkout@v4
23+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
24+
2025
- name: Install uv
21-
uses: astral-sh/setup-uv@v5
26+
uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
2227
with:
2328
python-version: ${{ env.PYTHON_VERSION }}
2429

2530
- name: Set up Python
2631
run: uv python install
2732

2833
- name: Install dependencies
29-
run: uv sync --locked --group release
34+
run: uv sync --locked --only-group release --no-install-project
3035

3136
- name: Validate version matches release tag
3237
env:
@@ -39,16 +44,15 @@ jobs:
3944
fi
4045
4146
- name: Build artifact
42-
run: |
43-
uv build
47+
id: build
48+
run: uv build
4449

4550
- name: Publish package
46-
uses: pypa/gh-action-pypi-publish@release/v1
47-
with:
48-
password: ${{ secrets.PYPI_API_TOKEN }}
49-
skip-existing: true
51+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
5052

53+
# Best-effort: attempt Azure upload even if PyPI fails, but only if build succeeded.
5154
- name: Create .pypirc for Azure Artifacts
55+
if: always() && steps.build.outcome == 'success'
5256
run: |
5357
cat <<EOF > ~/.pypirc
5458
[distutils]
@@ -62,15 +66,16 @@ jobs:
6266
EOF
6367
6468
- name: Publish package to Azure Artifacts
69+
if: always() && steps.build.outcome == 'success'
6570
run: |
6671
EXIT_CODE=0
6772
uv run --no-sync twine upload -r azure dist/* || EXIT_CODE=$?
6873
if [[ $EXIT_CODE -eq 0 ]]; then
69-
echo "Successfully published to Azure Artifacts (or already existed)"
74+
echo "Successfully published to Azure Artifacts (or already existed)"
7075
else
71-
echo "Azure Artifacts upload failed, but PyPI upload succeeded"
76+
echo "Azure Artifacts upload failed, but PyPI upload succeeded"
7277
if [[ $EXIT_CODE -eq 1 ]]; then
73-
echo "⚠️ This may be due to version conflicts or connectivity issues"
78+
echo "This may be due to version conflicts or connectivity issues"
7479
fi
7580
echo "This is non-critical - the package is available on PyPI"
7681
fi

0 commit comments

Comments
 (0)