Skip to content

Commit 53b44a6

Browse files
dolfinusdolfinus
committed
Use PyPI trusted publishing
1 parent b8d6b56 commit 53b44a6

File tree

2 files changed

+35
-82
lines changed

2 files changed

+35
-82
lines changed

.github/workflows/dev-release.yml

Lines changed: 19 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -7,65 +7,45 @@ on:
77
- pre-commit-ci-update-config
88
workflow_dispatch:
99

10-
jobs:
11-
wait-tests:
12-
name: Wait for tests
13-
runs-on: ubuntu-latest
10+
env:
11+
DEFAULT_PYTHON: '3.11'
1412

15-
steps:
16-
- uses: fountainhead/[email protected]
17-
id: wait-for-tests
18-
with:
19-
token: ${{ secrets.GITHUB_TOKEN }}
20-
checkName: Tests done
21-
ref: ${{ github.sha }}
22-
timeoutSeconds: 3600
23-
24-
- name: Fail the Build
25-
uses: cutenode/action-always-fail@v1
26-
if: steps.wait-for-tests.outputs.conclusion != 'success'
27-
28-
wait-codeql:
29-
name: Wait for CodeQL
30-
runs-on: ubuntu-latest
31-
32-
steps:
33-
- uses: fountainhead/[email protected]
34-
id: wait-for-codeql
35-
with:
36-
token: ${{ secrets.GITHUB_TOKEN }}
37-
checkName: Analyze
38-
ref: ${{ github.sha }}
39-
timeoutSeconds: 3600
40-
41-
- name: Fail the Build
42-
uses: cutenode/action-always-fail@v1
43-
if: steps.wait-for-codeql.outputs.conclusion != 'success'
13+
concurrency:
14+
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
15+
cancel-in-progress: true
4416

17+
jobs:
4518
release:
4619
name: Release package
4720
runs-on: ubuntu-latest
48-
needs: [wait-tests, wait-codeql]
21+
if: github.repository == 'dolfinus/setuptools-git-versioning' # prevent running on forks
22+
23+
environment:
24+
name: test-pypi
25+
url: https://test.pypi.org/p/onetl
26+
permissions:
27+
id-token: write # to auth in Test PyPI
4928

5029
steps:
5130
- name: Checkout code
5231
uses: actions/checkout@v3
5332
with:
5433
fetch-depth: 0
5534

56-
- name: Set up Python 3.11
35+
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
36+
id: python
5737
uses: actions/setup-python@v4
5838
with:
59-
python-version: '3.11'
39+
python-version: ${{ env.DEFAULT_PYTHON }}
6040

6141
- name: Cache pip
6242
uses: actions/cache@v3
6343
with:
6444
path: ~/.cache/pip
65-
key: ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
45+
key: ${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-${{ hashFiles('requirements*.txt') }}
6646
restore-keys: |
67-
${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
68-
${{ runner.os }}-python-3.11-release-
47+
${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-${{ hashFiles('requirements*.txt') }}
48+
${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-
6949
${{ runner.os }}-python
7050
${{ runner.os }}-
7151
@@ -88,5 +68,4 @@ jobs:
8868
- name: Publish package
8969
uses: pypa/gh-action-pypi-publish@release/v1
9070
with:
91-
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
9271
repository_url: https://test.pypi.org/legacy/

.github/workflows/release.yml

Lines changed: 16 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -5,65 +5,41 @@ on:
55
tags:
66
- v*
77

8-
jobs:
9-
wait-tests:
10-
name: Wait for tests
11-
runs-on: ubuntu-latest
12-
13-
steps:
14-
- uses: fountainhead/[email protected]
15-
id: wait-for-tests
16-
with:
17-
token: ${{ secrets.GITHUB_TOKEN }}
18-
checkName: Tests done
19-
ref: ${{ github.sha }}
20-
timeoutSeconds: 3600
21-
22-
- name: Fail the Build
23-
uses: cutenode/action-always-fail@v1
24-
if: steps.wait-for-tests.outputs.conclusion != 'success'
25-
26-
wait-codeql:
27-
name: Wait for CodeQL
28-
runs-on: ubuntu-latest
29-
30-
steps:
31-
- uses: fountainhead/[email protected]
32-
id: wait-for-codeql
33-
with:
34-
token: ${{ secrets.GITHUB_TOKEN }}
35-
checkName: Analyze
36-
ref: ${{ github.sha }}
37-
timeoutSeconds: 3600
38-
39-
- name: Fail the Build
40-
uses: cutenode/action-always-fail@v1
41-
if: steps.wait-for-codeql.outputs.conclusion != 'success'
8+
env:
9+
DEFAULT_PYTHON: '3.11'
4210

11+
jobs:
4312
release:
4413
name: Release package
4514
runs-on: ubuntu-latest
46-
needs: [wait-tests, wait-codeql]
15+
if: github.repository == 'dolfinus/setuptools-git-versioning' # prevent running on forks
16+
17+
environment:
18+
name: pypi
19+
url: https://pypi.org/p/onetl
20+
permissions:
21+
id-token: write # to auth in PyPI
22+
contents: write # to create Github release
4723

4824
steps:
4925
- name: Checkout code
5026
uses: actions/checkout@v3
5127
with:
5228
fetch-depth: 0
5329

54-
- name: Set up Python 3.11
30+
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
5531
uses: actions/setup-python@v4
5632
with:
57-
python-version: '3.11'
33+
python-version: ${{ env.DEFAULT_PYTHON }}
5834

5935
- name: Cache pip
6036
uses: actions/cache@v3
6137
with:
6238
path: ~/.cache/pip
63-
key: ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
39+
key: ${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-${{ hashFiles('requirements*.txt') }}
6440
restore-keys: |
65-
${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
66-
${{ runner.os }}-python-3.11-release-
41+
${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-${{ hashFiles('requirements*.txt') }}
42+
${{ runner.os }}-python-${{ env.DEFAULT_PYTHON }}-release-
6743
${{ runner.os }}-python
6844
${{ runner.os }}-
6945
@@ -96,8 +72,6 @@ jobs:
9672
9773
- name: Publish package
9874
uses: pypa/gh-action-pypi-publish@release/v1
99-
with:
100-
password: ${{ secrets.PYPI_API_TOKEN }}
10175

10276
- name: Create Github release
10377
id: create_release

0 commit comments

Comments
 (0)