Skip to content
Publish Python 🐍 distribution 📦 to PyPI or TestPyPI

Don't try to clobber glob files with ambiguous time stamps that fail … #174

Sign in to view logs

Don't try to clobber glob files with ambiguous time stamps that fail …

Don't try to clobber glob files with ambiguous time stamps that fail … #174

Workflow file for this run

.github/workflows/publish.yml at b0ab353
name: Publish Python 🐍 distribution 📦 to PyPI or TestPyPI
on:
release:
types: [published] # Only publish to pip when we formally publish a release
# For more on how to formally release on Github, read https://help.github.com/en/articles/creating-releases
push:
branches: [ master ]
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
build-distribution:
name: Build distribution 📦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Install pypa/build
run: >-
python3 -m
pip install
build
setuptools
wheel
twine
--user
- name: Bump package version with local extension
run: etc/ci/bump-package-version.sh ".dev$(date +%s)"
if: ${{ ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) }}
- name: Build a binary wheel and a source tarball
run: make dist PYTHON=python3
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
build-standalone:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
name: Build standalone ⛏️ ${{ matrix.os }} ${{ (matrix.os == 'windows-latest' && '🪟') || (matrix.os == 'macos-latest' && '🍎') || (matrix.os == 'ubuntu-latest' && '🐧') }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Install pyinstaller
run: >-
python3 -m
pip install
pyinstaller
- name: Build a standalone executable
run: make standalone
- name: Store the standalone packages
uses: actions/upload-artifact@v4
with:
name: python-standalone-${{ matrix.os }}
path: dist/
collect-standalone:
name: Collect standalone ⛏️
runs-on: ubuntu-latest
needs:
- build-standalone
steps:
- uses: actions/checkout@v4
- name: Download standalone ⛏️ Ubuntu
uses: actions/download-artifact@v4
with:
name: python-standalone-ubuntu-latest
path: dist-ubuntu/
- name: Download standalone ⛏️ Windows
uses: actions/download-artifact@v4
with:
name: python-standalone-windows-latest
path: dist-windows/
- name: Download standalone ⛏️ MacOS
uses: actions/download-artifact@v4
with:
name: python-standalone-macos-latest
path: dist-macos/
- run: |
mkdir -p dist
for os in ubuntu windows macos; do
pushd "dist-$os"
find .
rm -rf */_internal
for d in */; do
pushd "$d"
for i in *; do
echo "$i"
chmod +x "$i"
if [[ $i == *".exe" ]]; then
# If string ends with .exe, insert -os before .exe
mv "$i" "../../dist/${i/.exe/-${os}.exe}"
else
# Otherwise, just append -os
mv "$i" "../../dist/${i}-${os}"
fi
done
popd
done
popd
done
find dist/
ls -la dist/
tar -czvf standalone.tar.gz dist/
- name: Store the standalone ⛏️ packages
uses: actions/upload-artifact@v4
with:
name: python-standalone
path: standalone.tar.gz
publish-to-pypi:
name: >-
PiPI: Publish Python 🐍 distribution 📦
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes
needs:
- build-distribution
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/coq-tools
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
publish-to-testpypi:
name: >-
TestPyPI: Publish Python 🐍 distribution 📦
if: ${{ ( ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) ) && ( ! ( github.event.pull_request.head.repo.fork ) ) }} # only publish to TestPyPI on non-tag pushes to non-forks (forks don't have permission)
needs:
- build-distribution
runs-on: ubuntu-latest
environment:
name: testpypi
url: https://test.pypi.org/p/coq-tools
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
check-publish:
runs-on: ubuntu-latest
needs:
- publish-to-testpypi
- collect-standalone
if: ${{ always() && ! ( startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' ) }}
steps:
- run: echo 'The triggering workflow (publish-to-testpypi) passed'
if: ${{ needs.publish-to-testpypi.result == 'success' }}
- run: echo 'The triggering workflow (publish-to-testpypi) failed' && false
if: ${{ needs.publish-to-testpypi.result != 'success' }}
- run: echo 'The triggering workflow (collect-standalone) passed'
if: ${{ needs.collect-standalone.result == 'success' }}
- run: echo 'The triggering workflow (collect-standalone) failed' && false
if: ${{ needs.collect-standalone.result != 'success' }}
github-release:
name: >-
Sign the Python 🐍 distribution 📦 with Sigstore
and upload them to GitHub Release
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes
needs:
- publish-to-pypi
- collect-standalone
runs-on: ubuntu-latest
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Download standalone
uses: actions/download-artifact@v4
with:
name: python-standalone
path: .
- name: Unpack standalone
run: tar -xzvf standalone.tar.gz
- run: find dist
- run: ls -la dist
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: >-
./dist/*
- name: Upload artifact signatures to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
bump-package-version:
name: Bump package version
runs-on: ubuntu-latest
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} # only publish to PyPI on tag pushes
steps:
- uses: actions/checkout@v4
- name: Bump Package version
id: bumpPackageViaPush
run: |
etc/ci/bump-package-version.sh
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
git config http.sslVerify false
git config user.name "Automated Publisher"
git config user.email "actions@users.noreply.github.com"
git remote add publisher "${remote_repo}"
git remote update
git show-ref # useful for debugging
git branch --verbose
git checkout -b temp
git branch -D master || true
git checkout -b master publisher/master
git add pyproject.toml setup.py
timestamp=$(date -u)
git commit -m "Automated Package Version Bump: ${timestamp} ${GITHUB_SHA}"
git push publisher master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: always()
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: 'Package Version Bump'
body: >
This PR is auto-generated by
[create-pull-request](https://github.com/peter-evans/create-pull-request).
labels: automated pr
if: failure() && steps.bumpPackageViaPush.outcome == 'failure'