0.13.0 #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # Trigger the workflow on a release event. | |
| # This will trigger the workflow when a release is published - so draft releases will not trigger the workflow. | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| publish: | |
| # Name of the job for the workflow. | |
| name: Publish Package to PyPI | |
| runs-on: ubuntu-latest | |
| # Get the oidc token with write permissions to upload the package to PyPI. | |
| # We have configured the trusted OIDC token in the pypi project settings. | |
| # See here: https://docs.pypi.org/trusted-publishers/using-a-publisher/ | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| # Use the Github Actions Environment to isolate the workflow from the rest of the repository. | |
| # See here: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/nodestream-plugin-akamai/ | |
| steps: | |
| # Checkout the repository subject to the release. | |
| - uses: actions/checkout@v4 | |
| # Install poetry to build the package. | |
| - name: Install poetry | |
| run: pipx install poetry | |
| # Set up Python 3.12 to build the package. | |
| # Python version here does not really matter as long as it works with | |
| # poetry because its simply building the package. We've confirmed functionality | |
| # with CI testing before this step. | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| cache: 'poetry' | |
| # Build the package using poetry. This will create a dist directory with the package. | |
| # Poetry isn't _special_ in the sense that it builds packages in some unique way. | |
| # Therefore, we can use poetry built packaes with PyPA's action for publishing packages below. | |
| # See: https://python-poetry.org/docs/cli/#build | |
| - name: Build Package | |
| run: poetry build | |
| # Publish the package to PyPI using the OIDC token and PyPA's action for publishing packages. | |
| # By default, this action will publish to the PyPI server and pull artifacts from the dist directory. | |
| # Dist directory is where poetry builds the package in the previous step. | |
| # See: | |
| # - https://github.com/marketplace/actions/pypi-publish | |
| # - https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| # We are then going to store the built package as an artifact. | |
| # This is so we can sign the package and upload it to the GitHub release. | |
| # this is being done as a seperate job so that we can minimize the permissions needed for the publish job. | |
| - name: Store the Built Package | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: python-package-distribution | |
| path: dist/ | |
| # We are then going to sign the package using Github's Attest Build Provenance action. | |
| # This action will sign the package and upload the signature to the GitHub release. | |
| # This is to ensure that the package is verified and trusted by the user. | |
| - uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: 'dist/*' |