From 02da99f4b0347042d799e5c5becc1a974c667202 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade Date: Tue, 6 Jun 2023 19:20:56 +0300 Subject: [PATCH] Use hynek/build-and-inspect-python-package --- .flake8 | 2 +- .github/workflows/deploy.yml | 80 ++++++++++++++++---------- .github/workflows/lint.yml | 3 + .github/workflows/require-pr-label.yml | 3 + 4 files changed, 58 insertions(+), 30 deletions(-) diff --git a/.flake8 b/.flake8 index f4546ad..2bcd70e 100644 --- a/.flake8 +++ b/.flake8 @@ -1,2 +1,2 @@ [flake8] -max_line_length = 88 +max-line-length = 88 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3846d7e..6594ecf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,49 +2,71 @@ name: Deploy on: push: - branches: - - main + branches: [main] + tags: ["*"] + pull_request: + branches: [main] release: types: - published workflow_dispatch: -jobs: - deploy: - if: github.repository_owner == 'pylast' - runs-on: ubuntu-latest +permissions: + contents: read - permissions: - # IMPORTANT: this permission is mandatory for trusted publishing - id-token: write +jobs: + # Always build & lint package. + build-package: + name: Build & verify package + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Set up Python - uses: actions/setup-python@v4 + - uses: hynek/build-and-inspect-python-package@v1 + + # Upload to Test PyPI on every commit on main. + release-test-pypi: + name: Publish in-dev package to test.pypi.org + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + needs: build-package + + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + steps: + - name: Download packages built by build-and-inspect-python-package + uses: actions/download-artifact@v3 with: - python-version: "3.x" - cache: pip - cache-dependency-path: pyproject.toml + name: Packages + path: dist - - name: Install dependencies - run: | - python -m pip install -U pip - python -m pip install -U build twine wheel - - - name: Build package - run: | - python -m build - twine check --strict dist/* - - - name: Publish package to PyPI - if: github.event.action == 'published' - uses: pypa/gh-action-pypi-publish@release/v1 - - - name: Publish package to TestPyPI + - name: Upload package to Test PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: repository-url: https://test.pypi.org/legacy/ + + # Upload to real PyPI on GitHub Releases. + release-pypi: + name: Publish released package to pypi.org + if: github.event.action == 'published' + runs-on: ubuntu-latest + needs: build-package + + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + + steps: + - name: Download packages built by build-and-inspect-python-package + uses: actions/download-artifact@v3 + with: + name: Packages + path: dist + + - name: Upload package to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c78a405..477218a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,6 +2,9 @@ name: Lint on: [push, pull_request, workflow_dispatch] +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest diff --git a/.github/workflows/require-pr-label.yml b/.github/workflows/require-pr-label.yml index 3b997b2..2d97091 100644 --- a/.github/workflows/require-pr-label.yml +++ b/.github/workflows/require-pr-label.yml @@ -8,6 +8,9 @@ jobs: label: runs-on: ubuntu-latest + permissions: + issues: write + steps: - uses: mheap/github-action-required-labels@v4 with: