-
Notifications
You must be signed in to change notification settings - Fork 58.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python: update PyPI publishing example #32146
base: main
Are you sure you want to change the base?
Changes from all commits
bcc298b
8e443a3
3fdab64
46247d5
7bec6da
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||
---|---|---|---|---|
|
@@ -44,8 +44,8 @@ | |||
{% data reusables.repositories.navigate-to-repo %} | ||||
{% data reusables.repositories.actions-tab %} | ||||
{% data reusables.actions.new-starter-workflow %} | ||||
1. The "{% ifversion actions-starter-template-ui %}Choose a workflow{% else %}Choose a workflow template{% endif %}" page shows a selection of recommended starter workflows. Search for "Python application". | ||||
Check warning on line 47 in content/actions/automating-builds-and-tests/building-and-testing-python.md GitHub Actions / lint-contentLiquid `ifversion` (and `elsif`) should not always be true
|
||||
1. On the "Python application" workflow, click {% ifversion actions-starter-template-ui %}**Configure**{% else %}**Set up this workflow**{% endif %}. | ||||
Check warning on line 48 in content/actions/automating-builds-and-tests/building-and-testing-python.md GitHub Actions / lint-contentLiquid `ifversion` (and `elsif`) should not always be true
|
||||
|
||||
{%- ifversion ghes %} | ||||
|
||||
|
@@ -217,7 +217,7 @@ | |||
|
||||
{% data variables.product.prodname_dotcom %}-hosted runners have the pip package manager installed. You can use pip to install dependencies from the PyPI package registry before building and testing your code. For example, the YAML below installs or upgrades the `pip` package installer and the `setuptools` and `wheel` packages. | ||||
|
||||
{% ifversion actions-caching %}You can also cache dependencies to speed up your workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/caching-dependencies-to-speed-up-workflows)."{% endif %} | ||||
Check warning on line 220 in content/actions/automating-builds-and-tests/building-and-testing-python.md GitHub Actions / lint-contentLiquid `ifversion` (and `elsif`) should not always be true
|
||||
|
||||
```yaml copy | ||||
steps: | ||||
|
@@ -247,7 +247,7 @@ | |||
pip install -r requirements.txt | ||||
``` | ||||
|
||||
{% ifversion actions-caching %} | ||||
Check warning on line 250 in content/actions/automating-builds-and-tests/building-and-testing-python.md GitHub Actions / lint-contentLiquid `ifversion` (and `elsif`) should not always be true
|
||||
|
||||
### Caching Dependencies | ||||
|
||||
|
@@ -392,11 +392,11 @@ | |||
if: {% raw %}${{ always() }}{% endraw %} | ||||
``` | ||||
|
||||
## Publishing to package registries | ||||
## Publishing to PyPI | ||||
|
||||
You can configure your workflow to publish your Python package to a package registry once your CI tests pass. This section demonstrates how you can use {% data variables.product.prodname_actions %} to upload your package to PyPI each time you [publish a release](/repositories/releasing-projects-on-github/managing-releases-in-a-repository). | ||||
You can configure your workflow to publish your Python package to PyPI once your CI tests pass. This section demonstrates how you can use {% data variables.product.prodname_actions %} to upload your package to PyPI each time you [publish a release](/repositories/releasing-projects-on-github/managing-releases-in-a-repository). | ||||
|
||||
For this example, you will need to create two [PyPI API tokens](https://pypi.org/help/#apitoken). You can use secrets to store the access tokens or credentials needed to publish your package. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)." | ||||
The example workflow below uses [Trusted Publishing](https://docs.pypi.org/trusted-publishers/) to authenticate with PyPI, eliminating the need for a manually configured API token. | ||||
|
||||
```yaml copy | ||||
{% data reusables.actions.actions-not-certified-by-github-comment %} | ||||
|
@@ -409,25 +409,59 @@ | |||
release: | ||||
types: [published] | ||||
|
||||
permissions: | ||||
contents: read | ||||
|
||||
jobs: | ||||
deploy: | ||||
release-build: | ||||
runs-on: ubuntu-latest | ||||
|
||||
steps: | ||||
- uses: {% data reusables.actions.action-checkout %} | ||||
- name: Set up Python | ||||
uses: {% data reusables.actions.action-setup-python %} | ||||
|
||||
- uses: {% data reusables.actions.action-setup-python %} | ||||
with: | ||||
python-version: '3.x' | ||||
- name: Install dependencies | ||||
python-version: "3.x" | ||||
|
||||
- name: Build release distributions | ||||
run: | | ||||
python -m pip install --upgrade pip | ||||
pip install build | ||||
- name: Build package | ||||
run: python -m build | ||||
- name: Publish package | ||||
uses: pypa/gh-action-pypi-publish@release/v1 | ||||
# NOTE: put your own distribution build steps here. | ||||
python -m pip install build | ||||
python -m build | ||||
|
||||
- name: Upload distributions | ||||
uses: {% data reusables.actions.action-upload-artifact %} | ||||
with: | ||||
password: {% raw %}${{ secrets.PYPI_API_TOKEN }}{% endraw %} | ||||
name: release-dists | ||||
path: dist/ | ||||
|
||||
pypi-publish: | ||||
runs-on: ubuntu-latest | ||||
|
||||
needs: | ||||
- release-build | ||||
|
||||
permissions: | ||||
# IMPORTANT: this permission is mandatory for trusted publishing | ||||
id-token: write | ||||
|
||||
# Dedicated environments with protections for publishing are strongly recommended. | ||||
# For more information, see: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules | ||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||
environment: | ||||
name: pypi | ||||
# OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: | ||||
# url: https://pypi.org/p/YOURPROJECT | ||||
|
||||
steps: | ||||
- name: Retrieve release distributions | ||||
uses: {% data reusables.actions.action-download-artifact %} | ||||
with: | ||||
name: release-dists | ||||
path: dist/ | ||||
|
||||
- name: Publish release distributions to PyPI | ||||
uses: pypa/gh-action-pypi-publish@release/v1 | ||||
``` | ||||
|
||||
For more information about the starter workflow, see [`python-publish`](https://github.com/actions/starter-workflows/blob/main/ci/python-publish.yml). | ||||
For more information about this workflow, including the PyPI settings | ||||
needed, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi). | ||||
Comment on lines
-433
to
+467
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. NB: This removes the link to the starter workflow, since it's also currently out-of-date. I'll send a PR updating it as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.