9
9
release :
10
10
if :github.repository == 'python-gitlab/python-gitlab'
11
11
runs-on :ubuntu-latest
12
+ concurrency :release
12
13
permissions :
13
14
id-token :write
14
15
environment :pypi.org
@@ -17,19 +18,21 @@ jobs:
17
18
with :
18
19
fetch-depth :0
19
20
token :${{ secrets.RELEASE_GITHUB_TOKEN }}
20
- -name :mint API token
21
- id :mint-token
22
- run :|
23
- resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
24
- oidc_token=$(jq '.value' <<< "${resp}")
25
21
26
- resp=$(curl -X POST https://pypi.org/_/oidc/github/mint-token -d "{\"token\":${oidc_token}}")
27
- api_token=$(jq '.token' <<< "${resp}" | tr -d '"')
28
-
29
- echo "::add-mask::${api_token}"
30
- echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
31
22
-name :Python Semantic Release
32
- uses :relekang /python-semantic-release@v8.0.8
23
+ uses :python-semantic-release /python-semantic-release@v8.0.8
33
24
with :
34
25
github_token :${{ secrets.RELEASE_GITHUB_TOKEN }}
35
- pypi_token :${{ steps.mint-token.outputs.api-token }}
26
+
27
+ -name :Publish package distributions to PyPI
28
+ uses :pypa/gh-action-pypi-publish@release/v1
29
+ # NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true.
30
+ # See https://github.com/actions/runner/issues/1173
31
+ if :steps.release.outputs.released == 'true'
32
+
33
+ -name :Publish package distributions to GitHub Releases
34
+ # TODO: track tags after https://github.com/python-semantic-release/upload-to-gh-release/issues/2
35
+ uses :python-semantic-release/upload-to-gh-release@0f96c02a48278aff14251e9f1a0d73122a8c638b
36
+ if :steps.release.outputs.released == 'true'
37
+ with :
38
+ github_token :${{ secrets.GITHUB_TOKEN }}