- Notifications
You must be signed in to change notification settings - Fork5.7k
Automate PyPI Releases#4364
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
18 commits Select commitHold shift + click to select a range
6e43bcb Update readme section on verification
Bibo-Joshifb2def2 Add a workflow for publishing to (Test) Pypi
Bibo-Joshibb14a65 Temporarily use random version numbers to enable multiple testpypi up…
Bibo-Joshi0bcc2ca temporarily run on pushes to this branch
Bibo-Joshif2a2929 Try fixing the condition for compute-signatures
Bibo-Joshi403d76e Try fixing the condition for compute-signatures - again
Bibo-Joshi7f50a28 update upload artifact version
Bibo-Joshibc92636 update download artifact version
Bibo-Joshif33b6b1 try getting the github release step to run
Bibo-Joshi7980ffe add some debug prints
Bibo-Joshib58ae39 do another test run
Bibo-Joshi433ca79 remove debug prints & adjust conditions for gh releases
Bibo-Joshi510d3a8 Revert "Temporarily use random version numbers to enable multiple tes…
Bibo-Joshi0b599ca Revert "temporarily run on pushes to this branch"
Bibo-Joshi7d8738f Slightly extend info on sigstore
Bibo-Joshi5aa3b64 typo
Bibo-Joshi3648f11 Merge branch 'refs/heads/master' into automate-pypi
Bibo-Joshi8ff2231 update name of gpg key
Bibo-JoshiFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
204 changes: 204 additions & 0 deletions.github/workflows/release_pypi.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,204 @@ | ||
| name: Publish to PyPI | ||
| on: | ||
| # Run on any tag | ||
| push: | ||
| tags: | ||
| - '**' | ||
| # manually trigger the workflow - for testing only | ||
| workflow_dispatch: | ||
| jobs: | ||
| build: | ||
| name: Build Distribution | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.x" | ||
| - name: Install pypa/build | ||
| run: >- | ||
| python3 -m pip install build --user | ||
| - name: Build a binary wheel and a source tarball | ||
| run: python3 -m build | ||
| - name: Store the distribution packages | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| publish-to-pypi: | ||
| name: Publish to PyPI | ||
| # only publish to PyPI on tag pushes | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | ||
| needs: | ||
| - build | ||
| runs-on: ubuntu-latest | ||
| environment: | ||
| name: release_pypi | ||
harshil21 marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| url: https://pypi.org/p/python-telegram-bot | ||
| permissions: | ||
| id-token: write # IMPORTANT: mandatory for trusted publishing | ||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| - name: Publish to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| publish-to-test-pypi: | ||
| name: Publish to Test PyPI | ||
| needs: | ||
| - build | ||
| runs-on: ubuntu-latest | ||
| environment: | ||
| name: release_test_pypi | ||
| url: https://test.pypi.org/p/python-telegram-bot | ||
| permissions: | ||
| id-token: write # IMPORTANT: mandatory for trusted publishing | ||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| - name: Publish to Test PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| repository-url: https://test.pypi.org/legacy/ | ||
| compute-signatures: | ||
| name: Compute SHA1 Sums and Sign with Sigstore | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - publish-to-pypi | ||
| - publish-to-test-pypi | ||
| # run if either of the publishing jobs ran successfully | ||
| # see also: | ||
| # https://github.com/actions/runner/issues/491#issuecomment-850884422 | ||
| if: | | ||
| always() && ( | ||
| (needs.publish-to-pypi.result == 'success') || | ||
| (needs.publish-to-test-pypi.result == 'success') | ||
| ) | ||
| permissions: | ||
| id-token: write # IMPORTANT: mandatory for sigstore | ||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions | ||
| path: dist/ | ||
| - name: Compute SHA1 Sums | ||
| run: | | ||
| # Compute SHA1 sum of the distribution packages and save it to a file with the same name, | ||
| # but with .sha1 extension | ||
| for file in dist/*; do | ||
| sha1sum $file > $file.sha1 | ||
| done | ||
harshil21 marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| - name: Sign the dists with Sigstore | ||
| uses: sigstore/gh-action-sigstore-python@v2.1.1 | ||
| with: | ||
| inputs: >- | ||
| ./dist/*.tar.gz | ||
| ./dist/*.whl | ||
| - name: Store the distribution packages and signatures | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: python-package-distributions-and-signatures | ||
| path: dist/ | ||
| github-release: | ||
| name: Upload to GitHub Release | ||
| needs: | ||
| - publish-to-pypi | ||
| - compute-signatures | ||
| if: | | ||
| always() && ( | ||
| (needs.publish-to-pypi.result == 'success') && | ||
| (needs.compute-signatures.result == 'success') | ||
| ) | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions-and-signatures | ||
| path: dist/ | ||
| - name: Create GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| # Create a GitHub Release for this tag. The description can be changed later, as for now | ||
| # we don't define it through this workflow. | ||
| run: >- | ||
| gh release create | ||
| '${{ github.ref_name }}' | ||
| --repo '${{ github.repository }}' | ||
| --generate-notes | ||
| - name: Upload artifact signatures to GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| # Upload to GitHub Release using the `gh` CLI. | ||
| # `dist/` contains the built packages, and the | ||
| # sigstore-produced signatures and certificates. | ||
| run: >- | ||
| gh release upload | ||
| '${{ github.ref_name }}' dist/** | ||
| --repo '${{ github.repository }}' | ||
| github-test-release: | ||
| name: Upload to GitHub Release Draft | ||
| needs: | ||
| - publish-to-test-pypi | ||
| - compute-signatures | ||
| if: | | ||
| always() && ( | ||
| (needs.publish-to-test-pypi.result == 'success') && | ||
| (needs.compute-signatures.result == 'success') | ||
| ) | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| steps: | ||
| - name: Download all the dists | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: python-package-distributions-and-signatures | ||
| path: dist/ | ||
| - name: Create GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| # Create a GitHub Release *draft*. The description can be changed later, as for now | ||
| # we don't define it through this workflow. | ||
| run: >- | ||
| gh release create | ||
| '${{ github.ref_name }}' | ||
| --repo '${{ github.repository }}' | ||
| --generate-notes | ||
| --draft | ||
| - name: Upload artifact signatures to GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| # Upload to GitHub Release using the `gh` CLI. | ||
| # `dist/` contains the built packages, and the | ||
| # sigstore-produced signatures and certificates. | ||
| run: >- | ||
| gh release upload | ||
| '${{ github.ref_name }}' dist/** | ||
| --repo '${{ github.repository }}' | ||
16 changes: 11 additions & 5 deletionsREADME.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
File renamed without changes.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.