Update the release.yml file

This now more closely follows the guidance provided about this.
2024-04-27 11:59:47 +01:00 · 2024-04-27 11:59:47 +01:00 · e157950f17
parent e1a55d58fe
commit e157950f17
1 changed files with 84 additions and 34 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -2,47 +2,97 @@
 # and then try to upload to TestPyPI. The second step seems to be consistently
 # failing. :)

-name: Release
-on:
-  push:
-    tags:
-      - "*"
-
-permissions:
-  id-token: write
-  contents: write
+name: Build and release
+on: [push]

 jobs:
  build:
    runs-on: ubuntu-latest
+
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-
-      - name: Install dependencies
-        run: pip install build
-
-      - name: Generate final distribution
-        run: python -m build
-
-      - name: Upload source distribution as an action artifact
-        uses: actions/upload-artifact@v4
+      - uses: actions/setup-python@v4
        with:
-          name: sdist
-          path: dist/furo-*.tar.gz
-      - name: Upload wheel distribution as an action artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: wheel
-          path: dist/furo-*-py3-none-any.whl
+          python-version: "3.x"

-      - name: Make a GitHub Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: dist/*
+      - run: pip install build
+      - run: python -m build

-      - name: Upload to TestPyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: actions/upload-artifact@v4
        with:
-          repository_url: https://test.pypi.org/legacy/
-          verbose: true
+          name: distributions
+          path: dist/
+
+  publish-pypi:
+    runs-on: ubuntu-latest
+
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: [build]
+
+    environment:
+      name: release
+    permissions:
+      id-token: write
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - uses: pypa/gh-action-pypi-publish@release/v1
+
+  publish-testpypi:
+    runs-on: ubuntu-latest
+
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: [build]
+
+    environment:
+      name: release
+    permissions:
+      id-token: write
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  github-release:
+    runs-on: ubuntu-latest
+
+    needs: [publish-to-testpypi]
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - uses: sigstore/gh-action-sigstore-python@v1.2.3
+        with:
+          inputs: ./dist/*.tar.gz ./dist/*.whl
+
+      - name: Create a GitHub release
+        run: >-
+          gh release create --repo '${{ github.repository }}'
+          '${{ github.ref_name }}'
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Upload signed release files to GitHub release
+        run: >-
+          gh release upload --repo '${{ github.repository }}'
+          '${{ github.ref_name }}'
+          dist/**
+        env:
+          GITHUB_TOKEN: ${{ github.token }}