File tree Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change 1+ on :
2+ release :
3+ types :
4+ - published
5+
6+ name : release
7+
8+ # Needed to access the workflow's OIDC identity.
9+ permissions :
10+ id-token : write
11+
12+ jobs :
13+ pypi :
14+ name : Build, sign and publish release to PyPI
15+ runs-on : ubuntu-latest
16+ steps :
17+ - uses : actions/checkout@v2
18+
19+ - uses : actions/setup-python@v2
20+
21+ - name : deps
22+ run : python -m pip install -U build
23+
24+ - name : build
25+ run : python -m build
26+
27+ - name : sign
28+ run : |
29+ # use the latest development changes for sigstore, at least
30+ # until things are stabilized further
31+ python -m pip install .
32+
33+ # retrieve the OIDC identity
34+ identity_token=$( \
35+ curl -H \
36+ "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
37+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sigstore" \
38+ | jq -r .value \
39+ )
40+
41+ # sign all package distributions using the OIDC identity
42+ python -m sigstore sign --identity-token=${identity_token} dist/*
43+
44+ name : publish
45+ uses : pypa/gh-action-pypi-publish@master
46+ with :
47+ user : __token__
48+ password : ${{ secrets.PYPI_TOKEN }}
You can’t perform that action at this time.
0 commit comments