File tree Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change
1
+ on :
2
+ release :
3
+ types :
4
+ - published
5
+
6
+ name : release
7
+
8
+ # Needed to access the workflow's OIDC identity.
9
+ permissions :
10
+ id-token : write
11
+
12
+ jobs :
13
+ pypi :
14
+ name : Build, sign and publish release to PyPI
15
+ runs-on : ubuntu-latest
16
+ steps :
17
+ - uses : actions/checkout@v2
18
+
19
+ - uses : actions/setup-python@v2
20
+
21
+ - name : deps
22
+ run : python -m pip install -U build
23
+
24
+ - name : build
25
+ run : python -m build
26
+
27
+ - name : sign
28
+ run : |
29
+ # use the latest development changes for sigstore, at least
30
+ # until things are stabilized further
31
+ python -m pip install .
32
+
33
+ # retrieve the OIDC identity
34
+ identity_token=$( \
35
+ curl -H \
36
+ "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
37
+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sigstore" \
38
+ | jq -r .value \
39
+ )
40
+
41
+ # sign all package distributions using the OIDC identity
42
+ python -m sigstore sign --identity-token=${identity_token} dist/*
43
+
44
+ - name : publish
45
+ uses : pypa/gh-action-pypi-publish@master
46
+ with :
47
+ user : __token__
48
+ password : ${{ secrets.PYPI_TOKEN }}
You can’t perform that action at this time.
0 commit comments