From cb832bc4390e335501d1ceb5813c9167687ac6a1 Mon Sep 17 00:00:00 2001 From: Naveen M K Date: Sat, 14 Sep 2024 19:14:40 +0530 Subject: [PATCH] CI: use trusted publisher for PyPi publishing --- .github/workflows/build.yml | 113 ++++++++++++++---------------------- 1 file changed, 43 insertions(+), 70 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4c8daa05..98f22790 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -151,96 +151,69 @@ jobs: run: | bash packing/test_wheels.sh $(pwd) - publish_wheels: - needs: [test_wheels_mac, test_wheels_win] - name: Upload wheels - runs-on: ubuntu-latest - if: github.event_name== 'release' - steps: - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: "3.9" - - - uses: actions/download-artifact@v3 - with: - path: downloads/ - - - name: Publish release - if: github.event_name == 'release' - shell: bash - env: - TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} - run: | - mkdir -p wheelhouse/ - find downloads/ -name \*.whl -exec cp {} wheelhouse \; - pip install twine - twine upload wheelhouse/*.whl - build_sdist: name: Source distribution runs-on: ubuntu-latest - if: github.event_name== 'release' steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: - python-version: "3.8" + python-version: "3.11" - - name: Build Source Distribution - if: ${{ github.event_name== 'release' && runner.os == 'Linux' }} - env: - TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} + - name: Install dependencies run: | sudo apt install libcairo2-dev pkg-config python3-dev sudo apt-get install libpango1.0-dev - pip install twine - python setup.py sdist - twine upload dist/* + python -m pip install --upgrade build + + - name: Build sdist + run: python -m build --sdist + + - name: Test sdist + run: | + python -m pip install dist/*.tar.gz - name: Store artifacts uses: actions/upload-artifact@v3 with: path: dist/*.tar.gz - name: manimpango.tar.gz - - name: Install Dependency - run: pip install requests - - name: Get Upload URL - id: create_release - shell: python - env: - access_token: ${{ secrets.GITHUB_TOKEN }} - tag_act: ${{ github.ref }} + name: manimpango-src + + publish: + needs: [test_wheels_mac, test_wheels_win, build_sdist] + name: Upload wheels to PyPI + runs-on: ubuntu-latest + environment: + name: release + url: https://pypi.org/p/ManimPango + permissions: + id-token: write + contents: write + if: github.event_name== 'release' + steps: + - uses: actions/download-artifact@v3 + with: + path: downloads/ + + - name: Move files to dist run: | - import requests - import os - ref_tag = os.getenv('tag_act').split('/')[-1] - access_token = os.getenv('access_token') - headers = { - "Accept":"application/vnd.github.v3+json", - "Authorization": f"token {access_token}" - } - url = f"https://api.github.com/repos/ManimCommunity/manimpango/releases/tags/{ref_tag}" - c = requests.get(url,headers=headers) - upload_url=c.json()['upload_url'] - with open(os.environ.get("GITHUB_OUTPUT"), "w") as f: - print(f"upload_url={upload_url}", file=f) - print(f"tag_name={ref_tag[1:]}", file=f) - - name: Upload Release Asset - id: upload-release - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + mkdir -p dist/ + find downloads/ -name \*.whl -exec cp {} dist \; + find downloads/ -name \*.tar.gz -exec cp {} dist \; + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Release + uses: softprops/action-gh-release@v2 with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: dist/ManimPango-${{ steps.create_release.outputs.tag_name }}.tar.gz - asset_name: ManimPango-${{ steps.create_release.outputs.tag_name }}.tar.gz - asset_content_type: application/gzip + fail_on_unmatched_files: false + files: | + dist/*.whl + dist/*.tar.gz success: needs: [test_wheels_win, test_wheels_mac]