Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,21 @@ on:
types:
- published

# contents: read for checkout; id-token: write for PyPI Trusted Publishing (OIDC).
permissions:
contents: read
id-token: write

jobs:
publish:
runs-on: ubuntu-latest
environment: pypi # scopes the PyPI Trusted Publisher; hook for approval rules
steps:
- uses: actions/checkout@v6
- uses: extractions/setup-just@v4
- uses: astral-sh/setup-uv@v7
with:
cache-dependency-glob: "**/pyproject.toml"
# Auth via PyPI Trusted Publishing (OIDC); no PYPI_TOKEN. Needs a Trusted
# Publisher on the that-depends PyPI project (env: pypi, workflow: publish.yml).
- run: just publish
env:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
3 changes: 2 additions & 1 deletion Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@ lint-ci:
test *args:
uv run --no-sync pytest {{ args }}

# Auth via PyPI Trusted Publishing (OIDC); uv publish auto-detects the CI id-token.
publish:
rm -rf dist
uv version $GITHUB_REF_NAME
uv build
uv publish --token $PYPI_TOKEN
uv publish

hook:
uv run pre-commit install --install-hooks --overwrite
Expand Down
Loading