ci: add PyPI release workflow with trusted publishing

This commit is contained in:
MayersScott 2026-05-04 13:13:24 +03:00
parent 26c8ed6ee3
commit e75b91312f

84
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,84 @@
name: Release
on:
push:
tags:
- "v*.*.*"
permissions:
contents: read
jobs:
build:
name: Build sdist and wheel
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Verify tag matches pyproject version
run: |
TAG="${GITHUB_REF_NAME#v}"
PROJ=$(python -c "import tomllib,sys; print(tomllib.loads(open('pyproject.toml','rb').read().decode())['project']['version'])")
if [ "$TAG" != "$PROJ" ]; then
echo "::error::Tag $GITHUB_REF_NAME does not match pyproject version $PROJ"
exit 1
fi
echo "Tag and pyproject version match: $PROJ"
- name: Install build tooling
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build distributions
run: python -m build
- name: Check distributions
run: twine check --strict dist/*
- uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
publish-pypi:
name: Publish to PyPI
needs: build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/rkn-block-checker
permissions:
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
github-release:
name: Attach artifacts to GitHub Release
needs: publish-pypi
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
files: dist/*
generate_release_notes: true
fail_on_unmatched_files: true