NetLicensingClient-python/.github/workflows/netlicensing-publish-testpypi.yml at 2afc75c4e1a13b849dfe71523782917ce5140672 · Labs64/NetLicensingClient-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Publishes the package to TestPyPI to smoke-test the publish pipeline.
#
# Triggers:
#   • Every push to master (validates the pipeline continuously; existing
#     versions are skipped so repeated pushes with the same version are safe).
#   • Manual dispatch from the Actions tab (workflow_dispatch).
#
# Authentication: uses TestPyPI Trusted Publisher (OIDC).  Configure a
# Trusted Publisher for this repo on test.pypi.org first:
#   https://docs.pypi.org/trusted-publishers/adding-a-publisher/
#
# If you prefer an API token instead, remove the `environment` + `permissions`
# blocks and uncomment:
#   password: ${{ secrets.TESTPYPI_API_TOKEN }}
# in the "Publish" step below.

name: Python Client - Publish to TestPyPI

on:
  push:
    branches: [master]
  workflow_dispatch:

# Restrict the default GITHUB_TOKEN to read-only.
# The publish job adds id-token: write for OIDC Trusted Publisher.
permissions:
  contents: read

jobs:
  test:
    name: "Test before publish"
    runs-on: ubuntu-latest
    # inherits workflow-level permissions: contents: read

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-python@v5
        with:
          python-version: "3.13"
          cache: pip

      - name: Install dependencies
        run: pip install -e ".[dev]"

      - name: Test with pytest
        run: pytest

  publish:
    name: "Build and publish to TestPyPI"
    runs-on: ubuntu-latest
    needs: test

    environment: testpypi
    permissions:
      id-token: write   # required for OIDC Trusted Publisher

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-python@v5
        with:
          python-version: "3.13"
          cache: pip

      - name: Install build tools
        run: pip install build twine

      - name: Build distribution
        run: python -m build

      - name: Check distribution metadata
        run: twine check dist/*

      - name: Publish to TestPyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: https://test.pypi.org/legacy/
          skip-existing: true   # same version from repeated master pushes is harmless
        # Uncomment the next line to use an API token instead of Trusted Publisher:
        # with:
        #   repository-url: https://test.pypi.org/legacy/
        #   password: ${{ secrets.TESTPYPI_API_TOKEN }}
        #   skip-existing: true