bolt-python/.github/workflows/pypi-release.yml at main · slackapi/bolt-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Upload A Release to pypi.org or test.pypi.org

on:
  release:
    types:
      - published
  workflow_dispatch:
    inputs:
      dry_run:
        description: "Dry run (build only, do not publish)"
        required: false
        type: boolean

jobs:
  release-build:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.event.release.tag_name || github.ref }}
          persist-credentials: false

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.x"

      - name: Build release distributions
        run: |
          scripts/build_pypi_package.sh

      - name: Persist dist folder
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: release-dist
          path: dist/

  test-pypi-publish:
    runs-on: ubuntu-latest
    needs:
      - release-build
    # Run this job for workflow_dispatch events when dry_run input is not 'true'
    # Note: The comparison is against a string value 'true' since GitHub Actions inputs are strings
    if: github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run != 'true'
    environment:
      name: testpypi
    permissions:
      id-token: write

    steps:
      - name: Retrieve dist folder
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: release-dist
          path: dist/

      - name: Publish release distributions to test.pypi.org
        # Using OIDC for PyPI publishing (no API tokens needed)
        # See: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          repository-url: https://test.pypi.org/legacy/

  pypi-publish:
    runs-on: ubuntu-latest
    needs:
      - release-build
    if: github.event_name == 'release'
    environment:
      name: pypi
    permissions:
      id-token: write

    steps:
      - name: Retrieve dist folder
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: release-dist
          path: dist/

      - name: Publish release distributions to pypi.org
        # Using OIDC for PyPI publishing (no API tokens needed)
        # See: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0