From 7e7bd7581af7b4d76cb8146574168362bdb47331 Mon Sep 17 00:00:00 2001 From: Jan Richter Date: Fri, 3 May 2024 15:11:54 +0200 Subject: [PATCH 1/2] PyPI release update This commit updates the pypi release process. It uses PyPI Trusted Publisher Management and gh-action-pypi-publish action instead of private token. This change will make our pypi process more simple and more secure. Reference: #5903 Signed-off-by: Jan Richter --- .github/workflows/release.yml | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 014c83956b..f6a5d87777 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -80,12 +80,25 @@ jobs: run: | make -f Makefile.gh build-update-readthedocs - run: echo "In a few minutes the release documentation will be available in https://${{ github.event.inputs.rtd_project }}.readthedocs.io/en/${{ github.event.inputs.version }}/" - - name: Upload to pypi - continue-on-error: true - env: - TWINE_USERNAME: ${{ secrets.PYPI_USER }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWD }} - run: make -f Makefile.gh update-pypi + + publish-to-pypi: + name: Publish Avocado to PyPI + needs: + - release + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/avocado-framework + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the wheels + uses: actions/download-artifact@v4 + with: + name: wheel + path: dist/ + - name: Publish avocado to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 build-and-publish-eggs: name: Build eggs and publish them From 61e7a5f1c79fcbd81d58046a77068c1411b603ef Mon Sep 17 00:00:00 2001 From: Jan Richter Date: Fri, 3 May 2024 16:17:07 +0200 Subject: [PATCH 2/2] Test-PyPI upload on pre-release This commit adds a new check to pre-release workflow to test the pypi upload by uploading the avocado build into test-pypi server. Reference: #5903 Signed-off-by: Jan Richter --- .github/workflows/prerelease.yml | 36 ++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 98fec37dd6..130883b157 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -90,3 +90,39 @@ jobs: name: job-results-deployment path: /github/home/avocado/job-results/ retention-days: 1 + + package-build: + name: Build Package (wheel/tarball) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Build tarballs and wheels + run: make -f Makefile.gh build-wheel check-wheel + - name: Save tarballs and wheels as artifacts + uses: actions/upload-artifact@v4 + with: + name: tarballs_and_wheels + path: ${{github.workspace}}/PYPI_UPLOAD/ + retention-days: 1 + - run: echo "🥑 This job's status is ${{ job.status }}." + + publish-to-test-pypi: + name: Publish Avocado to TestPyPI + needs: + - package-build + runs-on: ubuntu-latest + environment: + name: testpypi + url: https://test.pypi.org/p/avocado-framework + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the wheels + uses: actions/download-artifact@v4 + with: + name: tarballs_and_wheels + path: dist/ + - name: Publish avocado to test PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/