chore: update publish workflow to use trusted publishing and sdist only #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish to PyPI | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| jobs: | |
| build_and_publish: | |
| name: Build and publish to PyPI | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'release' || startsWith(github.ref, 'refs/tags/v') | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/qpro | |
| permissions: | |
| id-token: write # For trusted publishing | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| - name: Install build dependencies | |
| run: uv pip install --system build | |
| - name: Build source distribution only | |
| run: python -m build --sdist | |
| - name: List built packages | |
| run: ls -la dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| verbose: true | |
| skip-existing: true |