Add GitHub Actions workflow to publish to PyPI via Trusted Publishers #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to PyPI | |
| # Fires on every annotated tag matching vX.Y.Z. Draft / lightweight tags | |
| # won't fire — intentional, so you can experiment locally. | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| jobs: | |
| build: | |
| name: Build distributions | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build tooling | |
| run: python -m pip install --upgrade build | |
| - name: Build sdist and wheel | |
| run: python -m build | |
| - name: Upload built artefacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| publish: | |
| name: Publish to PyPI | |
| needs: build | |
| runs-on: ubuntu-latest | |
| # Must match the environment you registered on PyPI's pending publisher. | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/project/emailalias/ | |
| # Required for OIDC — gives Actions an id-token we hand to PyPI. | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download built artefacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI via Trusted Publishers | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| # No `password:` — OIDC handles auth. |