diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fed36da..2f11f1e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,3 +57,21 @@ jobs: - name: lints run: ./s/lint + + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + persist-credentials: false + + - name: Install uv + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 + with: + enable-cache: true + + - name: build + run: uv build + + - name: check metadata + run: uvx twine check dist/* diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..421a88e --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,33 @@ +name: Publish + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + publish: + runs-on: ubuntu-latest + # PyPI trusted publishing is scoped to this environment + environment: pypi + permissions: + # required for trusted publishing (OIDC) + id-token: write + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + persist-credentials: false + + - name: Install uv + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 + with: + # avoid restoring a cache into a published artifact + enable-cache: false + + - name: Build + run: uv build + + - name: Publish + run: uv publish diff --git a/CHANGELOG.md b/CHANGELOG.md index 616618b..6b42bce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +# 0.9.0 - 2026-06-28 + - Migrate tooling to GitHub Actions, uv, and Ruff, and update the supported Python versions. +- Publish to PyPI from CI via trusted publishing. # 0.8.0 - 2025-04-25 diff --git a/README.md b/README.md index a37cbd1..742e5cb 100644 --- a/README.md +++ b/README.md @@ -53,10 +53,10 @@ s/lint # update CHANGELOG.md # commit release commit to GitHub +``` -# build and publish -uv build -uv publish +Then create a release in the GitHub UI. The `Publish` workflow builds the +package and uploads it to PyPI via [trusted publishing][trusted-publishing] +(OIDC, no API token). -# create a release in the GitHub UI -``` +[trusted-publishing]: https://docs.pypi.org/trusted-publishers/ diff --git a/pyproject.toml b/pyproject.toml index 40d8227..849d9dd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "codeowners" -version = "0.8.0" +version = "0.9.0" description = "Codeowners parser for Python" authors = [{ name = "Steve Dignam", email = "steve@dignam.xyz" }] readme = "README.md" diff --git a/uv.lock b/uv.lock index d1f4606..11d5312 100644 --- a/uv.lock +++ b/uv.lock @@ -58,7 +58,7 @@ wheels = [ [[package]] name = "codeowners" -version = "0.8.0" +version = "0.9.0" source = { editable = "." } [package.dev-dependencies]