| --- |
| name: Build & upload PyPI package |
| |
| on: |
| push: |
| branches: [main] |
| tags: ["*"] |
| release: |
| types: |
| - published |
| workflow_dispatch: |
| |
| |
| jobs: |
| # Always build & lint package. |
| build-package: |
| name: Build & verify package |
| runs-on: ubuntu-latest |
| permissions: |
| attestations: write |
| id-token: write |
| |
| steps: |
| - uses: actions/checkout@v4 |
| with: |
| fetch-depth: 0 |
| persist-credentials: false |
| |
| - uses: hynek/build-and-inspect-python-package@v2 |
| with: |
| attest-build-provenance-github: 'true' |
| |
| |
| # Upload to Test PyPI on every commit on main. |
| release-test-pypi: |
| name: Publish in-dev package to test.pypi.org |
| environment: release-test-pypi |
| if: github.repository_owner == 'python-attrs' && github.event_name == 'push' && github.ref == 'refs/heads/main' |
| runs-on: ubuntu-latest |
| needs: build-package |
| |
| permissions: |
| id-token: write |
| |
| steps: |
| - name: Download packages built by build-and-inspect-python-package |
| uses: actions/download-artifact@v4 |
| with: |
| name: Packages |
| path: dist |
| |
| - name: Upload package to Test PyPI |
| uses: pypa/gh-action-pypi-publish@release/v1 |
| with: |
| attestations: true |
| repository-url: https://test.pypi.org/legacy/ |
| |
| |
| # Upload to real PyPI on GitHub Releases. |
| release-pypi: |
| name: Publish released package to pypi.org |
| environment: release-pypi |
| if: github.repository_owner == 'python-attrs' && github.event.action == 'published' |
| runs-on: ubuntu-latest |
| needs: build-package |
| |
| permissions: |
| id-token: write |
| |
| steps: |
| - name: Download packages built by build-and-inspect-python-package |
| uses: actions/download-artifact@v4 |
| with: |
| name: Packages |
| path: dist |
| |
| - name: Upload package to PyPI |
| uses: pypa/gh-action-pypi-publish@release/v1 |
| with: |
| attestations: true |
