From 64b8e94e1dafa02d979e7753dab9b9dfd4d7341c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yolan=20Honor=C3=A9-Roug=C3=A9?= Date: Sun, 21 Apr 2024 21:18:06 +0200 Subject: [PATCH] :closed_lock_with_key: Use OIDC to authentify with PYPI and update dependencies versions --- .github/workflows/publish.yml | 38 +++++++++++++++-------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b1e47ab8..6ff42cb7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,40 +5,42 @@ on: workflow_dispatch jobs: deploy: runs-on: ubuntu-latest - strategy: - matrix: - python-version: [3.11] + environment: + name: release + permissions: + contents: write # IMPORTANT: this permission is mandatory to enable creating a release + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing env: PYTHON_PACKAGE: kedro_mlflow steps: - name: Checkout the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 # necessary to enable merging, all the history is needed - - name: Set up Python ${{ matrix.python-version }} + - name: Set up Python uses: actions/setup-python@v4 with: - python-version: ${{ matrix.python-version }} + python-version: "3.11" - name: Build package dist from source # A better way will be : https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ but pep 517 is still marked as experimental run: | pip install wheel python setup.py sdist bdist_wheel - - name: Set dynamically package version as output variable # see https://github.com/actions/create-release/issues/39 - # see https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable + - name: Set dynamically package version as output variable + # see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-setting-an-output-parameter id: set_package_version run: | - echo "::set-output name=PACKAGE_VERSION::$(cat $PYTHON_PACKAGE/__init__.py | grep -Po '\d+\.\d+\.\d+')" + echo "PACKAGE_VERSION=$(cat $PYTHON_PACKAGE/__init__.py | grep -Po '\d+\.\d+\.\d+')" >> "$GITHUB_OUTPUT" - name: Create temporary file with the body content for the release run: | grep -Poz "## \[${{steps.set_package_version.outputs.PACKAGE_VERSION}}] - \d{4}-\d{2}-\d{2}[\S\s]+?(?=## \[\d+\.\d+\.\d+\]|\[.+\]:)" CHANGELOG.md > release_body.md - - name: Create Release # https://github.com/actions/create-release + - name: Create Release id: create_release - uses: actions/create-release@v1.1.4 + uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token with: tag_name: ${{ steps.set_package_version.outputs.PACKAGE_VERSION }} - release_name: Release ${{ steps.set_package_version.outputs.PACKAGE_VERSION }} + name: Release ${{ steps.set_package_version.outputs.PACKAGE_VERSION }} body_path: ./release_body.md draft: false prerelease: false @@ -50,16 +52,8 @@ jobs: release_id: ${{ steps.create_release.outputs.id }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # - name: Publish distribution to Test PyPI # official action from python maintainers - # uses: pypa/gh-action-pypi-publish@release/v1 - # with: - # user: __token__ - # password: ${{ secrets.TEST_PYPI_PASSWORD }} - # repository_url: https://test.pypi.org/legacy/ - # verbose: true # trace if the upload fails - - name: Publish distribution to PyPI # official action from python maintainers + + - name: Publish package distributions to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.PYPI_PASSWORD }} verbose: true # trace if the upload fails