-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Convert publishing workflow to pallets-eco (#1016)
- Loading branch information
Showing
3 changed files
with
111 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
name: Lock inactive closed issues | ||
# Lock closed issues that have not received any further activity for two weeks. | ||
# This does not close open issues, only humans may do that. It is easier to | ||
# respond to new issues with fresh examples rather than continuing discussions | ||
# on old issues. | ||
|
||
on: | ||
schedule: | ||
- cron: '0 0 28 * *' | ||
permissions: | ||
issues: write | ||
pull-requests: write | ||
concurrency: | ||
group: lock | ||
jobs: | ||
lock: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 | ||
with: | ||
issue-inactive-days: 14 | ||
pr-inactive-days: 14 | ||
discussion-inactive-days: 14 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
name: Publish | ||
on: | ||
push: | ||
tags: | ||
- '*' | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
hash: ${{ steps.hash.outputs.hash }} | ||
steps: | ||
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | ||
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | ||
with: | ||
python-version: '3.x' | ||
cache: pip | ||
cache-dependency-path: requirements*/*.txt | ||
# Use the commit date instead of the current date during the build. | ||
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV | ||
- name: Create dist | ||
run: > | ||
python -m pip install -U pip | ||
pip install tox | ||
tox -e makedist | ||
# Generate hashes used for provenance. | ||
- name: generate hash | ||
id: hash | ||
run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT | ||
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | ||
with: | ||
path: ./dist | ||
provenance: | ||
needs: [build] | ||
permissions: | ||
actions: read | ||
id-token: write | ||
contents: write | ||
# Can't pin with hash due to how this workflow works. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 | ||
with: | ||
base64-subjects: ${{ needs.build.outputs.hash }} | ||
create-release: | ||
# Upload the sdist, wheels, and provenance to a GitHub release. They remain | ||
# available as build artifacts for a while as well. | ||
needs: [provenance] | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
steps: | ||
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | ||
- name: create release | ||
run: > | ||
gh release create --draft --repo ${{ github.repository }} | ||
${{ github.ref_name }} | ||
*.intoto.jsonl/* artifact/* | ||
env: | ||
GH_TOKEN: ${{ github.token }} | ||
publish-pypi: | ||
needs: [provenance] | ||
# Wait for approval before attempting to upload to PyPI. This allows reviewing the | ||
# files in the draft release. | ||
environment: | ||
name: publish | ||
url: https://pypi.org/project/Flask-Security/${{ github.ref_name }} | ||
runs-on: ubuntu-latest | ||
permissions: | ||
id-token: write | ||
steps: | ||
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | ||
- uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 | ||
with: | ||
packages-dir: artifact/ | ||
|
||
publish-pypi-too: | ||
needs: [ provenance ] | ||
# Wait for approval before attempting to upload to PyPI. This allows reviewing the | ||
# files in the draft release. | ||
environment: | ||
name: publish | ||
url: https://pypi.org/project/Flask-Security-Too/${{ github.ref_name }} | ||
runs-on: ubuntu-latest | ||
permissions: | ||
id-token: write | ||
steps: | ||
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | ||
- uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 | ||
with: | ||
packages-dir: artifact/ |
This file was deleted.
Oops, something went wrong.