18
name: "Build distribution 📦"
19
runs-on: "ubuntu-latest"
21
hashes: ${{ steps.hash.outputs.hashes }}
24
- name: "Checkout repository"
25
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
29
- name: "Setup Python"
30
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
34
- name: "Install dependencies"
35
run: python -m pip install build==0.8.0
39
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) \
42
- name: "Generate hashes"
45
cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
47
- name: "Upload dists"
48
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
52
if-no-files-found: error
61
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
63
base64-subjects: "${{ needs.build.outputs.hashes }}"
66
publish-to-pypi-and-github:
67
name: "Publish to PyPI"
68
if: startsWith(github.ref, 'refs/tags/')
69
needs: ["build", "provenance"]
73
runs-on: "ubuntu-latest"
78
- name: "Download dists"
79
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
84
- name: "Upload dists to GitHub Release"
86
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
88
gh release upload ${{ github.ref_name }} dist/* --repo ${{ github.repository }}
90
- name: "Publish dists to PyPI"
91
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
94
name: "Publish to Test PyPI"
95
needs: ["build", "provenance"]
98
runs-on: "ubuntu-latest"
103
- name: "Download dists"
104
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
109
- name: "Publish dists to Test PyPI"
110
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
112
repository-url: https://test.pypi.org/legacy/