|
2 | 2 | name: Build CI wheels |
3 | 3 |
|
4 | 4 | env: |
5 | | - # A tag or branch name or a commit hash for the scipy/scipy repo, for which |
| 5 | + # A tag or branch name or a commit hash for the matplotlib/matplotlib repo, for which |
6 | 6 | # to build wheels. This is normally set to `main` in the main branch of this |
7 | 7 | # repo, and to a tag name (e.g., `v2.3.2`) on a release branch. |
8 | 8 | SOURCE_REF_TO_BUILD: main |
@@ -227,36 +227,85 @@ jobs: |
227 | 227 | path: ./wheelhouse/*.whl |
228 | 228 | if-no-files-found: error |
229 | 229 |
|
230 | | - publish: |
231 | | - if: github.repository == 'matplotlib/matplotlib-release' && github.event_name == 'push' && github.ref_type == 'tag' |
232 | | - name: Upload release to PyPI |
233 | | - needs: [build_sdist, build_wheels] |
| 230 | + # ------------------------------------------------------------------------------------- |
| 231 | + testpypi-publish: |
| 232 | + name: Publish release to TestPyPI |
| 233 | + if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi' |
| 234 | + needs: [build_wheels, build_sdist] |
234 | 235 | runs-on: ubuntu-latest |
235 | | - environment: release |
| 236 | + environment: |
| 237 | + name: testpypi |
| 238 | + url: https://test.pypi.org/p/matplotlib |
236 | 239 | permissions: |
237 | | - id-token: write |
238 | | - attestations: write |
239 | | - contents: read |
| 240 | + id-token: write # mandatory for trusted publishing |
240 | 241 | steps: |
241 | | - - name: Download packages |
242 | | - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 |
| 242 | + - name: Download sdist and wheels |
| 243 | + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 |
243 | 244 | with: |
244 | 245 | pattern: cibw-* |
245 | 246 | path: dist |
246 | 247 | merge-multiple: true |
247 | 248 |
|
248 | | - - name: Print out packages |
249 | | - run: ls dist |
| 249 | + - name: Publish |
| 250 | + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 |
| 251 | + with: |
| 252 | + repository-url: https://test.pypi.org/legacy/ |
| 253 | + skip-existing: true |
| 254 | + print-hash: true |
| 255 | + attestations: true |
250 | 256 |
|
251 | | - - name: Run twine check |
252 | | - run: | |
253 | | - pip install twine |
254 | | - twine check dist/* |
| 257 | +# ------------------------------------------------------------------------------------- |
| 258 | + check_version: |
| 259 | + name: Ensure commit is tag before upload to PyPi |
255 | 260 |
|
256 | | - - name: Generate artifact attestation for sdist and wheel |
257 | | - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 |
| 261 | + if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'pypi' |
| 262 | + needs: [build_wheels, build_sdist] |
| 263 | + runs-on: ubuntu-latest |
| 264 | + steps: |
| 265 | + - name: Checkout matplotlib |
| 266 | + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
258 | 267 | with: |
259 | | - subject-path: dist/matplotlib-* |
| 268 | + repository: matplotlib/matplotlib |
| 269 | + ref: ${{ env.SOURCE_REF_TO_BUILD }} |
| 270 | + path: mpl-src |
| 271 | + fetch-depth: 0 |
| 272 | + fetch-tags: true |
| 273 | + submodules: false |
| 274 | + persist-credentials: false |
260 | 275 |
|
261 | | - - name: Publish package distributions to PyPI |
262 | | - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 |
| 276 | + - name: Examine git commit |
| 277 | + run: | |
| 278 | + cd mpl-src |
| 279 | + hash=$(git describe HEAD) |
| 280 | + echo $hash |
| 281 | + if [[ $hash == *"-"*"-"* ]]; then |
| 282 | + echo "SOURCE_REF_TO_BUILD is not a tag" |
| 283 | + exit 1 |
| 284 | + else |
| 285 | + echo "SOURCE_REF_TO_BUILD is a tag" |
| 286 | + fi; |
| 287 | +
|
| 288 | +# ------------------------------------------------------------------------------------- |
| 289 | + pypi-publish: |
| 290 | + name: Publish release to PyPI |
| 291 | + if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'pypi' |
| 292 | + needs: [check_version] |
| 293 | + runs-on: ubuntu-latest |
| 294 | + environment: |
| 295 | + name: pypi |
| 296 | + url: https://pypi.org/p/matplotlib |
| 297 | + permissions: |
| 298 | + id-token: write # mandatory for trusted publishing |
| 299 | + steps: |
| 300 | + - name: Download sdist and wheels |
| 301 | + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 |
| 302 | + with: |
| 303 | + pattern: cibw-* |
| 304 | + path: dist |
| 305 | + merge-multiple: true |
| 306 | + |
| 307 | + - name: Publish |
| 308 | + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 |
| 309 | + with: |
| 310 | + print-hash: true |
| 311 | + attestations: true |
0 commit comments