Pypi trusted publisher auth prototype #481
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenFisca France Local | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| openfisca-dependencies: [minimal, maximal] | |
| python-version: ["3.9.9", "3.10.6"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache build | |
| id: restore-build | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.pythonLocation }} | |
| key: build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| restore-keys: | # in case of a cache miss (systematically unless the same commit is built repeatedly), the keys below will be used to restore dependencies from previous builds, and the cache will be stored at the end of the job, making up-to-date dependencies available for all jobs of the workflow; see more at https://docs.github.com/en/actions/advanced-guides/caching-dependencies-to-speed-up-workflows#example-using-the-cache-action | |
| build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }} | |
| build-${{ env.pythonLocation }}- | |
| - name: Install test dependancies | |
| run: make install-test | |
| - name: Build package | |
| run: make build | |
| - name: Minimal version | |
| if: matrix.openfisca-dependencies == 'minimal' | |
| run: | # Installs the OpenFisca dependencies minimal version from setup.py | |
| pip install $(python ${GITHUB_WORKSPACE}/.github/get_minimal_version.py) | |
| - name: Cache release | |
| id: restore-release | |
| uses: actions/cache@v3 | |
| with: | |
| path: dist | |
| key: release-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| deploy: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| openfisca-dependencies: [maximal] | |
| needs: [ build ] | |
| permissions: | |
| # IMPORTANT: this permission is mandatory for trusted publishing | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all the tags | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9.9 | |
| - name: Cache build | |
| id: restore-build | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.pythonLocation }} | |
| key: build-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| - name: Cache release | |
| id: restore-release | |
| uses: actions/cache@v3 | |
| with: | |
| path: dist | |
| key: release-${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ github.sha }}-${{ matrix.openfisca-dependencies }} | |
| - name: Upload a Python package to PyPi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| # With statement only to specify testPy destination, Pypi is default | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| - name: Publish a git tag | |
| run: "${GITHUB_WORKSPACE}/.github/publish-git-tag.sh" |