| on: |
| workflow_dispatch: |
| push: |
| tags: |
| - "*.*.*" |
| |
| name: release |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| build: |
| name: Build distributions for PyPI |
| runs-on: ubuntu-latest |
| |
| steps: |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| |
| - name: Set up Python |
| uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 |
| |
| - name: Install build dependencies |
| run: python -m pip install build |
| |
| - name: Build distributions |
| run: python -m build |
| |
| - name: Upload distributions |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| pypi: |
| name: Publish to PyPI |
| runs-on: ubuntu-latest |
| environment: release |
| |
| needs: |
| - build |
| |
| permissions: |
| # Used to authenticate to PyPI via OIDC. |
| id-token: write |
| |
| steps: |
| - name: fetch dists |
| uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| - name: publish |
| if: github.event_name == 'push' |
| uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 |
| with: |
| attestations: true |
