| on: |
| workflow_dispatch: |
| push: |
| tags: |
| - "*.*.*" |
| |
| name: release |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| build: |
| name: Build distributions for PyPI |
| runs-on: ubuntu-latest |
| |
| steps: |
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 |
| |
| - name: Set up Python |
| uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 |
| |
| - name: Install build dependencies |
| run: python -m pip install build |
| |
| - name: Build distributions |
| run: python -m build |
| |
| - name: Upload distributions |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| pypi: |
| name: Publish to PyPI |
| runs-on: ubuntu-latest |
| environment: release |
| |
| needs: |
| - build |
| |
| permissions: |
| # Used to authenticate to PyPI via OIDC. |
| id-token: write |
| |
| steps: |
| - name: fetch dists |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| - name: publish |
| if: github.event_name == 'push' |
| uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 |
| with: |
| attestations: true |
