| on: |
| workflow_dispatch: |
| push: |
| tags: |
| - "*.*.*" |
| |
| name: release |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| build: |
| name: Build distributions for PyPI |
| runs-on: ubuntu-latest |
| |
| steps: |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| |
| - name: Set up Python |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 |
| |
| - name: Install build dependencies |
| run: python -m pip install build |
| |
| - name: Build distributions |
| run: python -m build |
| |
| - name: Upload distributions |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| pypi: |
| name: Publish to PyPI |
| runs-on: ubuntu-latest |
| environment: release |
| |
| needs: |
| - build |
| |
| permissions: |
| # Used to authenticate to PyPI via OIDC. |
| id-token: write |
| |
| steps: |
| - name: fetch dists |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 |
| with: |
| name: certifi-dists |
| path: dist/ |
| |
| - name: publish |
| if: github.event_name == 'push' |
| uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 |
| with: |
| attestations: true |
