Allow publishing to pypi when tags are pushed #93
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,95 @@ | ||||||
| name: publish kyber-py to pypi | ||||||
|
|
||||||
| on: push | ||||||
|
|
||||||
| jobs: | ||||||
| build: | ||||||
| name: Build distribution | ||||||
| runs-on: ubuntu-latest | ||||||
|
|
||||||
| steps: | ||||||
| - uses: actions/checkout@v4 | ||||||
| with: | ||||||
| persist-credentials: false | ||||||
| - name: Set up Python | ||||||
| uses: actions/setup-python@v5 | ||||||
| with: | ||||||
| python-version: "3.x" | ||||||
| - name: Install pypa/build | ||||||
| run: >- | ||||||
| python3 -m | ||||||
| pip install | ||||||
| build | ||||||
| --user | ||||||
| - name: Build a binary wheel and a source tarball | ||||||
| run: python3 -m build | ||||||
| - name: Store the distribution packages | ||||||
| uses: actions/upload-artifact@v4 | ||||||
| with: | ||||||
| name: python-package-distributions | ||||||
| path: dist/ | ||||||
|
|
||||||
| publish-to-pypi: | ||||||
| name: >- | ||||||
| Publish Python distribution to PyPI | ||||||
| if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes | ||||||
| needs: | ||||||
| - build | ||||||
| runs-on: ubuntu-latest | ||||||
| environment: | ||||||
| name: pypi | ||||||
| url: https://pypi.org/p/kyber-py | ||||||
| permissions: | ||||||
| id-token: write # IMPORTANT: mandatory for trusted publishing | ||||||
|
|
||||||
| steps: | ||||||
| - name: Download all the dists | ||||||
| uses: actions/download-artifact@v4 | ||||||
| with: | ||||||
| name: python-package-distributions | ||||||
| path: dist/ | ||||||
| - name: Publish distribution to PyPI | ||||||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||||||
|
|
||||||
| github-release: | ||||||
| name: >- | ||||||
| Sign the Python distribution with Sigstore | ||||||
| and upload them to GitHub Release | ||||||
| needs: | ||||||
| - publish-to-pypi | ||||||
| runs-on: ubuntu-latest | ||||||
|
|
||||||
| permissions: | ||||||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||||||
| id-token: write # IMPORTANT: mandatory for sigstore | ||||||
|
|
||||||
| steps: | ||||||
| - name: Download all the dists | ||||||
| uses: actions/download-artifact@v4 | ||||||
| with: | ||||||
| name: python-package-distributions | ||||||
| path: dist/ | ||||||
| - name: Sign the dists with Sigstore | ||||||
| uses: sigstore/[email protected] | ||||||
| with: | ||||||
| inputs: >- | ||||||
| ./dist/*.tar.gz | ||||||
| ./dist/*.whl | ||||||
| - name: Create GitHub Release | ||||||
| env: | ||||||
| GITHUB_TOKEN: ${{ secrets.PYPI_API_TOKEN }} | ||||||
|
|
||||||
| run: >- | ||||||
| gh release create | ||||||
| "$GITHUB_REF_NAME" | ||||||
| --repo "$GITHUB_REPOSITORY" | ||||||
| --notes "" | ||||||
| - name: Upload artifact signatures to GitHub Release | ||||||
| env: | ||||||
| GITHUB_TOKEN: ${{ secrets.PYPI_API_TOKEN }} | ||||||
|
There was a problem hiding this comment. PyPI? Did you mean
Suggested change
There was a problem hiding this comment. I'm just using the API secret from pypi and the above is the name I gave it? There was a problem hiding this comment. @GiacomoPope the above There was a problem hiding this comment. So do I need to add the API token elsewhere, or is having There was a problem hiding this comment. For example, I have this: kyber-py/.github/workflows/ci.yml Line 183 in 7b1c1b2 There was a problem hiding this comment.
There was a problem hiding this comment. Oh, and what you linked is not a coveralls API token. It's a GitHub token that you happen to expose to the coveralls program. There was a problem hiding this comment. Oh right... I think I'm confusing myself. Last time I did a Pypi package I used Maturin and included
So I thought I needed the same here. My main question now is if I'm setting up a GitHub API token how to a properly link this to the Pypi API token I have generated. Sorry for ignorance on my behalf. I'm really a mathematician pretending I know how to code haha |
||||||
| # Upload to GitHub Release using the `gh` CLI. | ||||||
| # `dist/` contains the built packages, and the | ||||||
| # sigstore-produced signatures and certificates. | ||||||
| run: >- | ||||||
| gh release upload | ||||||
| "$GITHUB_REF_NAME" dist/** | ||||||
| --repo "$GITHUB_REPOSITORY" | ||||||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -1,3 +1,25 @@ | ||||||
| [build-system] | ||||||
| requires = ["hatchling"] | ||||||
| build-backend = "hatchling.build" | ||||||
|
|
||||||
| [project] | ||||||
| name = "kyber-py" | ||||||
| version = "0.1.0" | ||||||
|
There was a problem hiding this comment. shouldn't this be "1.0.0" ? we have https://github.com/GiacomoPope/kyber-py/releases/tag/v1.0 ... There was a problem hiding this comment. Perhaps, something newer since the repo advanced since?
Suggested change
There was a problem hiding this comment. what's the meaning of the dev0 part? I would be ok with 1.0.1 |
||||||
| requires-python = ">=3.9" | ||||||
| description = "A pure python implementation of ML-KEM (FIPS 203)" | ||||||
| readme = "README.md" | ||||||
| classifiers = [ | ||||||
| "Topic :: Security :: Cryptography", | ||||||
| "Programming Language :: Python :: 3", | ||||||
| "License :: OSI Approved :: MIT License", | ||||||
| ] | ||||||
| license = "MIT" | ||||||
| license-files = ["LICEN[CS]E*"] | ||||||
|
|
||||||
| [project.urls] | ||||||
| Homepage = "https://github.com/GiacomoPope/kyber-py" | ||||||
| Issues = "https://github.com/GiacomoPope/kyber-py/issues" | ||||||
|
|
||||||
| [tool.black] | ||||||
| line-length = 79 | ||||||
|
|
||||||
|
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's newer syntax available now: