-
-
Notifications
You must be signed in to change notification settings - Fork 18.7k
CI: add PyPI Trusted-Publishing “publish” job to wheels workflow (#61669) #61718
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
a419d40
abda427
6e9027c
e3e583d
9f9013e
4e4cc1e
d311ce4
6360900
c15c176
0332486
c675826
3cac6a5
45291a7
da41c89
409dcb4
50afff6
b94eb08
58cb179
7359e1b
f482759
0aa892f
da3c281
ba4c3bd
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,6 +13,8 @@ | |
name: Wheel builder | ||
|
||
on: | ||
release: | ||
types: [published] | ||
schedule: | ||
# 3:27 UTC every day | ||
- cron: "27 3 * * *" | ||
|
@@ -219,3 +221,42 @@ jobs: | |
source ci/upload_wheels.sh | ||
set_upload_vars | ||
upload_wheels | ||
publish: | ||
if: > | ||
github.repository == 'pandas-dev/pandas' && | ||
github.event_name == 'release' && | ||
startsWith(github.ref, 'refs/tags/v') | ||
needs: | ||
- build_sdist | ||
- build_wheels | ||
|
||
runs-on: ubuntu-latest | ||
|
||
environment: | ||
name: pypi | ||
permissions: | ||
id-token: write # OIDC for Trusted Publishing | ||
contents: read | ||
|
||
steps: | ||
- name: Download all artefacts | ||
uses: actions/download-artifact@v4 | ||
with: | ||
path: dist # everything lands in ./dist/** | ||
|
||
- name: Collect files | ||
run: | | ||
mkdir -p upload | ||
# skip any wheel that contains 'pyodide' | ||
find dist -name '*pyodide*.whl' -prune -o \ | ||
-name '*.whl' -exec mv {} upload/ \; | ||
find dist -name '*.tar.gz' -exec mv {} upload/ \; | ||
- name: Publish to **PyPI** (Trusted Publishing) | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
with: | ||
repository-url: https://upload.pypi.org/legacy/ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this line needed? (it's not included in the example in https://docs.pypi.org/trusted-publishers/using-a-publisher/) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's not necessary, and as far as I know there's no recommendation to hard-code it. When the upload API 2.0 PEP lands, in site this URL and action will change anyway. |
||
packages-dir: upload | ||
EvMossan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
skip-existing: true |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -445,9 +445,10 @@ which will be triggered when the tag is pushed. | |||||
- Set as the latest release: Leave checked, unless releasing a patch release for an older version | ||||||
(e.g. releasing 1.4.5 after 1.5 has been released) | ||||||
|
||||||
5. Upload wheels to PyPI:: | ||||||
|
||||||
twine upload pandas/dist/pandas-<version>*.{whl,tar.gz} --skip-existing | ||||||
5. Verify wheels are uploaded automatically by GitHub Actions | ||||||
via [**Trusted Publishing**](https://docs.pypi.org/trusted-publishers/) | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
(this file is still in rst, not markdown) |
||||||
when the GitHub [*Release*](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases) | ||||||
is published. Do not run ``twine upload`` manually. | ||||||
|
||||||
6. The GitHub release will after some hours trigger an | ||||||
`automated conda-forge PR <https://github.com/conda-forge/pandas-feedstock/pulls>`_. | ||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@EpicWink you suggested to add this, but I am wondering if that is needed? As I understand, this wheels.yml workflow will run on the commit pushed to main with a tag, and so that way it will already run for a release? And we can then upload the wheels from that run?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A GitHub release publish happens after a push, allowing you to review the CI, and write release notes in the GitHub release, before triggering the publish to PyPI. Up to you how you want the release workflow to be, if you want to publish unconditionally.