From 5d5e9778ce74523370f3eef5cb2ce94c5f80b43c Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 4 Nov 2025 18:25:24 +0000 Subject: [PATCH 1/2] Workflow for publishing to TestPyPI. --- .github/workflows/publish-reusable.yml | 81 ++++++++++++++++++++++ .github/workflows/publish-to-testpypi.yaml | 25 +++++++ 2 files changed, 106 insertions(+) create mode 100644 .github/workflows/publish-reusable.yml create mode 100644 .github/workflows/publish-to-testpypi.yaml diff --git a/.github/workflows/publish-reusable.yml b/.github/workflows/publish-reusable.yml new file mode 100644 index 0000000..7c8450d --- /dev/null +++ b/.github/workflows/publish-reusable.yml @@ -0,0 +1,81 @@ +name: Publish (reusable workflow) + +on: + workflow_call: + inputs: + version: + description: 'Version number or tag for the release. For example: v1.0.1' + required: true + type: string + release_notes: + description: 'Release notes' + required: true + type: string + repository_url: + description: 'This is the repository-url parameter for pypa/gh-action-pypi-publish' + required: true + type: string + environment: + description: 'PyPI/TestPyPI name and url are required' + type: environment + required: true + secrets: + GH_TOKEN: + required: true + +permissions: + contents: write + id-token: write # For trusted publishing + +jobs: + publish: + name: Build + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GITHUB_REPO: ${{ github.repository }} + + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + with: + python-version: "3.13" + + - name: Install Hatch + run: pip install --upgrade hatch + + - name: Build the wheel + run: python3 -m hatch build + + - name: Upload artifacts + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: python-package-distributions + path: dist/ + + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + with: + repository-url: ${{ inputs.repository_url }} + + - name: Sign with sigstore + uses: sigstore/gh-action-sigstore-python@f832326173235dcb00dd5d92cd3f353de3188e6c # v3.1.0 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + + - name: Create GitHub Release + env: + VERSION: ${{ inputs.version }} + NOTES: ${{ inputs.release_notes }} + run: gh release create $VERSION --repo $GITHUB_REPO --notes "" + + - name: Upload GitHub Release + env: + VERSION: ${{ inputs.version }} + run: gh release upload $VERSION dist/** --repo $GITHUB_REPO diff --git a/.github/workflows/publish-to-testpypi.yaml b/.github/workflows/publish-to-testpypi.yaml new file mode 100644 index 0000000..173c406 --- /dev/null +++ b/.github/workflows/publish-to-testpypi.yaml @@ -0,0 +1,25 @@ +name: Publish to TestPyPI + +on: + workflow_dispatch: + inputs: + version: + description: 'Version name for release' + required: true + +jobs: + publish: + name: Publish wheel to TestPyPI + permissions: + contents: write + id-token: write # For trusted publishing + uses: .github/workflows/publish-reusable.yml@main + with: + version: ${{ inputs.version }} + release_notes: ${{ github.head_ref }} + repository_url: https://test.pypi.org/legacy/ + environment: + name: testpypi + url: https://test.pypi.org/p/seclab-taskflow-agent2 + secrets: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e3c5fd15b6b694c35a2a2c2e5d5f2a84fd0d9eaf Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Wed, 5 Nov 2025 08:39:07 +0000 Subject: [PATCH 2/2] Update .github/workflows/publish-reusable.yml --- .github/workflows/publish-reusable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-reusable.yml b/.github/workflows/publish-reusable.yml index 7c8450d..24bea0f 100644 --- a/.github/workflows/publish-reusable.yml +++ b/.github/workflows/publish-reusable.yml @@ -73,7 +73,7 @@ jobs: env: VERSION: ${{ inputs.version }} NOTES: ${{ inputs.release_notes }} - run: gh release create $VERSION --repo $GITHUB_REPO --notes "" + run: gh release create $VERSION --repo $GITHUB_REPO --notes $NOTES - name: Upload GitHub Release env: