Skip to content

ci: add python release signing dry run #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
negillett merged 3 commits into from
May 17, 2026
+78 −0
Merged

ci: add python release signing dry run #47

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3533b01
ci: add python release signing dry run
May 17, 2026
0e35822
ci: clarify python release dependency install
May 17, 2026
ee06071
ci: permit python release attestations
May 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .github/workflows/release-signing-dry-run.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: release signing dry run

on:
workflow_dispatch:
inputs:
release_version:
description: SemVer version to place in dry-run attestations.
required: true
default: 0.0.0-dryrun
type: string
release_ref:
description: Git ref to check out for the dry run.
required: true
default: refs/heads/main
type: string

jobs:
build-python-dists:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
artifact_paths: ${{ steps.dists.outputs.artifact_paths }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
ref: ${{ inputs.release_ref }}

- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
with:
python-version: '3.11'

- name: Install dependencies
run: |
python -m pip install --upgrade build
if [ -f pyproject.toml ]; then
pip install -e .
elif [ -f requirements.txt ]; then
pip install -r requirements.txt
fi

- name: Run tests
run: python -m unittest discover -s tests -v

- name: Build Python distributions
run: python -m build --outdir dist .

- name: Export distribution paths
id: dists
run: |
{
echo 'artifact_paths<<EOF'
find dist -maxdepth 1 -type f | sort
echo 'EOF'
} >> "$GITHUB_OUTPUT"

- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: python-release-dry-run
path: dist/*

sign-python-dists:
needs: build-python-dists
permissions:
attestations: write
contents: write
id-token: write
packages: write
Comment thread
cursor[bot] marked this conversation as resolved.
uses: IntentProof/intentproof-tools/.github/workflows/release-build-sign.yml@317387a9724787e4ac484f39de46d7e559b6c98d
with:
artifact_kind: generic
subject_name: intentproof-sdk-python
release_version: ${{ inputs.release_version }}
release_ref: ${{ inputs.release_ref }}
artifact_paths: ${{ needs.build-python-dists.outputs.artifact_paths }}
artifact_download_name: python-release-dry-run
artifact_download_path: dist
attest_to_rekor: false
Loading