crytic-compile/.github/workflows/publish.yml at master · crytic/crytic-compile · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Publish to PyPI

on:
  release:
    types: [published]

permissions:
  contents: read

jobs:
  build-release:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          persist-credentials: false

      - name: Set up Python
        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8.0.0
        with:
          python-version: "3.10"

      - name: Build distributions
        run: uv build

      - name: Upload distributions
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
        with:
          name: crytic-compile-dists
          path: dist/

  publish:
    runs-on: ubuntu-latest
    environment: release
    permissions:
      id-token: write  # For trusted publishing + codesigning.
      contents: write  # For attaching signing artifacts to the release.
    needs:
      - build-release
    steps:
      - name: fetch dists
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
        with:
          name: crytic-compile-dists
          path: dist/

      - name: publish
        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # v1.14.0

      - name: sign
        uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc  # v3.3.0
        with:
          inputs: ./dist/*.tar.gz ./dist/*.whl
          release-signing-artifacts: true
          bundle-only: true