Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/casperdcl/deploy-pypi
Securely build and upload Python distributions to PyPI
https://github.com/casperdcl/deploy-pypi
actions deployment github-actions python upload
Last synced: 6 days ago
JSON representation
Securely build and upload Python distributions to PyPI
- Host: GitHub
- URL: https://github.com/casperdcl/deploy-pypi
- Owner: casperdcl
- License: other
- Created: 2020-03-06T00:48:12.000Z (over 4 years ago)
- Default Branch: v2
- Last Pushed: 2024-02-06T22:05:18.000Z (9 months ago)
- Last Synced: 2024-10-31T10:48:59.014Z (15 days ago)
- Topics: actions, deployment, github-actions, python, upload
- Homepage:
- Size: 49.8 KB
- Stars: 15
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# GitHub Action: PyPI Deployment
[](https://github.com/casperdcl/deploy-pypi/actions/workflows/test.yml)
Securely build and upload Python distributions to PyPI.
## Example
```yaml
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: casperdcl/deploy-pypi@v2
with:
build: --sdist --wheel --outdir dist .
# only upload if a tag is pushed (otherwise just build & check)
upload: ${{ github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') }}
```
## Why
PyPI Deployment:
- Supports `build`ing
+ supports customisable build requirements
+ supports customisable build command
+ supports [PEP517](https://www.python.org/dev/peps/pep-0517) projects lacking a `setup.py` file
- Supports GPG signing
- Each stage is optional (`build`, `check`, `sign` and `upload`)
- Uses a blazing fast native GitHub composite action
- Outputs names of files for upload (for convenience in subsequent steps)
- Has the entirety of the code in a [single file](https://github.com/casperdcl/deploy-pypi/blob/master/action.yml), making it very easy to review
+ If you are [extremely security conscious](https://github.com/casperdcl/deploy-pypi/issues/6#issuecomment-721954322) you can use a commit SHA of a version you've manually reviewed (e.g. `uses: casperdcl/deploy-pypi@`[3181cc0919c032ba42e365bd514e27442c54a3be](https://github.com/casperdcl/deploy-pypi/commit/3181cc0919c032ba42e365bd514e27442c54a3be))
The main alternative GitHub Action
[pypi-publish](https://github.com/marketplace/actions/pypi-publish)
currently does not offer the benefits above.
Other features (supported by both) include:
- Supports checking built files
- Supports skipping existing uploads
- Supports OIDC PyPI trusted publishing
## Inputs
You likely should specify exactly one of the following: `setup`, `build` or `pip`.
```yaml
inputs:
user:
description: PyPI username
default: __token__
password:
description: PyPI password or API token
required: false
registry_domain:
description: PyPI trusted publisher URL
required: false
default: https://upload.pypi.org
requirements:
description: Packages to `pip install` before building
default: twine wheel build
setup:
description: '`setup.py` command to run ("true" is a shortcut for "clean sdist -d bdist_wheel -d ")'
default: false
build:
description: '`python -m build` command to run ("true" is a shortcut for "-o ")'
default: false
pip:
description: '`pip` command to run ("true" is a shortcut for "wheel -w --no-deps .")'
default: false
check:
description: Whether to run basic checks on the built files
default: true
upload:
description: Whether to upload
default: true
dist_dir:
description: Directory containing distributions
default: dist
url:
description: Destination repository (package index) URL
default: ''
gpg_key:
description: GPG key to import for signing
default: ''
skip_existing:
description: Continue uploading files if one already exists
default: false
outputs:
whl:
description: Basename of *.whl for upload
targz:
description: Basename of *.tar.gz for upload
whl_asc:
description: Basename of *.whl.asc for upload (requires )
targz_asc:
description: Basename of *.tar.gz.asc for upload (requires )
```