-
-
Notifications
You must be signed in to change notification settings - Fork 56
78 lines (75 loc) · 2.14 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Publish
on:
push:
branches:
- master
- larose/bullfrog
jobs:
build-and-check:
runs-on: ubuntu-22.04
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
steps:
- name: Bullfrog Secure Runner
uses: bullfrogsec/bullfrog@v0
with:
egress-policy: block
# allowed-domains: |
# auth.docker.io
# deb.debian.org
# files.pythonhosted.org
# production.cloudflare.docker.com
# pypi.org
# registry-1.docker.io
- run: |
sudo nft list ruleset
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Bootstrap
run: make ci.bootstrap
- name: Update version in pyproject.toml
run: make ci.update-version-in-pyproject
- name: Check
run: make check
- name: Upload dist directory
uses: actions/upload-artifact@v4
with:
name: dist-${{ matrix.python-version }}
path: dist
publish:
runs-on: ubuntu-22.04
needs: build-and-check
steps:
- uses: bullfrogsec/bullfrog@v0
with:
egress-policy: block
allowed-domains: |
files.pythonhosted.org
pypi.org
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Bootstrap
run: make ci.bootstrap
- name: Configure poetry
run: make ci.configure-poetry
env:
PYPI_API_TOKEN: ${{ secrets.pypi_api_token }}
TEST_PYPI_API_TOKEN: ${{ secrets.test_pypi_api_token }}
- name: Update version in pyproject.toml
run: make ci.update-version-in-pyproject
- name: Download dist directory
uses: actions/download-artifact@v4
with:
name: dist-3.8
path: dist
- name: Publish (Test PyPI)
run: make ci.publish.test-pypi
# - name: Publish
# run: make ci.publish.pypi