From a026d0a6f3961ccee3978faed2fd60c7f076e30c Mon Sep 17 00:00:00 2001 From: Jean-Christophe Morin Date: Sat, 18 Nov 2023 16:46:53 -0500 Subject: [PATCH] Publish to PyPI using https://docs.pypi.org/trusted-publishers/ Signed-off-by: Jean-Christophe Morin --- .github/workflows/pypi.yaml | 19 ++++++++++++------- pyproject.toml | 3 +++ setup.py | 2 +- 3 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 pyproject.toml diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml index 7908911cea..f36f0f3ca1 100644 --- a/.github/workflows/pypi.yaml +++ b/.github/workflows/pypi.yaml @@ -5,9 +5,13 @@ on: jobs: publish: - name: Publish to PyPi + name: Publish to PyPI runs-on: ubuntu-latest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + steps: - name: Checkout uses: actions/checkout@v4 @@ -15,18 +19,19 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: 3 + python-version: 3.11 - name: Install Dependencies run: | - pip install wheel + pip install build - name: Build rez run: | - python setup.py sdist bdist_wheel + python -m build --sdist --wheel --outdir dist . - - name: Upload to PyPi + # Note that we don't need credentials. + # We rely on https://docs.pypi.org/trusted-publishers/. + - name: Upload to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: '${{ secrets.PYPI_API_TOKEN }}' + packages-dir: dist diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000000..fed528d4a7 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" diff --git a/setup.py b/setup.py index 132782a82c..ee918a38f4 100644 --- a/setup.py +++ b/setup.py @@ -52,7 +52,7 @@ def find_files(pattern, path=None, root="rez"): setup( - name="rez", + name="jcmorin-rez", version=_rez_version, description=("A cross-platform packaging system that can build and " "install multiple version of packages, and dynamically "