Build, Test, and Publish Python Package to PyPI #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub Actions workflow for building, testing, and publishing a Python package to PyPI | |
| # using Trusted Publishing (OIDC) and a secure Environment. | |
| name: Build, Test, and Publish Python Package to PyPI | |
| # This triggers when a new "release" is published in the GitHub UI. | |
| # This is safer than publishing on every push to 'main'. | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build package | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip build | |
| - name: Build distributions | |
| run: | | |
| python -m build | |
| - name: Store package artifacts | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.4.0 | |
| with: | |
| name: python-package | |
| path: dist/* | |
| test: | |
| name: Run unit tests | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 # v4.2.2 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Download package artifacts | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: python-package | |
| path: dist | |
| - name: Install built package | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install dist/*.whl | |
| python -m pip install pytest | |
| - name: Run smoke tests | |
| run: | | |
| python3 -c " | |
| import tunix | |
| import tunix.models | |
| import tunix.generate | |
| import tunix.sft | |
| import tunix.distillation | |
| import tunix.rl | |
| print('All tunix modules imported successfully') | |
| " | |
| publish-to-pypi: | |
| name: Publish package to PyPI | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| # 1. IMPORTANT: Specify the environment | |
| # This tells GitHub to apply the 'release' environment's rules | |
| # and to include 'environment: release' in the OIDC token. | |
| environment: release | |
| # 2. IMPORTANT: Set permissions for OIDC | |
| # This gives the workflow write access to the OIDC token, | |
| # which is required for trusted publishing. | |
| permissions: | |
| id-token: write # Required for trusted publishing | |
| steps: | |
| - name: Download package artifacts | |
| # Retrieve the .whl and .tar.gz files from the 'build' job | |
| # Note: We download again here; jobs run on fresh VMs. | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: python-package | |
| path: dist/ | |
| - name: Publish package to PyPI | |
| # This is the official action for PyPI Trusted Publishing | |
| uses: pypa/gh-action-pypi-publish@v1 |