diff --git a/.github/workflows/release-pypi.yaml b/.github/workflows/release-pypi.yaml index 95836df..e489350 100644 --- a/.github/workflows/release-pypi.yaml +++ b/.github/workflows/release-pypi.yaml @@ -2,19 +2,15 @@ name: Publish to PyPI on: - workflow_call: - inputs: - tag: - type: string - required: true workflow_dispatch: inputs: tag: - description: 'Tag to publish (e.g. v0.1.0)' + description: 'Tag to publish (e.g. v0.1.0, v0.1.0.dev1)' type: string required: true permissions: + contents: read id-token: write jobs: @@ -22,12 +18,15 @@ jobs: name: Publish to PyPI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ inputs.tag }} + persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@v7 + with: + enable-cache: false - name: Build run: uv build --out-dir dist diff --git a/.github/workflows/trigger-release.yaml b/.github/workflows/trigger-release.yaml index ec16baf..8bad198 100644 --- a/.github/workflows/trigger-release.yaml +++ b/.github/workflows/trigger-release.yaml @@ -83,8 +83,26 @@ jobs: publish: needs: [bump-version, create-release] + runs-on: ubuntu-latest permissions: + contents: read id-token: write - uses: ./.github/workflows/release-pypi.yaml - with: - tag: v${{ needs.bump-version.outputs.new_version }} + steps: + - uses: actions/checkout@v6 + with: + ref: v${{ needs.bump-version.outputs.new_version }} + persist-credentials: false + + - name: Install uv + uses: astral-sh/setup-uv@v7 + with: + enable-cache: false + + - name: Build + run: uv build --out-dir dist + + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: dist/ + verbose: true