Skip to content

Commit 61218dd

Browse files
authored
Switch to PyPi trusted publishing (#1349)
1 parent 331c15b commit 61218dd

4 files changed

Lines changed: 72 additions & 62 deletions

File tree

.github/workflows/.hatch-run.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,6 @@ on:
2020
secrets:
2121
node-auth-token:
2222
required: false
23-
pypi-username:
24-
required: false
25-
pypi-password:
26-
required: false
2723

2824
jobs:
2925
hatch:
@@ -60,6 +56,4 @@ jobs:
6056
- name: Run Scripts
6157
env:
6258
NPM_CONFIG_TOKEN: ${{ secrets.node-auth-token }}
63-
HATCH_INDEX_USER: ${{ secrets.pypi-username }}
64-
HATCH_INDEX_AUTH: ${{ secrets.pypi-password }}
6559
run: ${{ inputs.run-cmd }}

.github/workflows/codeql-analysis.yml

Lines changed: 47 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -12,60 +12,60 @@
1212
name: codeql
1313

1414
on:
15-
push:
16-
branches: [main]
17-
pull_request:
18-
# The branches below must be a subset of the branches above
19-
branches: [main]
20-
schedule:
21-
- cron: "43 3 * * 3"
15+
push:
16+
branches: [main]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches: [main]
20+
schedule:
21+
- cron: "43 3 * * 3"
2222

2323
jobs:
24-
analyze:
25-
name: Analyze
26-
runs-on: ubuntu-latest
27-
permissions:
28-
actions: read
29-
contents: read
30-
security-events: write
24+
analyze:
25+
name: Analyze
26+
runs-on: ubuntu-latest
27+
permissions:
28+
actions: read
29+
contents: read
30+
security-events: write
3131

32-
strategy:
33-
fail-fast: false
34-
matrix:
35-
language: ["javascript", "python"]
36-
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
37-
# Learn more:
38-
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
32+
strategy:
33+
fail-fast: false
34+
matrix:
35+
language: ["javascript", "python"]
36+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
37+
# Learn more:
38+
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
3939

40-
steps:
41-
- name: Checkout repository
42-
uses: actions/checkout@v2
40+
steps:
41+
- name: Checkout repository
42+
uses: actions/checkout@v2
4343

44-
# Initializes the CodeQL tools for scanning.
45-
- name: Initialize CodeQL
46-
uses: github/codeql-action/init@v1
47-
with:
48-
languages: ${{ matrix.language }}
49-
# If you wish to specify custom queries, you can do so here or in a config file.
50-
# By default, queries listed here will override any specified in a config file.
51-
# Prefix the list here with "+" to use these queries and those in the config file.
52-
# queries: ./path/to/local/query, your-org/your-repo/queries@main
44+
# Initializes the CodeQL tools for scanning.
45+
- name: Initialize CodeQL
46+
uses: github/codeql-action/init@v1
47+
with:
48+
languages: ${{ matrix.language }}
49+
# If you wish to specify custom queries, you can do so here or in a config file.
50+
# By default, queries listed here will override any specified in a config file.
51+
# Prefix the list here with "+" to use these queries and those in the config file.
52+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
5353

54-
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
55-
# If this step fails, then you should remove it and run the build manually (see below)
56-
- name: Autobuild
57-
uses: github/codeql-action/autobuild@v1
54+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
55+
# If this step fails, then you should remove it and run the build manually (see below)
56+
- name: Autobuild
57+
uses: github/codeql-action/autobuild@v1
5858

59-
# ℹ️ Command-line programs to run using the OS shell.
60-
# 📚 https://git.io/JvXDl
59+
# ℹ️ Command-line programs to run using the OS shell.
60+
# 📚 https://git.io/JvXDl
6161

62-
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
63-
# and modify them (or add more) to build your code if your project
64-
# uses a compiled language
62+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
63+
# and modify them (or add more) to build your code if your project
64+
# uses a compiled language
6565

66-
#- run: |
67-
# make bootstrap
68-
# make release
66+
#- run: |
67+
# make bootstrap
68+
# make release
6969

70-
- name: Perform CodeQL Analysis
71-
uses: github/codeql-action/analyze@v1
70+
- name: Perform CodeQL Analysis
71+
uses: github/codeql-action/analyze@v1

.github/workflows/publish.yml

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,32 @@ on:
55
types: [published]
66

77
permissions:
8-
contents: read # Required to checkout the code
9-
id-token: write # Required to sign the NPM publishing statements
8+
contents: read # Required to checkout the code
9+
id-token: write # Required to sign the NPM publishing statements
1010

1111
jobs:
1212
publish-reactpy:
1313
if: startsWith(github.event.release.name, 'reactpy ') || startsWith(github.event.release.tag_name, 'reactpy-')
14-
uses: ./.github/workflows/.hatch-run.yml
15-
with:
16-
job-name: "Publish to PyPI"
17-
run-cmd: "hatch build --clean && hatch publish --yes"
18-
secrets:
19-
pypi-username: ${{ secrets.PYPI_USERNAME }}
20-
pypi-password: ${{ secrets.PYPI_PASSWORD }}
14+
runs-on: ubuntu-latest
15+
steps:
16+
- uses: actions/checkout@v4
17+
- uses: actions/setup-node@v6
18+
with:
19+
node-version: 24
20+
registry-url: https://registry.npmjs.org/
21+
- uses: oven-sh/setup-bun@v2
22+
with:
23+
bun-version: latest
24+
- uses: actions/setup-python@v5
25+
with:
26+
python-version: "3.13"
27+
cache: "pip"
28+
- name: Install Python Dependencies
29+
run: pip install hatch
30+
- name: Build Python Package
31+
run: hatch build --clean
32+
- name: Publish to PyPI (Trusted Publishing)
33+
uses: pypa/gh-action-pypi-publish@release/v1
2134

2235
publish-reactpy-client:
2336
if: startsWith(github.event.release.name, '@reactpy/client ') || startsWith(github.event.release.tag_name, '@reactpy/client-')

pyproject.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@ artifacts = ["/src/reactpy/static/"]
6464
[tool.hatch.metadata]
6565
license-files = { paths = ["LICENSE"] }
6666

67+
[tool.hatch.publish.index]
68+
disable = true
69+
6770
[tool.hatch.envs.default]
6871
installer = "uv"
6972

0 commit comments

Comments
 (0)