3636 runs-on : ubuntu-latest
3737 environment :
3838 name : pypi
39- # Fill in your project (e.g. repository) name
40- # for <package-name>
39+ # Fill in your project (e.g. repository) name for <package-name>
4140 url : https://pypi.org/p/<package-name>
4241 permissions :
4342 id-token : write # IMPORTANT: mandatory for trusted publishing
@@ -64,21 +63,24 @@ jobs:
6463 id-token : write # IMPORTANT: mandatory for sigstore
6564
6665 steps :
67- - name : Sign the dists with Sigstore
68- uses : sigstore/gh-action-sigstore-python@v1.2.3
69- with :
70- inputs : >-
71- ./dist/*.tar.gz
72- ./dist/*.whl
73- name : Upload artifact signatures to GitHub Release
74- # Confusingly, this action also supports updating releases, not
75- # just creating them. This is what we want here, since we've manually
76- # created the release above.
77- uses : softprops/action-gh-release@v1
78- with :
79- # `dist/` contains the built packages, and the
80- # sigstore-produced signatures and certificates.
81- files : dist/**
66+ - name : Download all the dists
67+ uses : actions/download-artifact@v3
68+ with :
69+ name : python-package-distributions
70+ path : dist/
71+ - name : Sign the dists with Sigstore
72+ uses : sigstore/gh-action-sigstore-python@v1.2.3
73+ with :
74+ inputs : >-
75+ ./dist/*.tar.gz
76+ ./dist/*.whl
77+ name : Upload artifact signatures to GitHub Release
78+ env :
79+ GH_TOKEN : ${{ github.token }}
80+ # Upload to GitHub Release using the `gh` CLI.
81+ # `dist/` contains the built packages, and the
82+ # sigstore-produced signatures and certificates.
83+ run : gh release upload "${{ github.ref_name }}" dist/** --repo "${{ github.repository }}"
8284
8385 publish-to-testpypi :
8486 name : Publish Python 🐍 distribution 📦 to TestPyPI
0 commit comments