-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy path.gitlab-ci.yml
85 lines (73 loc) · 1.78 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---
image: python:3.11
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
cache:
paths:
- .cache/pip
- venv/
before_script:
- python -V # Print out python version for debugging
- pip install twine tox ruff pytest build
linting:
stage: test
script:
- tox -e ruff,yamllint
build-job:
stage: build
image: python:3-bookworm
script:
- python -m pip install -U build
- python -m build
artifacts:
paths:
- "dist/"
generate-pypi-attestations:
stage: build
image: python:3-bookworm
needs:
- job: build-job
artifacts: true
id_tokens:
SIGSTORE_ID_TOKEN:
aud: sigstore
script:
- python -m pip install -U pypi-attestations
- python -m pypi_attestations sign dist/*
artifacts:
paths:
- "dist/"
publish-job:
stage: deploy
image: python:3-bookworm
dependencies:
- build-job
- generate-pypi-attestations
id_tokens:
PYPI_ID_TOKEN:
aud: pypi
script:
# Install dependencies
- apt update && apt install -y jq
- python -m pip install -U twine id
# Retrieve the OIDC token from GitLab CI/CD, and exchange it for a PyPI API token
- oidc_token=$(python -m id pypi)
- resp=$(curl -X POST https://pypi.org/_/oidc/mint-token -d "{\"token\":\"${oidc_token}\"}")
- api_token=$(jq --raw-output '.token' <<< "${resp}")
# Upload to PyPI authenticating via the newly-minted token, including the generated attestations
# Add "--repository testpypi" if uploading to TestPyPI
- twine upload --verbose --attestations -u __token__ -p "${api_token}" dist/*
only:
- tags
python311:
stage: test
image: python:3.11
script: tox -e py311
python312:
stage: test
image: python:3.12
script: tox -e py312
python313:
stage: test
image: python:3.13
script: tox -e py313