diff --git a/Dockerfile b/Dockerfile index 1683b39..cf4140d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,17 +4,14 @@ LABEL "maintainer"="Sviatoslav Sydorenko " LABEL "repository"="https://github.com/re-actors/gh-action-pypi-publish" LABEL "homepage"="https://github.com/re-actors/gh-action-pypi-publish" -LABEL "com.github.actions.name"="pypi-publish" -LABEL "com.github.actions.description"="Upload Python distribution packages to PyPI" -LABEL "com.github.actions.icon"="upload-cloud" -LABEL "com.github.actions.color"="yellow" - ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 -ADD LICENSE.md /LICENSE.md - RUN pip install --upgrade --no-cache-dir twine -ENTRYPOINT ["twine"] -CMD ["upload", "dist/*"] +WORKDIR /app +COPY ./LICENSE.md /app/ +COPY ./twine-upload.sh /app/ + +RUN chmod +x /app/twine-upload.sh +ENTRYPOINT ["/app/twine-upload.sh"] diff --git a/README.md b/README.md index dce5e86..9d16240 100644 --- a/README.md +++ b/README.md @@ -5,33 +5,50 @@ PyPI. ## Usage -To use the action simply add the following lines in the end of your -`.github/main.workflow`. -```hcl -action "Upload Python dist to PyPI" { - uses = "re-actors/pypi-action@master" - env = { - TWINE_USERNAME = "f'{your_project}-bot'" - } - secrets = ["TWINE_PASSWORD"] -} +To use the action add the following step to your workflow file (e.g.: +`.github/workflows/main.yml`) + + +```yml +- name: Publish a Python distribution to PyPI + uses: pypi/gh-action-pypi-publish@master + with: + user: __token__ + password: ${{ secrets.pypi_password }} ``` -N.B. Use a valid tag, or branch, or commit SHA instead -of `master` to pin the action to use a specific version of it. +A common use case is to upload packages only on a tagged commit, to do so add a +filter to the step: -### Environment Variables and Secrets -- **`TWINE_USERNAME`**: set this one to the username used to authenticate -against PyPI. _It is recommended to have a separate user account like -`f'{your_project}-bot'` having the lowest privileges possible on your -target dist page._ -- **`TWINE_PASSWORD`**: it's a password for the account used in -`TWINE_USERNAME` env var. **ATTENTION! WARNING! When adding this value -to the Action node in your workflow, use SECRETS, not normal env vars.** +```yml + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') +``` + +So the full step would look like: + + +```yml +- name: Publish package + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') + uses: pypi/gh-action-pypi-publish@master + with: + user: __token__ + password: ${{ secrets.pypi }} +``` + +The example above uses the new [API token](https://pypi.org/help/#apitoken) +feature of PyPI, which is recommended to restrict the access the action has. + +The secret used in `${{ secrets.pypi_password }}` needs to be created on the settings +page of your project on GitHub. See [Creating & using secrets]. ## License + The Dockerfile and associated scripts and documentation in this project are released under the [BSD 3-clause license](LICENSE.md). + + +[Creating & using secrets]: https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..c1406ab --- /dev/null +++ b/action.yml @@ -0,0 +1,24 @@ +--- +name: pypi-publish +description: Upload Python distribution packages to PyPI +inputs: + user: + description: PyPI user + required: false + default: __token__ + password: + description: Password for your PyPI user or an access token + required: true + repository_url: + description: The repository URL to use + required: false +branding: + color: yellow + icon: upload-cloud +runs: + using: docker + image: Dockerfile + args: + - ${{ inputs.user }} + - ${{ inputs.password }} + - ${{ inputs.repository_url }} diff --git a/twine-upload.sh b/twine-upload.sh new file mode 100755 index 0000000..9b5dd53 --- /dev/null +++ b/twine-upload.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +TWINE_USERNAME=$INPUT_USER \ + TWINE_PASSWORD=$INPUT_PASSWORD \ + TWINE_REPOSITORY_URL=$INPUT_REPOSITORY_URL \ + exec twine upload dist/*