mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-23 09:01:01 -05:00
8a08d61689
Some checks failed
🧪 / smoke-test (push) Has been cancelled
PR #236 This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`. Ref: https://github.com/pypi/warehouse/issues/15871
34 lines
1 KiB
Docker
34 lines
1 KiB
Docker
FROM python:3.12-slim
|
|
|
|
LABEL "maintainer" "Sviatoslav Sydorenko <wk+pypa@sydorenko.org.ua>"
|
|
LABEL "repository" "https://github.com/pypa/gh-action-pypi-publish"
|
|
LABEL "homepage" "https://github.com/marketplace/actions/pypi-publish"
|
|
LABEL "org.opencontainers.image.source" "https://github.com/pypa/gh-action-pypi-publish"
|
|
|
|
ENV PYTHONDONTWRITEBYTECODE 1
|
|
ENV PYTHONUNBUFFERED 1
|
|
|
|
ENV PIP_NO_CACHE_DIR 1
|
|
ENV PIP_ROOT_USER_ACTION ignore
|
|
|
|
ENV PATH "/root/.local/bin:${PATH}"
|
|
ENV PYTHONPATH "/root/.local/lib/python3.12/site-packages"
|
|
|
|
COPY requirements requirements
|
|
RUN \
|
|
PIP_CONSTRAINT=requirements/runtime-prerequisites.txt \
|
|
pip install --user --upgrade --no-cache-dir \
|
|
-r requirements/runtime-prerequisites.in && \
|
|
PIP_CONSTRAINT=requirements/runtime.txt \
|
|
pip install --user --upgrade --no-cache-dir --prefer-binary \
|
|
-r requirements/runtime.in
|
|
|
|
WORKDIR /app
|
|
COPY LICENSE.md .
|
|
COPY twine-upload.sh .
|
|
COPY print-hash.py .
|
|
COPY oidc-exchange.py .
|
|
COPY attestations.py .
|
|
|
|
RUN chmod +x twine-upload.sh
|
|
ENTRYPOINT ["/app/twine-upload.sh"]
|