artem/yt-dlp
1
0
Fork 0
mirror of https://github.com/yt-dlp/yt-dlp.git synced 2026-06-29 06:06:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

[build] Enable attestations for trusted publishing

Browse Source 
Authored by: bashonly
This commit is contained in:
bashonly 2024-10-31 11:50:07 -05:00
parent 29926814a0
commit 1c868cde15
No known key found for this signature in database
GPG Key ID: 783F096F253D15B0
3 changed files with 75 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/release-master.yml vendored
View File

@ -28,3 +28,24 @@ jobs:
actions: write # For cleaning up cache actions: write # For cleaning up cache
id-token: write # mandatory for trusted publishing id-token: write # mandatory for trusted publishing
secrets: inherit secrets: inherit
publish_pypi:
needs: [release]
if: vars.MASTER_PYPI_PROJECT != ''
runs-on: ubuntu-latest
permissions:
id-token: write # mandatory for trusted publishing
steps:
- uses: actions/download-artifact@v4
with:
path: dist
name: build-pypi
- name: Verify SHA2-256SUMS
run: |
cd ./dist/
sha256sum -c SHA2-256SUMS
rm SHA2-256SUMS
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
verbose: true

21
.github/workflows/release-nightly.yml vendored
View File

@ -41,3 +41,24 @@ jobs:
actions: write # For cleaning up cache actions: write # For cleaning up cache
id-token: write # mandatory for trusted publishing id-token: write # mandatory for trusted publishing
secrets: inherit secrets: inherit
publish_pypi:
needs: [release]
if: vars.NIGHTLY_PYPI_PROJECT != ''
runs-on: ubuntu-latest
permissions:
id-token: write # mandatory for trusted publishing
steps:
- uses: actions/download-artifact@v4
with:
path: dist
name: build-pypi
- name: Verify SHA2-256SUMS
run: |
cd ./dist/
sha256sum -c SHA2-256SUMS
rm SHA2-256SUMS
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
verbose: true

37
.github/workflows/release.yml vendored
View File

@ -2,10 +2,6 @@ name: Release
on: on:
workflow_call: workflow_call:
inputs: inputs:
prerelease:
required: false
default: true
type: boolean
source: source:
required: false required: false
default: '' default: ''
@ -18,6 +14,14 @@ on:
required: false required: false
default: '' default: ''
type: string type: string
prerelease:
required: false
default: true
type: boolean
manual_dispatch:
required: false
default: false
type: boolean
workflow_dispatch: workflow_dispatch:
inputs: inputs:
source: source:
@ -47,6 +51,10 @@ on:
description: Pre-release description: Pre-release
default: false default: false
type: boolean type: boolean
manual_dispatch:
description: Manual dispatch (do not toggle)
default: true
type: boolean
permissions: permissions:
contents: read contents: read
@ -278,7 +286,28 @@ jobs:
make clean-cache make clean-cache
python -m build --no-isolation . python -m build --no-isolation .
- name: Make SHA2-SUMS files
if: ${{ !inputs.manual_dispatch }}
run: |
cd ./dist/
# make sure SHA sums are also printed to stdout
sha256sum -- * | tee SHA2-256SUMS
# also print as permanent annotations to the summary page
while read -r shasum; do
echo "::notice title=${shasum##* }::sha256: ${shasum% *}"
done < SHA2-256SUMS
- name: Upload PyPI artifacts
if: ${{ !inputs.manual_dispatch }}
uses: actions/upload-artifact@v4
with:
name: build-pypi
path: |
dist/*
compression-level: 0
- name: Publish to PyPI - name: Publish to PyPI
if: inputs.manual_dispatch
uses: pypa/gh-action-pypi-publish@release/v1 uses: pypa/gh-action-pypi-publish@release/v1
with: with:
verbose: true verbose: true