name: Publish to Test PyPI on: # manually trigger the workflow workflow_dispatch: jobs: build: name: Build Distribution runs-on: ubuntu-latest outputs: TAG: ${{ steps.get_tag.outputs.TAG }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Set up Python uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" - name: Install pypa/build run: >- python3 -m pip install build --user - name: Build a binary wheel and a source tarball run: python3 -m build - name: Store the distribution packages uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: python-package-distributions path: dist/ - name: Get Tag Name id: get_tag run: | pip install . TAG=$(python -c "from telegram import __version__; print(f'v{__version__}')") echo "TAG=$TAG" >> $GITHUB_OUTPUT publish-to-test-pypi: name: Publish to Test PyPI needs: - build runs-on: ubuntu-latest environment: name: release_test_pypi url: https://test.pypi.org/p/python-telegram-bot permissions: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: python-package-distributions path: dist/ - name: Publish to Test PyPI uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 with: repository-url: https://test.pypi.org/legacy/ compute-signatures: name: Compute SHA1 Sums and Sign with Sigstore runs-on: ubuntu-latest needs: - publish-to-test-pypi permissions: id-token: write # IMPORTANT: mandatory for sigstore steps: - name: Download all the dists uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: python-package-distributions path: dist/ - name: Compute SHA1 Sums run: | # Compute SHA1 sum of the distribution packages and save it to a file with the same name, # but with .sha1 extension for file in dist/*; do sha1sum $file > $file.sha1 done - name: Sign the dists with Sigstore uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0 with: inputs: >- ./dist/*.tar.gz ./dist/*.whl - name: Store the distribution packages and signatures uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: python-package-distributions-and-signatures path: dist/ github-test-release: name: Upload to GitHub Release Draft needs: - build - compute-signatures runs-on: ubuntu-latest permissions: contents: write # IMPORTANT: mandatory for making GitHub Releases steps: - name: Download all the dists uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: python-package-distributions-and-signatures path: dist/ - name: Create GitHub Release env: GITHUB_TOKEN: ${{ github.token }} TAG: ${{ needs.build.outputs.TAG }} # Create a GitHub Release *draft*. The description can be changed later, as for now # we don't define it through this workflow. run: >- gh release create "$TAG" --repo '${{ github.repository }}' --generate-notes --draft - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} TAG: ${{ needs.build.outputs.TAG }} # Upload to GitHub Release using the `gh` CLI. # `dist/` contains the built packages, and the # sigstore-produced signatures and certificates. run: >- gh release upload "$TAG" dist/** --repo '${{ github.repository }}'