name: Publish to PyPI on: # manually trigger the workflow workflow_dispatch: jobs: build: name: Build Distribution runs-on: ubuntu-latest outputs: TAG: ${{ steps.get_tag.outputs.TAG }} steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.x" - name: Install pypa/build run: >- python3 -m pip install build --user - name: Build a binary wheel and a source tarball run: python3 -m build - name: Store the distribution packages uses: actions/upload-artifact@v4 with: name: python-package-distributions path: dist/ - name: Get Tag Name id: get_tag run: | pip install . TAG=$(python -c "from telegram import __version__; print(f'v{__version__}')") echo "TAG=$TAG" >> $GITHUB_OUTPUT publish-to-pypi: name: Publish to PyPI needs: - build runs-on: ubuntu-latest environment: name: release_pypi url: https://pypi.org/p/python-telegram-bot permissions: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists uses: actions/download-artifact@v4 with: name: python-package-distributions path: dist/ - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 compute-signatures: name: Compute SHA1 Sums and Sign with Sigstore runs-on: ubuntu-latest needs: - publish-to-pypi permissions: id-token: write # IMPORTANT: mandatory for sigstore steps: - name: Download all the dists uses: actions/download-artifact@v4 with: name: python-package-distributions path: dist/ - name: Compute SHA1 Sums run: | # Compute SHA1 sum of the distribution packages and save it to a file with the same name, # but with .sha1 extension for file in dist/*; do sha1sum $file > $file.sha1 done - name: Sign the dists with Sigstore uses: sigstore/gh-action-sigstore-python@v3.0.0 with: inputs: >- ./dist/*.tar.gz ./dist/*.whl - name: Store the distribution packages and signatures uses: actions/upload-artifact@v4 with: name: python-package-distributions-and-signatures path: dist/ github-release: name: Upload to GitHub Release needs: - build - compute-signatures runs-on: ubuntu-latest permissions: contents: write # IMPORTANT: mandatory for making GitHub Releases steps: - name: Download all the dists uses: actions/download-artifact@v4 with: name: python-package-distributions-and-signatures path: dist/ - name: Create GitHub Release env: GITHUB_TOKEN: ${{ github.token }} TAG: ${{ needs.build.outputs.TAG }} # Create a tag and a GitHub Release. The description can be changed later, as for now # we don't define it through this workflow. run: >- gh release create '${{ env.TAG }}' --repo '${{ github.repository }}' --generate-notes - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} TAG: ${{ needs.build.outputs.TAG }} # Upload to GitHub Release using the `gh` CLI. # `dist/` contains the built packages, and the # sigstore-produced signatures and certificates. run: >- gh release upload '${{ env.TAG }}' dist/** --repo '${{ github.repository }}'