1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
name: deploy
on:
workflow_dispatch:
inputs:
version:
description: 'Release version'
required: true
default: '1.2.3'
# Set permissions at the job level.
permissions: {}
jobs:
package:
runs-on: ubuntu-latest
env:
SETUPTOOLS_SCM_PRETEND_VERSION: ${{ github.event.inputs.version }}
timeout-minutes: 10
# Required by attest-build-provenance-github.
permissions:
id-token: write
attestations: write
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: Build and Check Package
uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516
with:
attest-build-provenance-github: 'true'
generate-gh-release-notes:
needs: [package]
runs-on: ubuntu-latest
timeout-minutes: 30
permissions:
contents: read
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.13"
- name: Install tox
run: |
python -m pip install --upgrade pip
pip install --upgrade tox
- name: Generate release notes
env:
VERSION: ${{ github.event.inputs.version }}
run: |
tox -e generate-gh-release-notes -- "$VERSION" gh-release-notes.md
- name: Upload release notes
uses: actions/upload-artifact@v4
with:
name: release-notes
path: gh-release-notes.md
retention-days: 1
publish-to-pypi:
if: github.repository == 'pytest-dev/pytest'
# Need generate-gh-release-notes only for ordering.
# Don't want to release to PyPI if generating GitHub release notes fails.
needs: [package, generate-gh-release-notes]
runs-on: ubuntu-latest
environment: deploy
timeout-minutes: 30
permissions:
id-token: write
steps:
- name: Download Package
uses: actions/download-artifact@v6
with:
name: Packages
path: dist
- name: Publish package to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
with:
attestations: true
push-tag:
needs: [publish-to-pypi]
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: true
- name: Push tag
env:
VERSION: ${{ github.event.inputs.version }}
run: |
git config user.name "pytest bot"
git config user.email "pytestbot@gmail.com"
git tag --annotate --message=v"$VERSION" "$VERSION" ${{ github.sha }}
git push origin "$VERSION"
create-github-release:
needs: [push-tag, generate-gh-release-notes]
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write
steps:
- name: Download Package
uses: actions/download-artifact@v6
with:
name: Packages
path: dist
- name: Download release notes
uses: actions/download-artifact@v6
with:
name: release-notes
path: .
- name: Publish GitHub Release
env:
VERSION: ${{ github.event.inputs.version }}
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create --notes-file gh-release-notes.md --verify-tag "$VERSION" dist/*
|
