From 7405a4523a033dd1e9632361cee996abbe7e5d13 Mon Sep 17 00:00:00 2001 From: Michael Seifert Date: Wed, 25 Jun 2025 19:23:02 +0200 Subject: [PATCH 1/3] ci: Add missing "contents: write" permission for the GitHub Release step. Fixes #1127 --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7ab5726e..c01f7ffb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -191,6 +191,7 @@ jobs: needs: [lint, check, prepare-release-notes] runs-on: ubuntu-latest permissions: + contents: write id-token: write steps: - name: Download distributions From d147f29f2fe6f6861853a1daa3e042554d4a8c21 Mon Sep 17 00:00:00 2001 From: Michael Seifert Date: Wed, 25 Jun 2025 19:47:57 +0200 Subject: [PATCH 2/3] ci: Publish to test.pypi.org on every commit against main. --- .github/workflows/main.yml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c01f7ffb..da7b143e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -183,10 +183,28 @@ jobs: name: release-notes.md path: release-notes.md - deploy: - name: Deploy + publish-test-pypi: + name: Publish packages to test.pypi.org + environment: release + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + needs: [lint, check] + runs-on: ubuntu-latest + permissions: + id-token: write + steps: + - name: Download distributions + uses: actions/download-artifact@v4 + with: + name: dist + path: dist + - name: Upload to test.pypi.org + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + with: + repository-url: https://test.pypi.org/legacy/ + + publish-pypi: + name: Publish packages to pypi.org environment: release - # Run only on pushing a tag if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') needs: [lint, check, prepare-release-notes] runs-on: ubuntu-latest From 028fc9a7d66c1f2e4822add78090b2c0e703db86 Mon Sep 17 00:00:00 2001 From: Michael Seifert Date: Wed, 25 Jun 2025 19:56:13 +0200 Subject: [PATCH 3/3] ci: Move step for creating a GitHub release to the job that creates the release notes. This addresses an issue with the step having elevated rights. --- .github/workflows/main.yml | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index da7b143e..ba834c58 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -143,10 +143,12 @@ jobs: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} - prepare-release-notes: - name: Prepare Release Notes - needs: [lint] + create-github-release: + name: Create GitHub release + needs: [lint, check] runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout uses: actions/checkout@v4 @@ -182,6 +184,20 @@ jobs: with: name: release-notes.md path: release-notes.md + - name: Download distributions + uses: actions/download-artifact@v4 + with: + name: dist + path: dist + - name: Create GitHub Release + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0 + with: + name: pytest-asyncio ${{ needs.lint.outputs.version }} + artifacts: dist/* + bodyFile: release-notes.md + prerelease: ${{ needs.lint.outputs.prerelease }} + token: ${{ secrets.GITHUB_TOKEN }} publish-test-pypi: name: Publish packages to test.pypi.org @@ -206,10 +222,9 @@ jobs: name: Publish packages to pypi.org environment: release if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') - needs: [lint, check, prepare-release-notes] + needs: [lint, check] runs-on: ubuntu-latest permissions: - contents: write id-token: write steps: - name: Download distributions @@ -222,16 +237,3 @@ jobs: tree dist - name: PyPI upload uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 - - name: Download Release Notes - uses: actions/download-artifact@v4 - with: - name: release-notes.md - path: release-notes.md - - name: GitHub Release - uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0 - with: - name: pytest-asyncio ${{ needs.lint.outputs.version }} - artifacts: dist/* - bodyFile: release-notes.md - prerelease: ${{ needs.lint.outputs.prerelease }} - token: ${{ secrets.GITHUB_TOKEN }}