Skip to content

build: Update release CI to use trusted publishers. #4332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

build: Update release CI to use trusted publishers. #4332

wants to merge 6 commits into from

Conversation

prmukherj
Copy link
Collaborator

@RobPasMue, @MaxJPRey could you please look if it conforms with the standards?

Thank you.

@github-actions github-actions bot added maintenance General maintenance of the repo (libraries, cicd, etc) CI/CD Related to CI/CD labels Aug 1, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 1, 2025
View reviewed changes
@prmukherj prmukherj marked this pull request as ready for review August 5, 2025 03:00
@prmukherj prmukherj requested review from RobPasMue and MaxJPRey August 5, 2025 03:00
RobPasMue
RobPasMue requested changes Aug 11, 2025
View reviewed changes
Copy link
Member

@RobPasMue RobPasMue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few changes. Please request review once addressed

.github/workflows/ci.yml
Comment on lines +651 to +655
uses: pypa/[email protected]
with:
packages-dir: dist
repository-url: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload
skip-existing: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uses: pypa/[email protected]
with:
packages-dir: dist
repository-url: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload
skip-existing: true
run: |
pip install twine
python -m twine upload --skip-existing ./**/*.whl
python -m twine upload --skip-existing ./**/*.tar.gz

The private PyPI needs to use the token approach

.github/workflows/ci.yml
with:
packages-dir: dist
repository-url: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload
skip-existing: true
env:
TWINE_USERNAME: PAT
TWINE_PASSWORD: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
TWINE_PASSWORD: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
TWINE_PASSWORD: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
TWINE_REPOSITORY_URL: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload

.github/workflows/ci.yml
Comment on lines +660 to 668
- name: Upload to Public PyPi using trusted publisher
uses: pypa/[email protected]
with:
packages-dir: dist
print-hash: true
skip-existing: false
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.ANSYS_FLUENT_CORE_PYPI_TOKEN }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Upload to Public PyPi using trusted publisher
uses: pypa/[email protected]
with:
packages-dir: dist
print-hash: true
skip-existing: false
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.ANSYS_FLUENT_CORE_PYPI_TOKEN }}
- name: "Download the library artifacts from build-library step"
uses: actions/[email protected]
with:
name: ${{ env.PACKAGE_NAME }}-artifacts
path: ${{ env.PACKAGE_NAME }}-artifacts
- name: "Upload artifacts to PyPI using trusted publisher"
uses: pypa/[email protected]
with:
repository-url: "https://upload.pypi.org/legacy/"
print-hash: true
packages-dir: ${{ env.PACKAGE_NAME }}-artifacts
skip-existing: false

.github/workflows/ci.yml
@@ -668,4 +673,3 @@ jobs:
files: |
./**/*.whl
./**/*.tar.gz
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
./**/*.tar.gz
./**/*.tar.gz
./**/*-wheelhouse-*.zip

Wheelhouse is still needed in GitHub release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RobPasMue RobPasMue RobPasMue requested changes

@mkundu1 mkundu1 Awaiting requested review from mkundu1 mkundu1 is a code owner

@seanpearsonuk seanpearsonuk Awaiting requested review from seanpearsonuk seanpearsonuk is a code owner

@hpohekar hpohekar Awaiting requested review from hpohekar hpohekar is a code owner

@MaxJPRey MaxJPRey Awaiting requested review from MaxJPRey

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
CI/CD Related to CI/CD maintenance General maintenance of the repo (libraries, cicd, etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@prmukherj @RobPasMue @pyansys-ci-bot