publish-to-pypi.yml

# This workflow will run when a new release is published and upload it to PyPI using trusted publishing.
# Done in two separate build and publish jobs per suggested best practice for limiting scope of token usage.

name: Publish - PyPI

on:
  release:
    types:
      - published

jobs:
  build:
    if: ${{ github.repository == 'slaclab/pydm' }}
    name: Build new release
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v3

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.x'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install setuptools wheel
    - name: Build Package
      run: python setup.py sdist

    - name: Upload package
      uses: actions/upload-artifact@v3
      with:
        name: package
        path: dist/*
        retention-days: 1

  publish:
    if: ${{ github.repository == 'slaclab/pydm' }}
    name: Publish release to PyPI
    runs-on: ubuntu-latest
    permissions:
      id-token: write # Used for trusted publishing
    steps:
      - name: Download package
        uses: actions/download-artifact@v4.1.7
        with:
          name: package
          path: dist/

      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1