chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 in the actions group across 1 directory #227
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - v* | |
| release: | |
| types: | |
| - published | |
| jobs: | |
| # Always build & lint package. | |
| build-package: | |
| name: Build & verify | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: hynek/build-and-inspect-python-package@v2 | |
| # Upload to real PyPI on GitHub Releases. | |
| release-pypi: | |
| name: Publish to pypi.org | |
| environment: release | |
| runs-on: ubuntu-latest | |
| needs: build-package | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Download packages built by build-and-inspect-python-package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: Packages | |
| path: dist | |
| - name: Generate artifact attestation for sdist and wheel | |
| uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
| with: | |
| subject-path: "dist/pyproject*" | |
| - name: Upload package to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 |