Add dependabot dependency scanning for GitHub actions #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/publish-pypi-test.yaml | |
| # uses trusted publishing to publish the package to TestPyPI as described here: | |
| # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ | |
| name: Publish to Test PyPI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| name: Build distribution 📦 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Python 🐍 | |
| uses: actions/setup-python@v5 | |
| - name: Install uv 🌟 | |
| uses: astral-sh/setup-uv@887a942a15af3a7626099df99e897a18d9e5ab3a # v5.1.0 | |
| - name: Build package for distribution 🛠️ | |
| run: | | |
| uv build | |
| - name: Upload distribution packages 📤 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cladetime-package-distribution | |
| path: dist/ | |
| publish-to-testpypi: | |
| name: Publish Python distribution to TestPyPI | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi-test | |
| url: https://test.pypi.org/p/cladetime | |
| permissions: | |
| id-token: write # needed for trusted publishing (i.e., OIDC) | |
| steps: | |
| - name: Download distribution artifacts 📥 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: cladetime-package-distribution | |
| path: dist/ | |
| - name: Publish distribution to TestPyPI 🚀 | |
| uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.1.12 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ |