https://github.com/casperdcl/deploy-pypi
Securely build and upload Python distributions to PyPI
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (12.1%) to scientific vocabulary
Keywords
Repository
Securely build and upload Python distributions to PyPI
Statistics
- Stars: 17
- Watchers: 1
- Forks: 2
- Open Issues: 0
- Releases: 18
Topics
Metadata Files
README.md
GitHub Action: PyPI Deployment
Securely build and upload Python distributions to PyPI.
Example
yaml
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: casperdcl/deploy-pypi@v2
with:
build: --outdir dist .
# only upload if a tag is pushed (otherwise just build & check)
upload: ${{ github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') }}
Why
PyPI Deployment:
- Supports
building- supports customisable build requirements
- supports customisable build command
- supports PEP517 projects lacking a
setup.pyfile
- Supports PEP740 attestations
- Supports GPG signing
- Each stage is optional (
build,check,signandupload) - Uses a blazing fast container-free GitHub action
- Outputs names of files for upload (for convenience in subsequent steps)
- Has the entirety of the code in a single file, making it very easy to review
The main alternative GitHub Action pypi-publish currently does not offer the benefits above.
Other features (supported by both) include:
- Supports checking built files
- Supports skipping existing uploads
- Supports OIDC PyPI trusted publishing
Security
- If you are distrust me, use a commit SHA of a version you've manually reviewed (e.g.
uses:casperdcl/deploy-pypi@3181cc0919c032ba42e365bd514e27442c54a3be) - If you distrust dependencies, spilt the
buildanduploadsteps to hide publishing/OIDC tokens from the build step
Inputs
You likely should specify exactly one of the following: setup, build or pip.
yaml
inputs:
user:
description: PyPI username
default: __token__
password:
description: PyPI password or API token
registry_domain:
description: PyPI trusted publisher URL
default: https://upload.pypi.org
requirements:
description: Packages to `pip install` before building
default: twine wheel build
setup:
description: '`setup.py` command to run ("true" is a shortcut for "clean sdist -d <dist_dir> bdist_wheel -d <dist_dir>")'
default: false
build:
description: '`python -m build` command to run ("true" is a shortcut for "-o <dist_dir>")'
default: false
pip:
description: '`pip` command to run ("true" is a shortcut for "wheel -w <dist_dir> --no-deps .")'
default: false
check:
description: Whether to run basic checks on the built files
default: true
upload:
description: Whether to upload
default: true
dist_dir:
description: Directory containing distributions
default: dist
url:
description: Destination repository (package index) URL
attestations:
description: 'Use PEP 740 attestations if `upload`ing to a trusted publisher `registry_domain`'
default: true
gpg_key:
description: GPG key to import for signing
skip_existing:
description: Continue uploading files if one already exists
default: false
outputs:
whl:
description: Basename of *.whl for upload
targz:
description: Basename of *.tar.gz for upload
whl_asc:
description: Basename of *.whl.asc for upload (requires <gpg_key>)
targz_asc:
description: Basename of *.tar.gz.asc for upload (requires <gpg_key>)
Owner
- Name: Casper da Costa-Luis
- Login: casperdcl
- Kind: user
- Location: London, UK
- Website: https://cdcl.ml
- Repositories: 136
- Profile: https://github.com/casperdcl
Open Core Software Consultant & Technical Product Manager; Computational Physicist; member of IEEE, IOP, & @python Software Foundation
GitHub Events
Total
- Create event: 4
- Release event: 2
- Issues event: 3
- Watch event: 2
- Delete event: 1
- Issue comment event: 2
- Push event: 6
- Pull request event: 2
Last Year
- Create event: 4
- Release event: 2
- Issues event: 3
- Watch event: 2
- Delete event: 1
- Issue comment event: 2
- Push event: 6
- Pull request event: 2
Committers
Last synced: over 1 year ago
Top Committers
| Name | Commits | |
|---|---|---|
| Casper da Costa-Luis | c****l@p****g | 37 |
| Rahul Parmar | r****n@g****m | 1 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 7
- Total pull requests: 13
- Average time to close issues: 3 months
- Average time to close pull requests: about 14 hours
- Total issue authors: 3
- Total pull request authors: 2
- Average comments per issue: 2.57
- Average comments per pull request: 0.08
- Merged pull requests: 12
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 1
- Pull requests: 2
- Average time to close issues: about 15 hours
- Average time to close pull requests: about 15 hours
- Issue authors: 1
- Pull request authors: 1
- Average comments per issue: 0.0
- Average comments per pull request: 0.0
- Merged pull requests: 1
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- casperdcl (5)
- ygalblum (1)
- flooie (1)
Pull Request Authors
- casperdcl (14)
- RahulParmarRP (1)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
- Total downloads: unknown
- Total dependent packages: 0
- Total dependent repositories: 62
- Total versions: 18
github actions: casperdcl/deploy-pypi
Securely build and upload Python distributions to PyPI
- License: other
-
Latest release: v2.5.0
published 9 months ago
Rankings
Dependencies
- ./.github/.. * composite
- actions/checkout v3 composite
- actions/setup-python v4 composite