Server Admin

Viewing: release.yml

on:
  workflow_dispatch:
  push:
    tags:
      - "*.*.*"

name: release

permissions:
  contents: read

jobs:
  build:
    name: Build distributions for PyPI
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up Python
        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1

      - name: Install build dependencies
        run: python -m pip install build

      - name: Build distributions
        run: python -m build

      - name: Upload distributions
        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        with:
          name: certifi-dists
          path: dist/

  pypi:
    name: Publish to PyPI
    runs-on: ubuntu-latest
    environment: release

    needs:
      - build

    permissions:
      # Used to authenticate to PyPI via OIDC.
      id-token: write

    steps:
      - name: fetch dists
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: certifi-dists
          path: dist/

      - name: publish
        if: github.event_name == 'push'
        uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0