Skip to content

Workflow for publishing to TestPyPI#48

Merged
kevinbackhouse merged 2 commits intoGitHubSecurityLab:mainfrom
kevinbackhouse:publish-to-testpypi
Nov 5, 2025
Merged

Workflow for publishing to TestPyPI#48
kevinbackhouse merged 2 commits intoGitHubSecurityLab:mainfrom
kevinbackhouse:publish-to-testpypi

Conversation

@kevinbackhouse
Copy link
Collaborator

@kevinbackhouse kevinbackhouse commented Nov 4, 2025

https://test.pypi.org/ is a testing version of https://pypi.org. I'll try to get this workflow working there first before I try to add the real PyPI. I've implemented it with a reusable workflow, so hopefully it will be easy to add PyPI when I've got this working.

Copilot AI review requested due to automatic review settings November 4, 2025 18:04
Copilot AI reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a reusable workflow pattern for publishing Python packages to PyPI/TestPyPI. It adds two new workflow files: a reusable workflow that handles the entire publish process (building, signing, uploading to PyPI, and creating GitHub releases), and a caller workflow configured for TestPyPI.

  • Adds a reusable workflow (publish-reusable.yml) that builds Python packages, publishes to PyPI/TestPyPI, signs with sigstore, and creates GitHub releases
  • Adds a caller workflow (publish-to-testpypi.yaml) that triggers the reusable workflow for TestPyPI deployments
  • Implements trusted publishing with OIDC for secure PyPI authentication

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
.github/workflows/publish-to-testpypi.yaml Caller workflow that invokes the reusable workflow for TestPyPI publishing with manual trigger
.github/workflows/publish-reusable.yml Reusable workflow that handles building, publishing, signing, and release creation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kevinbackhouse kevinbackhouse force-pushed the publish-to-testpypi branch 3 times, most recently from 336ee26 to 3bcd8aa Compare November 4, 2025 18:25
JarLob
JarLob reviewed Nov 5, 2025
View reviewed changes
.github/workflows/publish-to-testpypi.yaml
uses: .github/workflows/publish-reusable.yml@main
with:
version: ${{ inputs.version }}
release_notes: ${{ github.head_ref }}
Copy link
Contributor

@JarLob JarLob Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for testing?

Copy link
Collaborator Author

@kevinbackhouse kevinbackhouse Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, because this whole workflow is just for testing. It pushes to TestPyPI, so my intention is that we can do it whenever we feel like it, rather than just when we have a new release.

I'm planning to add a separate workflow for pushing to PyPI, which is why I've put most of the logic in a reusable workflow.

JarLob
JarLob reviewed Nov 5, 2025
View reviewed changes
JarLob
JarLob previously approved these changes Nov 5, 2025
View reviewed changes
@kevinbackhouse kevinbackhouse merged commit 9939558 into GitHubSecurityLab:main Nov 5, 2025
9 checks passed
@kevinbackhouse kevinbackhouse deleted the publish-to-testpypi branch November 5, 2025 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JarLob JarLob JarLob approved these changes

@m-y-mo m-y-mo Awaiting requested review from m-y-mo m-y-mo is a code owner

@p- p- Awaiting requested review from p- p- is a code owner

@sylwia-budzynska sylwia-budzynska Awaiting requested review from sylwia-budzynska sylwia-budzynska is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinbackhouse @JarLob