Skip to content

ci: publish to PyPI on version tags via OIDC trusted publishing#129

Merged
raylim merged 1 commit into
mainfrom
ci/publish-to-pypi
Jun 16, 2026
Merged

ci: publish to PyPI on version tags via OIDC trusted publishing#129
raylim merged 1 commit into
mainfrom
ci/publish-to-pypi

Conversation

@raylim

@raylim raylim commented May 29, 2026

Copy link
Copy Markdown
Collaborator

Adds a publish job to CI that fires on v* tags.

How it works

  1. Runs only after test job passes
  2. Triggers on refs/tags/v* (i.e. git tag v1.4.4 && git push origin v1.4.4)
  3. Builds sdist + wheel with python -m build
  4. Uploads via pypa/gh-action-pypi-publish using OIDC trusted publishing — no API token stored in secrets

One-time setup required

Add a trusted publisher on PyPI at:
https://pypi.org/manage/project/mussel-pathology/settings/publishing/

Settings:

  • Owner: pathology-data-mining
  • Repository: Mussel
  • Workflow: ci.yml
  • Environment: pypi

Then create a pypi environment in GitHub repo settings (Settings → Environments).

@raylim
ci: publish to PyPI on version tags via OIDC trusted publishing
655df4b 
Adds a 'publish' job that triggers on v* tags, waits for tests to pass,
builds the sdist + wheel, then uploads to PyPI using the pypa publish
action with OIDC trusted publishing (no stored API token needed).

Requires a 'pypi' GitHub Actions environment to be configured and a
trusted publisher entry added at:
https://pypi.org/manage/project/mussel-pathology/settings/publishing/

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@raylim raylim merged commit cadecd5 into main Jun 16, 2026
3 checks passed
@raylim raylim deleted the ci/publish-to-pypi branch June 16, 2026 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raylim