Conversation
There was a problem hiding this comment.
Pull Request Overview
Adds a GitHub Actions workflow to automatically publish the package to PyPI when a new release is published. This prepares the repository for automated package distribution.
- Configures workflow to trigger on GitHub release publication
- Sets up Python environment and builds the package using standard tools
- Uses PyPA's official action for secure PyPI publishing with OIDC
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| python -m build --sdist --wheel | ||
| twine check dist/* | ||
| - name: "Publish on pypi" | ||
| uses: pypa/gh-action-pypi-publish@release/v1 |
There was a problem hiding this comment.
Pin the action to a specific commit hash instead of using the mutable 'release/v1' tag to prevent supply chain attacks. For example, use a format like 'pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450'.
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 |
There was a problem hiding this comment.
I understand the recommendation, but since I'm going to do a video on this, I'm going to keep it clear (and recommend that viewers check whatever the most recent hash is).
Co-authored-by: Copilot <[email protected]>
Getting ready to do the release! We'll need this workflow in place first