fixed path error in workflow #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Educational Stub to PyPI | |
| on: | |
| push: | |
| tags: | |
| - "stub-v*" | |
| workflow_dispatch: | |
| concurrency: | |
| group: pypi-stub-publish | |
| cancel-in-progress: false | |
| jobs: | |
| publish: | |
| name: Build and Publish Stub | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| permissions: | |
| contents: read | |
| env: | |
| # Hard gate: must be explicitly enabled to publish | |
| ALLOW_PYPI_RELEASE: ${{ secrets.ALLOW_PYPI_RELEASE }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Ensure we are in the stub directory | |
| run: | | |
| test -d pypi-stub || { echo "Missing pypi-stub directory"; exit 1; } | |
| ls -la pypi-stub | |
| - name: Policy checks (ensure safe contents only) | |
| working-directory: pypi-stub | |
| run: | | |
| # No Rust crates, no maturin, no native binding sources | |
| (! test -f Cargo.toml) || { echo "Cargo.toml found in stub"; exit 1; } | |
| (! test -d src) || { echo "src/ directory found in stub"; exit 1; } | |
| (! test -d python) || { echo "python/ package tree found in stub"; exit 1; } | |
| (! grep -R "maturin" -n .) || { echo "maturin mention in stub"; exit 1; } | |
| # Must include required policy/doc files | |
| test -f pyproject.toml || { echo "Missing pyproject.toml"; exit 1; } | |
| test -f ../LICENSE || { echo "Missing LICENSE in repo root"; exit 1; } | |
| test -f STUB-README.md || { echo "Missing STUB-README.md"; exit 1; } | |
| test -f ../SECURITY.md || { echo "Missing SECURITY.md in repo root"; exit 1; } | |
| test -f ../LICENSE-APPENDIX.md || { echo "Missing LICENSE-APPENDIX.md in repo root"; exit 1; } | |
| test -f pe_packer_stub.py || { echo "Missing pe_packer_stub.py in pypi-stub directory"; exit 1; } | |
| - name: Guarded release gate | |
| run: | | |
| if [ -z "${ALLOW_PYPI_RELEASE}" ]; then | |
| echo "Publishing is disabled. Set ALLOW_PYPI_RELEASE secret to enable."; | |
| exit 1; | |
| fi | |
| - name: Install build backend | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install build twine | |
| - name: Prepare license and security docs | |
| run: | | |
| cp LICENSE SECURITY.md LICENSE-APPENDIX.md pypi-stub/ | |
| - name: Build wheel and sdist | |
| working-directory: pypi-stub | |
| run: | | |
| python -m build | |
| ls -la dist | |
| - name: Upload to PyPI | |
| if: env.ALLOW_PYPI_RELEASE != '' | |
| env: | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} | |
| working-directory: pypi-stub | |
| run: | | |
| test -n "$TWINE_PASSWORD" || { echo "PYPI_TOKEN is not set"; exit 1; } | |
| python -m twine upload --non-interactive dist/* |