Skip to content

feat: add workflow and instructions to build and publish api_auth #496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tdruez merged 1 commit into from
Mar 5, 2026
Merged

feat: add workflow and instructions to build and publish api_auth #496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions .github/workflows/publish-pypi-release-aboutcode-api-auth.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Build aboutcode.api_auth Python distributions and publish on PyPI

on:
workflow_dispatch:
push:
tags:
- "aboutcode.api_auth/*"

jobs:
build:
name: Build and publish library to PyPI
runs-on: ubuntu-24.04
permissions:
contents: read

steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false # do not keep the token around

- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: 3.14

- name: Install flot
run: python -m pip install flot --user

- name: Build a binary wheel and a source tarball
run: python -m flot --pyproject pipeline-pyproject.toml --sdist --wheel --output-dir dist/

- name: Upload package distributions as GitHub workflow artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: python-package-distributions
path: dist/

# Only set the id-token: write permission in the job that does publishing, not globally.
# Also, separate building from publishing — this makes sure that any scripts
# maliciously injected into the build or test environment won't be able to elevate
# privileges while flying under the radar.
pypi-publish:
name: Upload package distributions to PyPI
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
needs:
- build
runs-on: ubuntu-24.04
environment:
name: pypi
url: https://pypi.org/p/aboutcode.api_auth
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing

steps:
- name: Download all the dists
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
name: python-package-distributions
path: dist/

- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
29 changes: 29 additions & 0 deletions aboutcode/api_auth/RELEASE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Release instructions for `aboutcode.api_auth`

### Automated release workflow

- Create a new `aboutcode.api_auth-release-x.x.x` branch
- Update the version in:
- `api_auth-pyproject.toml`
- `aboutcode/api_auth/__init__.py`
- Commit and push this branch
- Create a PR and merge once approved
- Tag and push to trigger the `publish-pypi-release-aboutcode-api-auth.yml` workflow
that takes care of building the distribution archives and upload those to pypi::
```
VERSION=x.x.x # <- Set the new version here
TAG=aboutcode.api_auth/$VERSION
git tag -a $TAG -m ""
git push origin $TAG
```

### Manual build

```
cd dejacode
source .venv/bin/activate
pip install flot
flot --pyproject api_auth-pyproject.toml --sdist --wheel --output-dir dist/
```

The distribution archives will be available in the local `dist/` directory.
2 changes: 2 additions & 0 deletions aboutcode/api_auth/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
from rest_framework.authentication import TokenAuthentication
from rest_framework.exceptions import AuthenticationFailed

__version__ = "0.1.0"


class AbstractAPIToken(models.Model):
"""
Expand Down
44 changes: 44 additions & 0 deletions api_auth-pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
[build-system]
requires = ["flot"]
build-backend = "flot.buildapi"

[project]
name = "aboutcode.api_auth"
version = "0.1.0"
description = ""
license = { text = "Apache-2.0" }
readme = "aboutcode/api_auth/README.md"
requires-python = ">=3.11"
authors = [ { name = "nexB. Inc. and others", email = "info@aboutcode.org" } ]
keywords = [
"open source",
"api",
"authentication",
]
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Programming Language :: Python :: 3.14",
"Topic :: Software Development",
"Topic :: Utilities",
]

[project.urls]
Homepage = "https://github.com/aboutcode-org/dejacode"
Documentation = "https://dejacode.readthedocs.io/"
Repository = "https://github.com/aboutcode-org/dejacode/tree/main/aboutcode/api_auth"
Issues = "https://github.com/aboutcode-org/dejacode/issues"

[tool.flot]
includes = [
"aboutcode/api_auth/*",
]
metadata_files = [
"LICENSE",
"NOTICE",
]