From eb5d52e6517a2a3ae427e9458d0cdf49b27bb084 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Fri, 24 Apr 2026 23:19:21 +0300 Subject: [PATCH 01/10] Isolate package build and publish --- .github/workflows/publish.yml | 111 ++++++++++++++++++++++------------ 1 file changed, 73 insertions(+), 38 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3348356..bf233b8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,6 @@ # This workflow is triggered two ways: # -# 1. When a tag is created, the workflow will upload the package to +# 1. When a commit is made, the workflow will upload the package to # test.pypi.org. # 2. When a release is made, the workflow will upload the package to pypi.org. # @@ -9,49 +9,84 @@ name: Upload package on: - release: - types: [created] push: - tags: - - '*' + pull_request: + release: + types: + - published + workflow_dispatch: + +permissions: + contents: read + +env: + FORCE_COLOR: 1 jobs: - deploy: + # Always build & lint package. + build-package: + name: Build & verify package runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + persist-credentials: false + + - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0 + + # Publish to Test PyPI on every commit on main. + release-test-pypi: + name: Publish in-dev package to test.pypi.org + if: | + github.repository_owner == 'python' + && github.event_name == 'push' + && github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + needs: build-package + + permissions: + id-token: write + + steps: + - name: Download packages built by build-and-inspect-python-package + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: Packages + path: dist + + - name: Publish to Test PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 + with: + repository-url: https://test.pypi.org/legacy/ + + # Publish to PyPI on GitHub Releases. + release-pypi: + name: Publish to PyPI + # Only run for published releases. + if: | + github.repository_owner == 'python' + && github.event.action == 'published' + runs-on: ubuntu-latest + needs: build-package + environment: name: release - url: https://pypi.org/p/tzdata + url: >- + https://pypi.org/project/tzdata/${{ + github.event.release.tag_name + }} + permissions: id-token: write + steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -U tox - - name: Create tox environments - run: | - tox -p -e py,build --notest - - name: Run tests - run: | - tox -e py - - name: Build package - run: | - tox -e build - - name: Publish package (TestPyPI) - if: github.event_name == 'push' - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 - with: - repository-url: https://test.pypi.org/legacy/ - verbose: true - - name: Publish package - if: github.event_name == 'release' - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 - with: - verbose: true + - name: Download packages built by build-and-inspect-python-package + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: Packages + path: dist + + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 From 623a92bab8bfeacdb2dfc0e965db7133b9a9bdea Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Fri, 24 Apr 2026 23:20:54 +0300 Subject: [PATCH 02/10] Remove old tox publishing env --- .github/workflows/tests.yml | 2 +- tox.ini | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 20eb70c..21891b1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -50,7 +50,7 @@ jobs: runs-on: "ubuntu-latest" strategy: matrix: - toxenv: ["build", "precommit", "typing", "docs"] + toxenv: ["precommit", "typing", "docs"] env: TOXENV: ${{ matrix.toxenv }} diff --git a/tox.ini b/tox.ini index 83e7708..fe186b4 100644 --- a/tox.ini +++ b/tox.ini @@ -70,15 +70,3 @@ deps = commands = sphinx-build -d "{toxworkdir}/docs_doctree" "{toxinidir}/docs" \ "{toxinidir}/docs/_output" {posargs: -j auto --color -bhtml} - -[testenv:build] -description = Build a wheel and source distribution -skip_install = True -deps = - build - twine -commands = - python -c "from pathlib import Path; \ - [x.unlink(missing_ok=True) for x in Path('{toxinidir}/dist').glob('*')]" - python -m build -o {toxinidir}/dist {toxinidir} - twine check {toxinidir}/dist/* From 8308d1dccebb4d5ce80c0d7500be550e33710c1d Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Fri, 24 Apr 2026 23:29:27 +0300 Subject: [PATCH 03/10] Ignore pre-existing 'W002: Wheel contains duplicate files' --- pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index aaf3b62..e3526d8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,6 +2,9 @@ requires = ["setuptools>=40.8.0", "wheel"] build-backend = "setuptools.build_meta" +[tool.check-wheel-contents] +ignore = ["W002"] + [tool.isort] atomic=true force_grid_wrap=0 From b015568416464ea8502b46cad0bf4af59ece8dec Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sat, 25 Apr 2026 18:41:50 +0300 Subject: [PATCH 04/10] Remove redundant lines Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- .github/workflows/publish.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bf233b8..19c1121 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,7 +23,6 @@ env: FORCE_COLOR: 1 jobs: - # Always build & lint package. build-package: name: Build & verify package runs-on: ubuntu-latest @@ -31,7 +30,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - fetch-depth: 0 persist-credentials: false - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0 @@ -61,7 +59,6 @@ jobs: with: repository-url: https://test.pypi.org/legacy/ - # Publish to PyPI on GitHub Releases. release-pypi: name: Publish to PyPI # Only run for published releases. From a698e2c110ecd0535b8637abf9e6fc5c86d081f1 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 19:19:48 +0300 Subject: [PATCH 05/10] Only publish to Test PyPI for tags --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 19c1121..a820b28 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,6 @@ # This workflow is triggered two ways: # -# 1. When a commit is made, the workflow will upload the package to +# 1. When a tag is created, the workflow will upload the package to # test.pypi.org. # 2. When a release is made, the workflow will upload the package to pypi.org. # @@ -34,13 +34,13 @@ jobs: - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0 - # Publish to Test PyPI on every commit on main. + # Publish to Test PyPI for every tag. release-test-pypi: name: Publish in-dev package to test.pypi.org if: | github.repository_owner == 'python' && github.event_name == 'push' - && github.ref == 'refs/heads/main' + && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest needs: build-package From 62738d52915dea09b8895a070527d9c552e4a95f Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:06:37 +0300 Subject: [PATCH 06/10] Add extra test gate between package build and publish --- .github/workflows/publish.yml | 9 +++++++-- .github/workflows/tests.yml | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a820b28..ff13208 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -34,6 +34,11 @@ jobs: - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0 + test-package: + name: Test package + needs: build-package + uses: ./.github/workflows/tests.yml + # Publish to Test PyPI for every tag. release-test-pypi: name: Publish in-dev package to test.pypi.org @@ -42,7 +47,7 @@ jobs: && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest - needs: build-package + needs: test-package permissions: id-token: write @@ -66,7 +71,7 @@ jobs: github.repository_owner == 'python' && github.event.action == 'published' runs-on: ubuntu-latest - needs: build-package + needs: test-package environment: name: release diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 21891b1..842e181 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,6 +5,7 @@ on: branches: - master pull_request: + workflow_call: workflow_dispatch: permissions: {} From 4ff4adace966f546679ab76fab36300e4c401dab Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:09:08 +0300 Subject: [PATCH 07/10] Only trigger test gate when publishing --- .github/workflows/publish.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ff13208..5daa25b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,6 +36,12 @@ jobs: test-package: name: Test package + if: | + github.repository_owner == 'python' + && ( + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) + || github.event.action == 'published' + ) needs: build-package uses: ./.github/workflows/tests.yml From 82f97d9eab375b2078edfd4b3b8bc1e9ec69105c Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:10:11 +0300 Subject: [PATCH 08/10] Refactor --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5daa25b..c5ae4fc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,7 +37,7 @@ jobs: test-package: name: Test package if: | - github.repository_owner == 'python' + github.event.repository.fork == false && ( (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.event.action == 'published' @@ -49,7 +49,7 @@ jobs: release-test-pypi: name: Publish in-dev package to test.pypi.org if: | - github.repository_owner == 'python' + github.event.repository.fork == false && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest @@ -74,7 +74,7 @@ jobs: name: Publish to PyPI # Only run for published releases. if: | - github.repository_owner == 'python' + github.event.repository.fork == false && github.event.action == 'published' runs-on: ubuntu-latest needs: test-package From b6c1d131a3479e33e6d51e1e70c603493d3436d1 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:44:37 +0300 Subject: [PATCH 09/10] Update comments Co-authored-by: Stan Ulbrych --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c5ae4fc..cc1cb15 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -45,9 +45,9 @@ jobs: needs: build-package uses: ./.github/workflows/tests.yml - # Publish to Test PyPI for every tag. + # Publish to TestPyPI for every tag. release-test-pypi: - name: Publish in-dev package to test.pypi.org + name: Publish to TestPyPI if: | github.event.repository.fork == false && github.event_name == 'push' From 1f8b90ba17ae6a6b675228ee7a6bb732dc612710 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:53:02 +0300 Subject: [PATCH 10/10] Add comment about W002 Co-authored-by: Stan Ulbrych --- pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index e3526d8..7f6be2a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -3,6 +3,9 @@ requires = ["setuptools>=40.8.0", "wheel"] build-backend = "setuptools.build_meta" [tool.check-wheel-contents] +# The wheel contains duplicate files. +# This is by design, see https://github.com/eggert/tz/blob/main/backward +# Let's ignore the warning: ignore = ["W002"] [tool.isort]