Isolate package build and publish

.github/workflows/publish.yml

@@ -1,6 +1,6 @@
 # This workflow is triggered two ways:
 #
-# 1. When a tag is created, the workflow will upload the package to
+# 1. When a commit is made, the workflow will upload the package to
 #    test.pypi.org.
 # 2. When a release is made, the workflow will upload the package to pypi.org.
 #
@@ -9,49 +9,84 @@
 name: Upload package
 
 on:
-  release:
-    types: [created]
   push:
-    tags:
-      - '*'
+  pull_request:
+  release:
+    types:
+      - published
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  FORCE_COLOR: 1
 
 jobs:
-  deploy:
+  # Always build & lint package.
+  build-package:
+    name: Build & verify package
     runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2.17.0
+
+  # Publish to Test PyPI on every commit on main.
+  release-test-pypi:
+    name: Publish in-dev package to test.pypi.org
+    if: |
+      github.repository_owner == 'python'
+      && github.event_name == 'push'
+      && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: Packages
+          path: dist
+
+      - name: Publish to Test PyPI
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  # Publish to PyPI on GitHub Releases.
+  release-pypi:
+    name: Publish to PyPI
+    # Only run for published releases.
+    if: |
+      github.repository_owner == 'python'
+      && github.event.action == 'published'
+    runs-on: ubuntu-latest
+    needs: build-package
+
     environment:
       name: release
-      url: https://pypi.org/p/tzdata
+      url: >-
+        https://pypi.org/project/tzdata/${{
+          github.event.release.tag_name
+        }}
+
     permissions:
       id-token: write
+
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        persist-credentials: false
-    - name: Set up Python
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-      with:
-        python-version: '3.x'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -U tox
-    - name: Create tox environments
-      run: |
-        tox -p -e py,build --notest
-    - name: Run tests
-      run: |
-        tox -e py
-    - name: Build package
-      run: |
-        tox -e build
-    - name: Publish package (TestPyPI)
-      if: github.event_name == 'push'
-      uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
-      with:
-        repository-url: https://test.pypi.org/legacy/
-        verbose: true
-    - name: Publish package
-      if: github.event_name == 'release'
-      uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
-      with:
-        verbose: true
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: Packages
+          path: dist
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0

.github/workflows/tests.yml

@@ -50,7 +50,7 @@ jobs:
     runs-on: "ubuntu-latest"
     strategy:
       matrix:
-        toxenv: ["build", "precommit", "typing", "docs"]
+        toxenv: ["precommit", "typing", "docs"]
     env:
       TOXENV: ${{ matrix.toxenv }}
 

pyproject.toml

@@ -2,6 +2,9 @@
 requires = ["setuptools>=40.8.0", "wheel"]
 build-backend = "setuptools.build_meta"
 
+[tool.check-wheel-contents]
+ignore = ["W002"]
+
 [tool.isort]
 atomic=true
 force_grid_wrap=0

tox.ini

@@ -70,15 +70,3 @@ deps =
 commands =
     sphinx-build -d "{toxworkdir}/docs_doctree" "{toxinidir}/docs" \
                     "{toxinidir}/docs/_output" {posargs: -j auto --color -bhtml}
-
-[testenv:build]
-description = Build a wheel and source distribution
-skip_install = True
-deps =
-    build
-    twine
-commands =
-    python -c "from pathlib import Path; \
-               [x.unlink(missing_ok=True) for x in Path('{toxinidir}/dist').glob('*')]"
-    python -m build -o {toxinidir}/dist {toxinidir}
-    twine check {toxinidir}/dist/*