ci: build and publish package to Gitea registry on tag
docker / test (push) Successful in 38s
lint / lint (push) Successful in 45s
docker / lint (push) Successful in 44s
test / test (push) Successful in 44s
docker / docker (push) Successful in 40s
docker / lint (pull_request) Successful in 40s
docker / test (pull_request) Successful in 34s
lint / lint (pull_request) Successful in 41s
test / test (pull_request) Successful in 40s
docker / docker (pull_request) Successful in 37s
docker / test (push) Successful in 38s
lint / lint (push) Successful in 45s
docker / lint (push) Successful in 44s
test / test (push) Successful in 44s
docker / docker (push) Successful in 40s
docker / lint (pull_request) Successful in 40s
docker / test (pull_request) Successful in 34s
lint / lint (pull_request) Successful in 41s
test / test (pull_request) Successful in 40s
docker / docker (pull_request) Successful in 37s
Add .gitea/workflows/publish.yml: on a v* tag, gate on the existing lint + test jobs, then build sdist+wheel with uv and publish to the self-hosted Gitea PyPI registry using least-privilege Actions secrets (GITEA_PACKAGE_USER / GITEA_PACKAGE_TOKEN). The job fails loudly when the secrets are absent rather than publishing anonymously, uploads the built artifacts, and leaves a disabled public-PyPI stub. Public PyPI is intentionally not published in this pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -253,6 +253,7 @@ Gitea workflows were added under `.gitea/workflows/`:
|
||||
- `lint.yml`: Ruff + formatting + mypy.
|
||||
- `test.yml`: lint + pytest + enforced coverage (`>=80%`).
|
||||
- `docker.yml`: lint+test gated Docker build, SHA tag, `latest` tag on `main`.
|
||||
- `publish.yml`: on a `v*` tag, lint+test gated `uv build` + publish the Python package to the Gitea PyPI registry (see `docs/packaging.md`).
|
||||
|
||||
## Docker hardening
|
||||
|
||||
|
||||
Reference in New Issue
Block a user