🔒 Add GPG keys to sign the python wheel to publish on pypi (#1687)

Fix the commits
openvinotoolkit · Feb 8, 2024 · 241c147 · 241c147
1 parent c0431fc
commit 241c147
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -14,10 +14,19 @@ jobs:
         run: |
           python -m pip install --upgrade pip
           pip install setuptools wheel twine
-      - name: Build and publish
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+
+      - name: Import GPG Key
+        run: |
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --import
+
+      - name: Build and sign distribution
         run: |
           python setup.py sdist bdist_wheel
-          twine upload dist/*
+          gpg --detach-sign -a dist/*.tar.gz
+          gpg --detach-sign -a dist/*.whl
+
+      - name: Upload to PyPI
+        run: twine upload dist/*
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}