ci: add TestPyPI upload using TEST_PYPI_API_TOKEN; keep prod PyPI disabled

marci · marci · commit 9b3c8b0d29db · 2025-09-02T16:01:22.000+02:00
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -135,7 +135,7 @@ jobs:
       if: github.repository_owner == 'securebitsorg' && github.event_name == 'release' && github.event.action == 'published'
       env:
         TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        TWINE_PASSWORD: ${{ env.testpypi }}
       run: |
         python -m twine upload dist/*
 
@@ -206,10 +206,7 @@ jobs:
       id: meta
       uses: docker/metadata-action@v5
       with:
-        images: ghcr.io/${{ steps.repo.outputs.name }}
-        tags: |
-          # Git-Branch oder Tag als Tag verwenden
-          type=ref,event=branch
+        images: ghcr.io/${{ steps.repo.outputs.name }}cenv.testpypi
           type=ref,event=pr
           type=ref,event=tag
           # Immer 'latest' Tag für den Default-Branch
@@ -327,10 +324,24 @@ jobs:
     - name: Download build artifacts for release (Fallback)
       if: success()
       uses: actions/download-artifact@v4
-      with:
+      with:c
         name: python-package
         path: dist/
 
+    - name: Install Twine for TestPyPI upload
+      if: success() && env.testpypi != ''
+      run: |
+        python -m pip install --upgrade pip
+        pip install twine
+
+    - name: Publish to TestPyPI
+      if: success() && env.testpypi != ''
+      env:
+        TWINE_USERNAME: __token__
+        TWINE_PASSWORD: ${{ env.testpypi }}
+      run: |
+        python -m twine upload --repository-url https://test.pypi.org/legacy/ dist/*
+
     - name: Create GitHub Release (Fallback)
       if: success()
       env:
