yt-dlp/.github/workflows/release-master.yml

name: Release (master)
on:
  push:
    branches:
      - master
    paths:
      - "yt_dlp/**.py"
      - "!yt_dlp/version.py"
      - "bundle/**"
      - "pyproject.toml"
      - "Makefile"
      - ".github/workflows/build.yml"
      - ".github/workflows/release.yml"
      - ".github/workflows/release-master.yml"
concurrency:
  group: release-master

permissions: {}

jobs:
  release:
    name: Publish Github release
    if: vars.BUILD_MASTER
    permissions:
      contents: write  # May be needed to publish release
      id-token: write  # Needed for trusted publishing
    uses: ./.github/workflows/release.yml
    with:
      prerelease: true
      source: ${{ (github.repository != 'yt-dlp/yt-dlp' && vars.MASTER_ARCHIVE_REPO) || 'master' }}
      target: 'master'
    secrets:
      ARCHIVE_REPO_TOKEN: ${{ secrets.ARCHIVE_REPO_TOKEN }}
      GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}

  publish_pypi:
    name: Publish to PyPI
    needs: [release]
    if: vars.MASTER_PYPI_PROJECT
    permissions:
      id-token: write  # Needed for trusted publishing
    runs-on: ubuntu-latest
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
        with:
          path: dist
          name: build-pypi
      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # v1.13.0
        with:
          verbose: true