From 5f873047a054085619d98b2a7a3da24f6c7899c2 Mon Sep 17 00:00:00 2001 From: crimsonknave Date: Wed, 11 Dec 2024 17:49:17 -0500 Subject: [PATCH 1/5] Setup pypi, testpypi and github releases --- .github/workflows/build-and-upload.yaml | 40 ------ .../workflows/package-quality-control.yaml | 39 ------ .github/workflows/publish-to-pypi.yaml | 117 ++++++++++++++++++ action.yaml | 6 - script/build_package | 8 -- 5 files changed, 117 insertions(+), 93 deletions(-) delete mode 100644 .github/workflows/build-and-upload.yaml delete mode 100644 .github/workflows/package-quality-control.yaml create mode 100644 .github/workflows/publish-to-pypi.yaml delete mode 100644 action.yaml delete mode 100755 script/build_package diff --git a/.github/workflows/build-and-upload.yaml b/.github/workflows/build-and-upload.yaml deleted file mode 100644 index a760870..0000000 --- a/.github/workflows/build-and-upload.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ship-package - -on: - push: - branches: [ main ] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -jobs: - build-and-upload: - runs-on: self-hosted - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Check for Changed Files - id: changed-files - uses: tj-actions/changed-files@635f118699dd888d737c15018cd30aff2e0274f8 - with: - files: | - annotated_logger - Dockerfile - pyproject.toml - requirements.txt - - - name: Log into registry - if: steps.changed-files.outputs.any_changed == 'true' - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 - with: - registry: ghcr.io - username: ${{ secrets.GHCR_USER }} - password: ${{ secrets.GHCR_PW }} - - - name: Build Package - uses: ./ # Action defined in action.yaml in the root - if: steps.changed-files.outputs.any_changed == 'true' diff --git a/.github/workflows/package-quality-control.yaml b/.github/workflows/package-quality-control.yaml deleted file mode 100644 index 032aacf..0000000 --- a/.github/workflows/package-quality-control.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: package-quality-control - -on: - pull_request: - branches: - - main - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -jobs: - # Checks that version number has been updated - package-quality-control: - permissions: - contents: read - runs-on: ubuntu-latest - steps: - - name: Checkout Current PR Branch - uses: actions/checkout@v4 - - name: Set up Python - uses: actions/setup-python@v5 - - name: Check for Changed Files - id: changed-files - uses: tj-actions/changed-files@635f118699dd888d737c15018cd30aff2e0274f8 - with: - files: | - pyproject.toml - annotated_logger/__init__.py - - name: Install hatch - if: steps.changed-files.outputs.any_changed == 'true' - run: python -m pip install hatch - - name: Compare Versions - if: steps.changed-files.outputs.any_changed == 'true' - run: | - export BRANCH_VERSION=$(hatch version) - git checkout main - export MAIN_VERSION=$(hatch version) - - if [[ "$BRANCH_VERSION" == "$MAIN_VERSION" ]]; then echo "Please update package version number." && exit 1; fi diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml new file mode 100644 index 0000000..b7d65f1 --- /dev/null +++ b/.github/workflows/publish-to-pypi.yaml @@ -0,0 +1,117 @@ +name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI + +on: push + +jobs: + build: + name: Build distribution 📦 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.x" + - name: Install hatch + run: >- + python3 -m + pip install + hatch + --user + - name: Build a binary wheel and a source tarball + run: python3 -m hatch build + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + publish-to-pypi: + name: >- + Publish Python 🐍 distribution 📦 to PyPI + if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes + needs: + - build + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/ # Replace with your PyPI project name + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + + github-release: + name: >- + Sign the Python 🐍 distribution 📦 with Sigstore + and upload them to GitHub Release + needs: + - publish-to-pypi + runs-on: ubuntu-latest + + permissions: + contents: write # IMPORTANT: mandatory for making GitHub Releases + id-token: write # IMPORTANT: mandatory for sigstore + + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v3.0.0 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: >- + gh release create + '${{ github.ref_name }}' + --repo '${{ github.repository }}' + --notes "" + - name: Upload artifact signatures to GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + run: >- + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' + + publish-to-testpypi: + name: Publish Python 🐍 distribution 📦 to TestPyPI + needs: + - build + runs-on: ubuntu-latest + + environment: + name: testpypi + url: https://test.pypi.org/p/ + + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ diff --git a/action.yaml b/action.yaml deleted file mode 100644 index e31c1d1..0000000 --- a/action.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "Build Package" -description: "Build the vulnerability-aggregator client python package" -runs: - using: "docker" - image: "Dockerfile" - entrypoint: "/app/script/build_package" diff --git a/script/build_package b/script/build_package deleted file mode 100755 index 46d057d..0000000 --- a/script/build_package +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -set -ex - -cd "$(dirname $0)/.." - - -hatch build -cp dist/* /github/workspace/dist From 6a7f32254234eed4a9f47898be1d6cc05430baec Mon Sep 17 00:00:00 2001 From: crimsonknave Date: Wed, 11 Dec 2024 17:54:17 -0500 Subject: [PATCH 2/5] Actually use project name --- .github/workflows/publish-to-pypi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml index b7d65f1..27ced47 100644 --- a/.github/workflows/publish-to-pypi.yaml +++ b/.github/workflows/publish-to-pypi.yaml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest environment: name: pypi - url: https://pypi.org/p/ # Replace with your PyPI project name + url: https://pypi.org/p/annotated-logger permissions: id-token: write # IMPORTANT: mandatory for trusted publishing @@ -100,7 +100,7 @@ jobs: environment: name: testpypi - url: https://test.pypi.org/p/ + url: https://test.pypi.org/p/annotated-logger permissions: id-token: write # IMPORTANT: mandatory for trusted publishing From e1026269e68580aa32b9785852bdb62e80d8ced7 Mon Sep 17 00:00:00 2001 From: crimsonknave Date: Wed, 11 Dec 2024 18:01:19 -0500 Subject: [PATCH 3/5] Fix code scanning issues --- .github/workflows/publish-to-pypi.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml index 27ced47..b52b874 100644 --- a/.github/workflows/publish-to-pypi.yaml +++ b/.github/workflows/publish-to-pypi.yaml @@ -2,6 +2,9 @@ name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI on: push +permissions: + contents: read + jobs: build: name: Build distribution 📦 @@ -47,7 +50,7 @@ jobs: name: python-package-distributions path: dist/ - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 github-release: name: >- @@ -68,7 +71,7 @@ jobs: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@v3.0.0 + uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 #v3.0.0 with: inputs: >- ./dist/*.tar.gz @@ -112,6 +115,6 @@ jobs: name: python-package-distributions path: dist/ - name: Publish distribution 📦 to TestPyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 with: repository-url: https://test.pypi.org/legacy/ From 65cec7314a14b39d66915a7b95805e4cdb52a6a6 Mon Sep 17 00:00:00 2001 From: crimsonknave Date: Wed, 11 Dec 2024 18:04:55 -0500 Subject: [PATCH 4/5] Bump version to see if that fixes testpypi publish --- annotated_logger/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/annotated_logger/__init__.py b/annotated_logger/__init__.py index e4309ff..5c40bc2 100644 --- a/annotated_logger/__init__.py +++ b/annotated_logger/__init__.py @@ -29,7 +29,7 @@ if TYPE_CHECKING: # pragma: no cover from collections.abc import MutableMapping -VERSION = "1.2.0" # pragma: no mutate +VERSION = "1.2.1" # pragma: no mutate T = TypeVar("T") P = ParamSpec("P") From de58016c34e7419b350ce0c45cbcb48e67005a66 Mon Sep 17 00:00:00 2001 From: crimsonknave Date: Wed, 11 Dec 2024 18:19:40 -0500 Subject: [PATCH 5/5] Added a note about dev versions and testpypi --- annotated_logger/__init__.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/annotated_logger/__init__.py b/annotated_logger/__init__.py index 5c40bc2..9d398a6 100644 --- a/annotated_logger/__init__.py +++ b/annotated_logger/__init__.py @@ -29,6 +29,11 @@ if TYPE_CHECKING: # pragma: no cover from collections.abc import MutableMapping +# Use 0.0.0.dev1 and so on when working in a PR +# Each push attempts to upload to testpypi, but it only works with a unique version +# https://test.pypi.org/project/annotated-logger/ +# The dev versions in testpypi can then be pulled in to whatever project needed +# the new feature. VERSION = "1.2.1" # pragma: no mutate T = TypeVar("T")