Compare commits

...

44 Commits

Author SHA1 Message Date
Sviatoslav Sydorenko e71a4a4c1d Add support for verbose bash execusion w/ $DEBUG 2022-12-07 00:07:43 +01:00
Sviatoslav Sydorenko e56e8212f4 🐛 Make id always available in twine-upload 2022-12-07 00:07:20 +01:00
Sviatoslav Sydorenko c879b84594 🐛 Use full path to bash in shebang 2022-12-07 00:02:01 +01:00
Sviatoslav Sydorenko 57e7d53102 🐛Ensure the default $PATH value is pre-loaded
This patch imports the system-global profile script to
populate the `$PATH` variable with the typically available binary
paths.

Ref:
https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340065840
2022-12-06 23:58:05 +01:00
Sviatoslav Sydorenko ce291dce5b 🎨🐛Fix the branch @ pre-commit.ci badge links 2022-12-06 23:24:07 +01:00
Sviatoslav Sydorenko 102d8ab13f 🐛 Rehardcode devpi port for GHA srv container 2022-12-06 23:18:25 +01:00
Sviatoslav Sydorenko 3a9eaef3ef 🐛Use different ports in/out of GHA containers 2022-12-06 23:13:58 +01:00
Sviatoslav Sydorenko a01fa7442e 🐛 Use localhost @ GHA outside the containers 2022-12-06 23:04:43 +01:00
Sviatoslav Sydorenko ee892fd7f2 🐛Move Twine repository URL definitions to steps 2022-12-06 23:01:39 +01:00
Sviatoslav Sydorenko 47622d7eb0 🎨 Add CI/CD badges to README 2022-12-06 22:59:26 +01:00
Sviatoslav Sydorenko 54b250c7bf 🧪 Add Python linters to pre-commit.ci 2022-12-06 22:52:30 +01:00
Sviatoslav Sydorenko 967acbb201 🎨Reuse existing requirement pins @ smoke-test 2022-12-06 22:30:01 +01:00
Sviatoslav Sydorenko 5755482491 Stop upgrading pip @ GHA unnecessarily 2022-12-06 22:27:07 +01:00
Sviatoslav Sydorenko dfc70e7dc8 Make the stub package dir creation verbose @ GHA 2022-12-06 22:26:35 +01:00
Sviatoslav Sydorenko 1c4183fd91 🎨 Make the GHA steps named 2022-12-06 22:26:08 +01:00
Sviatoslav Sydorenko efa83bf521 Pin setuptools for pkg stub to v65.6.3
This patch is meant to improve the reproducibility of smoke-testing.
2022-12-06 22:20:59 +01:00
Sviatoslav Sydorenko 3f27ae2c90 Drop unnecessary wheel declaration from stub pkg 2022-12-06 22:18:59 +01:00
Sviatoslav Sydorenko ee83abeb35 🎨 Put devpi creds into reusable vars @ GHA 2022-12-06 22:17:42 +01:00
Sviatoslav Sydorenko 08af49986e 🎭 Enable output ANSI-colorization in CI 2022-12-06 22:08:08 +01:00
Sviatoslav Sydorenko 713d81cca0 Update the test job ID to smoke-test 2022-12-06 22:06:28 +01:00
Sviatoslav Sydorenko 3a5c774287 Update the workflow name to 🧪 2022-12-06 22:06:05 +01:00
Sviatoslav Sydorenko 819df810af Rename the GHA workflow to self-smoke-test-action 2022-12-06 22:02:49 +01:00
Sviatoslav Sydorenko fedca4a9a8 🎨Use explicit strings for action input defaults 2022-12-06 21:44:30 +01:00
Sviatoslav Sydorenko 1350b8bd72 🐛 Avoid broken env vars passed by GHA from host
Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112.
2022-12-06 21:40:38 +01:00
Sviatoslav Sydorenko dfae161eab Add a config for pre-commit.ci 2022-12-06 00:17:52 +01:00
Sviatoslav Sydorenko b3f93a1ad6 Expect the GHA workflow to complete in 2 minutes 2022-12-06 00:16:34 +01:00
Sviatoslav Sydorenko 595429bec5 Drop the execute privilege bit from print-hash.py
This is requested by the pre-commit.ci linting
2022-12-06 00:13:22 +01:00
Sviatoslav Sydorenko cde4774fb1 Adjust the GHA workflow per yamllint rules 2022-12-06 00:11:43 +01:00
Sviatoslav Sydorenko a737e68aed Sync funding config with other places I maintain 2022-12-06 00:08:31 +01:00
Sviatoslav Sydorenko f68ac3ea4e Merge PR #111 into unstable/v1
This patch adds a simple GHA-based smoke test that uses devpi to
verify the main success path of the action.
2022-12-05 23:34:15 +01:00
Sviatoslav Sydorenko 7ef975b955 Run CI smoke-tests in PRs 2022-12-05 23:33:07 +01:00
S2 9022aae148 Add test upload workflow 2022-12-06 09:01:24 +11:00
Sviatoslav Sydorenko 5d1679fa6b Use py3.11 user-global site-packages in PYTHONPATH 2022-12-03 04:18:27 +01:00
Sviatoslav Sydorenko d2a2496a01 Switch the runtime from Python 3.9 to Python 3.11 2022-12-03 02:46:45 +01:00
Sviatoslav Sydorenko d7edd4c957 Add user-global site-packages to $PYTHONPATH 2022-11-30 11:37:45 +01:00
Sviatoslav Sydorenko 8d5f27cca4 Install Twine in the user-global site-packages 2022-11-30 11:17:41 +01:00
Sviatoslav Sydorenko b0dc178d8e Disable pip cache dir with an env var 2022-11-30 11:17:12 +01:00
Sviatoslav Sydorenko bbf6e0b2f0 Copy requirements to corresponding dir @ container
This corrects the mistake of setting wrong target directory made
earlier in c54db9c2b7.
2022-11-30 11:03:33 +01:00
Sviatoslav Sydorenko 0b69a8c2df Document broken pkginfo==1.9.0 transitive dep
Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/107
2022-11-30 10:32:45 +01:00
Sviatoslav Sydorenko c54db9c2b7 Integrate pip-tools-generated constraint files
This patch adds constraint files with the dependency tree
generated by `pip-compile` under Python 3.9. They are now integrated
into the action container image.

Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/101
* https://github.com/pypa/gh-action-pypi-publish/issues/107
2022-11-30 10:17:33 +01:00
Sviatoslav Sydorenko 480ec4ed58 Inherit yamllint config from the default preset
This patch also fixes the misconfigured rules definition.
2022-11-30 10:05:59 +01:00
Sviatoslav Sydorenko 5fb2f047e2 Drop __token__ from README code usage snippets
This patch reduces the emphasis on the `__token__` value of the `user`
input since it's default anyway. It also adds a separate paragraph
showing how to specify a custom username if the need be.

Ref: https://github.com/pypa/packaging.python.org/issues/1108
2022-07-25 23:13:35 +02:00
Sviatoslav Sydorenko 7bbdccd64f Update the mention of master with unstable/v1 2022-07-25 23:07:43 +02:00
Sviatoslav Sydorenko 328cf89e05 📝 Fix a link to the "Distribution Package" term 2022-07-25 22:55:14 +02:00
13 changed files with 460 additions and 24 deletions
+15 -5
View File
@@ -1,6 +1,16 @@
github: [webknjaz]
patreon: webknjaz
# open_collective: # Replace with a single Open Collective username
---
custom:
- https://www.comebackalive.in.ua/donate
- https://github.com/vshymanskyy/StandWithUkraine#for-maintainers-and-authors
- https://www.paypal.me/webknjazCZ
- https://webknjaz.me
github:
- webknjaz
ko_fi: webknjaz
# tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
custom: https://www.paypal.me/webknjazCZ
liberapay: webknjaz
...
@@ -0,0 +1,95 @@
---
name: 🧪
on: # yamllint disable-line rule:truthy
push:
pull_request:
env:
devpi-password: abcd1234
devpi-username: root
devpi-port: 3141
FORCE_COLOR: 1 # Request colored output from CLI tools supporting it
MYPY_FORCE_COLOR: 1 # MyPy's color enforcement
PIP_DISABLE_PIP_VERSION_CHECK: 1
PIP_NO_PYTHON_VERSION_WARNING: 1
PIP_NO_WARN_SCRIPT_LOCATION: 1
PY_COLORS: 1 # Recognized by the `py` package, dependency of `pytest`
TOX_PARALLEL_NO_SPINNER: 1
TOX_TESTENV_PASSENV: >- # Make tox-wrapped tools see color requests
FORCE_COLOR
MYPY_FORCE_COLOR
NO_COLOR
PY_COLORS
PYTEST_THEME
PYTEST_THEME_MODE
jobs:
smoke-test:
runs-on: ubuntu-latest
services:
devpi:
image: muccg/devpi
env:
DEVPI_PASSWORD: ${{ env.devpi-password }}
ports:
- 3141
timeout-minutes: 2
steps:
- name: Check out the action locally
uses: actions/checkout@v3
with:
path: test
- name: Install the packaging-related tools
run: python3 -m pip install build twine
env:
PIP_CONSTRAINT: test/requirements/runtime.txt
- name: Create the stub package importable directory
run: mkdir -pv src/test_package
- name: Populate the stub package `__init__.py`
run: echo '__version__ = "0.1"' > src/test_package/__init__.py
- name: Populate the stub package `README.md`
run: echo "# Test Package" > README.md
- name: Populate the stub package `pyproject.toml`
run: echo "$CONTENTS" > pyproject.toml
env:
CONTENTS: |
[build-system]
requires = [
"setuptools == 65.6.3",
]
build-backend = "setuptools.build_meta"
[project]
name = "test-package"
version = "0.1"
readme = "README.md"
- name: Build the stub package sdist and wheel distributions
run: python3 -m build
- name: Register the stub package in devpi
run: twine register dist/*.tar.gz
env:
TWINE_USERNAME: ${{ env.devpi-username }}
TWINE_PASSWORD: ${{ env.devpi-password }}
TWINE_REPOSITORY_URL: >-
http://localhost:${{
job.services.devpi.ports[env.devpi-port]
}}/${{
env.devpi-username
}}/public/
- name: ✅ Smoke-test the locally checked out action
uses: ./test
env:
PATH: utter-nonsense
with:
user: ${{ env.devpi-username }}
password: ${{ env.devpi-password }}
repository_url: >-
http://devpi:${{ env.devpi-port }}/${{ env.devpi-username }}/public/
...
+181
View File
@@ -0,0 +1,181 @@
---
ci:
autoupdate_schedule: quarterly
repos:
- repo: https://github.com/asottile/add-trailing-comma.git
rev: v2.3.0
hooks:
- id: add-trailing-comma
- repo: https://github.com/PyCQA/isort.git
rev: 5.10.1
hooks:
- id: isort
args:
- --honor-noqa
- repo: https://github.com/Lucas-C/pre-commit-hooks.git
rev: v1.3.1
hooks:
- id: remove-tabs
- repo: https://github.com/python-jsonschema/check-jsonschema.git
rev: 0.18.3
hooks:
- id: check-github-actions
- id: check-github-workflows
- id: check-jsonschema
name: Check GitHub Workflows set timeout-minutes
args:
- --builtin-schema
- github-workflows-require-timeout
files: ^\.github/workflows/[^/]+$
types:
- yaml
- id: check-readthedocs
- repo: https://github.com/pre-commit/pre-commit-hooks.git
rev: v4.3.0
hooks:
# Side-effects:
- id: end-of-file-fixer
- id: trailing-whitespace
- id: mixed-line-ending
# Non-modifying checks:
- id: name-tests-test
files: >-
^tests/[^_].*\.py$
- id: check-added-large-files
- id: check-byte-order-marker
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-merge-conflict
- id: check-json
- id: check-symlinks
- id: check-yaml
- id: detect-private-key
# Heavy checks:
- id: check-ast
- id: debug-statements
language_version: python3
- repo: https://github.com/codespell-project/codespell
rev: v2.2.1
hooks:
- id: codespell
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.28.0
hooks:
- id: yamllint
files: \.(yaml|yml)$
types:
- file
- yaml
args:
- --strict
- repo: https://github.com/PyCQA/flake8.git
rev: 6.0.0
hooks:
- id: flake8
alias: flake8-no-wps
name: flake8 WPS-excluded
args:
- --ignore
- >-
D100,
D101,
D103,
D107,
E402,
E501,
additional_dependencies:
- flake8-2020 ~= 1.7.0
- flake8-pytest-style ~= 1.6.0
language_version: python3
- repo: https://github.com/PyCQA/flake8.git
# NOTE: This is kept at v4 for until WPS starts supporting flake v5.
rev: 4.0.1 # enforce-version: 4.0.1
hooks:
- id: flake8
alias: flake8-only-wps
name: flake8 WPS-only
args:
- --ignore
- >-
WPS102,
WPS110,
WPS111,
WPS305,
WPS347,
WPS360,
WPS421,
WPS422,
WPS432,
WPS433,
WPS437,
WPS440,
WPS441,
WPS453,
- --select
- WPS
additional_dependencies:
- wemake-python-styleguide ~= 0.16.1
language_version: python3
- repo: https://github.com/PyCQA/pylint.git
rev: v2.15.3
hooks:
- id: pylint
args:
- --disable
- >-
import-error,
invalid-name,
line-too-long,
missing-class-docstring,
missing-function-docstring,
missing-module-docstring,
protected-access,
super-init-not-called,
unused-argument,
wrong-import-position,
- --output-format
- colorized
- repo: local
hooks:
- id: enforced-flake8-version
name: Verify that enforced flake8 version stays unchanged
description: >-
This is a sanity check and fixer that makes sure that
the `flake8` version in this file remains matching the
corresponding request in the `# enforce-version` comment.
# Using Python here because using
# shell test does not always work in CIs:
entry: >-
python -c 'import pathlib, re, sys;
pre_commit_config = pathlib.Path(sys.argv[1]);
cfg_txt = pre_commit_config.read_text();
new_cfg_txt = re.sub(
r"(?P<spaces>\s+)rev:\s(?:\d+\.\d+\.\d+)\s{0,2}"
r"#\senforce-version:\s(?P<enforced_version>\d+\.\d+\.\d+)"
r"[ \t\f\v]*",
r"\g<spaces>rev: \g<enforced_version> "
r"# enforce-version: \g<enforced_version>",
cfg_txt,
);
cfg_txt != new_cfg_txt and
pre_commit_config.write_text(new_cfg_txt)
'
pass_filenames: true
language: system
files: >-
^\.pre-commit-config\.ya?ml$
types:
- yaml
...
+10 -2
View File
@@ -1,2 +1,10 @@
indentation:
indent-sequences: false
---
extends: default
rules:
indentation:
level: error
indent-sequences: false
...
+13 -3
View File
@@ -1,4 +1,4 @@
FROM python:3.9-slim
FROM python:3.11-slim
LABEL "maintainer" "Sviatoslav Sydorenko <wk+pypa@sydorenko.org.ua>"
LABEL "repository" "https://github.com/pypa/gh-action-pypi-publish"
@@ -7,9 +7,19 @@ LABEL "homepage" "https://github.com/pypa/gh-action-pypi-publish"
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
ENV PIP_NO_CACHE_DIR 1
ENV PATH "/root/.local/bin:${PATH}"
ENV PYTHONPATH "/root/.local/lib/python3.11/site-packages"
COPY requirements requirements
RUN \
pip install --upgrade --no-cache-dir pip-with-requires-python && \
pip install --upgrade --no-cache-dir --prefer-binary twine
PIP_CONSTRAINT=requirements/runtime-prerequisites.txt \
pip install --user --upgrade --no-cache-dir \
-r requirements/runtime-prerequisites.in && \
PIP_CONSTRAINT=requirements/runtime.txt \
pip install --user --upgrade --no-cache-dir --prefer-binary \
-r requirements/runtime.in
WORKDIR /app
COPY LICENSE.md .
+30 -9
View File
@@ -1,5 +1,8 @@
[![SWUbanner]][SWUdocs]
[![🧪 GitHub Actions CI/CD workflow tests badge]][GHA workflow runs list]
[![pre-commit.ci status badge]][pre-commit.ci results page]
# PyPI publish GitHub Action
This action allows you to upload your [Python distribution packages]
@@ -25,14 +28,13 @@ To use the action add the following step to your workflow file (e.g.
- name: Publish a Python distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
```
> **Pro tip**: instead of using branch pointers, like `master`, pin versions of
Actions that you use to tagged versions or sha1 commit identifiers. This will
make your workflows more secure and better reproducible, saving you from sudden
and unpleasant surprises.
> **Pro tip**: instead of using branch pointers, like `unstable/v1`, pin
versions of Actions that you use to tagged versions or sha1 commit identifiers.
This will make your workflows more secure and better reproducible, saving you
from sudden and unpleasant surprises.
A common use case is to upload packages only on a tagged commit, to do so add a
filter to the step:
@@ -50,7 +52,6 @@ So the full step would look like:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
```
@@ -112,7 +113,6 @@ The action invocation in this case would look like:
- name: Publish package to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
repository_url: https://test.pypi.org/legacy/
```
@@ -127,7 +127,6 @@ would now look like:
- name: Publish package to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: custom-dir/
```
@@ -181,12 +180,34 @@ It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded.
print_hash: true
```
### Specifying a different username
The default username value is `__token__`. If you publish to a custom
registry that does not provide API tokens, like `devpi`, you may need to
specify a custom username and password pair. This is how it's done.
```yml
with:
user: guido
password: ${{ secrets.DEVPI_PASSWORD }}
```
## License
The Dockerfile and associated scripts and documentation in this project
are released under the [BSD 3-clause license](LICENSE.md).
[🧪 GitHub Actions CI/CD workflow tests badge]:
https://github.com/pypa/gh-action-pypi-publish/actions/workflows/self-smoke-test-action.yml/badge.svg?branch=unstable%2Fv1&event=push
[GHA workflow runs list]:
https://github.com/pypa/gh-action-pypi-publish/actions/workflows/self-smoke-test-action.yml?query=branch%3Aunstable%2Fv1
[pre-commit.ci results page]:
https://results.pre-commit.ci/latest/github/pypa/gh-action-pypi-publish/unstable/v1
[pre-commit.ci status badge]:
https://results.pre-commit.ci/badge/github/pypa/gh-action-pypi-publish/unstable/v1.svg
[Creating & using secrets]:
https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
[has nothing to do with _building package distributions_]:
@@ -195,7 +216,7 @@ https://github.com/pypa/gh-action-pypi-publish/issues/11#issuecomment-530480449
https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
[PyPI API token]: https://pypi.org/help/#apitoken
[Python distribution packages]:
https://packaging.python.org/glossary/#term-distribution-package
https://packaging.python.org/glossary/#term-Distribution-Package
[SWUbanner]:
https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner-direct-single.svg
[SWUdocs]:
+4 -4
View File
@@ -19,21 +19,21 @@ inputs:
verify_metadata:
description: Check metadata before uploading
required: false
default: true
default: 'true'
skip_existing:
description: >-
Do not fail if a Python package distribution
exists in the target package index
required: false
default: false
default: 'false'
verbose:
description: Show verbose output.
required: false
default: false
default: 'false'
print_hash:
description: Show hash values of files to be uploaded
required: false
default: false
default: 'false'
branding:
color: yellow
icon: upload-cloud
Executable → Regular
View File
+1
View File
@@ -0,0 +1 @@
pip-with-requires-python
+12
View File
@@ -0,0 +1,12 @@
#
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
# pip-compile --allow-unsafe --output-file=requirements/runtime-prerequisites.txt --resolver=backtracking --strip-extras requirements/runtime-prerequisites.in
#
pip-with-requires-python==1.0.1
# via -r requirements/runtime-prerequisites.in
# The following packages are considered to be unsafe in a requirements file:
pip==22.3.1
# via pip-with-requires-python
+11
View File
@@ -0,0 +1,11 @@
twine
# NOTE: `pkginfo` is a transitive dependency for us that is coming from Twine.
# NOTE: It is declared here only to avoid installing a broken combination of
# NOTE: the distribution packages. This should be removed once a fixed version
# NOTE: of Twine is out.
# Refs:
# * https://github.com/pypa/gh-action-pypi-publish/issues/107
# * https://github.com/pypa/twine/issues/940
# * https://github.com/pypa/twine/pull/941
pkginfo != 1.9.0
+72
View File
@@ -0,0 +1,72 @@
#
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
# pip-compile --allow-unsafe --output-file=requirements/runtime.txt --resolver=backtracking --strip-extras requirements/runtime.in
#
bleach==5.0.1
# via readme-renderer
certifi==2022.9.24
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==2.1.1
# via requests
commonmark==0.9.1
# via rich
cryptography==38.0.4
# via secretstorage
docutils==0.19
# via readme-renderer
idna==3.4
# via requests
importlib-metadata==5.1.0
# via
# keyring
# twine
jaraco-classes==3.2.3
# via keyring
jeepney==0.8.0
# via
# keyring
# secretstorage
keyring==23.11.0
# via twine
more-itertools==9.0.0
# via jaraco-classes
pkginfo==1.9.2
# via
# -r requirements/runtime.in
# twine
pycparser==2.21
# via cffi
pygments==2.13.0
# via
# readme-renderer
# rich
readme-renderer==37.3
# via twine
requests==2.28.1
# via
# requests-toolbelt
# twine
requests-toolbelt==0.10.1
# via twine
rfc3986==2.0.0
# via twine
rich==12.6.0
# via twine
secretstorage==3.3.3
# via keyring
six==1.16.0
# via bleach
twine==4.0.1
# via -r requirements/runtime.in
urllib3==1.26.13
# via
# requests
# twine
webencodings==0.5.1
# via bleach
zipp==3.11.0
# via importlib-metadata
+16 -1
View File
@@ -1,7 +1,22 @@
#! /usr/bin/env bash
#! /bin/bash
if [[ -n "${DEBUG}" ]]
then
set -x
fi
set -Eeuo pipefail
# NOTE: These variables are needed to combat GitHub passing broken env vars
# NOTE: from the runner VM host runtime.
# Ref: https://github.com/pypa/gh-action-pypi-publish/issues/112
export PATH="/usr/bin:${PATH}" # To find `id`
. /etc/profile # Makes python and other executables findable
export PATH="$(python -m site --user-base)/bin:${PATH}"
export PYTHONPATH="$(python -m site --user-site):${PYTHONPATH}"
if [[
"$INPUT_USER" == "__token__" &&
! "$INPUT_PASSWORD" =~ ^pypi-