Merge pull request #349 from gaphor/trusted-publisher

Enable trusted publisher for PyPI
This commit is contained in:
Dan Yeaw 2023-07-02 13:03:02 -04:00 committed by GitHub
commit 410a710c42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 14 deletions

26
.github/scripts/metadata.sh vendored Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
echo "GITHUB_REF is $GITHUB_REF"
TAG="${GITHUB_REF/refs\/tags\//}"
echo "TAG is $TAG"
if ! [ -x "$(command -v poetry)" ]; then
echo 'Poetry not found!' >&2
exit 1
fi
VERSION="$(poetry version --no-ansi | cut -d' ' -f2)"
echo "VERSION is $VERSION"
if [[ "$GITHUB_REF" =~ refs\/tags\/.* && "$TAG" == "${VERSION}" ]]
then
REV=""
RELEASE="true"
else
# PEP440 version scheme, different from semver 2.0
REV=".dev${GITHUB_RUN_NUMBER:-0}+${GITHUB_SHA:0:8}"
RELEASE="false"
poetry version "${VERSION}""${REV}"
fi
echo "version=${VERSION}${REV}" >> "$GITHUB_OUTPUT"
echo "release=${RELEASE}" >> "$GITHUB_OUTPUT"

View File

@ -6,7 +6,7 @@ on:
types: [created, published]
env:
POETRY_VERSION: 1.2.2
POETRY_VERSION: 1.5.1
jobs:
skip-check:
@ -34,7 +34,7 @@ jobs:
- name: Lint with Pre-commit
uses: pre-commit/action@v3.0.0
test:
build:
needs: lint
if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
@ -44,6 +44,10 @@ jobs:
max-parallel: 4
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
name: build (python ${{ matrix.python-version }})
outputs:
targz: generic-${{ steps.meta.outputs.version }}.tar.gz
wheel: generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
steps:
- uses: actions/checkout@v3.5.3
- name: Set up Python ${{ matrix.python-version }}
@ -56,6 +60,9 @@ jobs:
python -m pip install --upgrade pip
pip install poetry==$POETRY_VERSION
poetry config virtualenvs.in-project true
- name: Collect Project Data
id: meta
run: .github/scripts/metadata.sh
- name: Install dependencies
run: poetry install --no-interaction
- name: Test
@ -66,15 +73,36 @@ jobs:
CC_TEST_REPORTER_ID: f9441442730130d385df69241a779ac3b663756ed21881179826e3fab7e01924
with:
coverageCommand: poetry run coverage xml
- name: Build (release only)
if: github.event_name == 'release' && matrix.python-version == '3.11'
- name: Create Source Dist and Wheel
if: ${{ matrix.python_version == env.python_version }}
run: poetry build
- name: Upload Assets (release only)
uses: AButler/upload-release-assets@v2.0
if: github.event_name == 'release' && matrix.python-version == '3.11'
- name: Upload generic-${{ steps.meta.output.version }}.tar.gz
if: ${{ matrix.python_version == env.python_version }}
uses: actions/upload-artifact@v3
with:
files: "dist/*"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Publish to PyPI (release only)
if: github.event_name == 'release' && matrix.python-version == '3.11'
run: poetry publish -u __token__ -p ${{ secrets.PYPI_TOKEN }}
name: generic-${{ steps.meta.outputs.version }}.tar.gz
path: dist/generic-${{ steps.meta.outputs.version }}.tar.gz
- name: Upload generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
if: ${{ matrix.python_version == env.python_version }}
uses: actions/upload-artifact@v3
with:
name: generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
path: dist/generic-${{ steps.meta.outputs.version }}-py3-none-any.whl
publish-to-pypi:
name: Publish to PyPI (release only)
needs: build
runs-on: ubuntu-22.04
permissions:
id-token: write
if: ${{ github.event_name == 'release' }}
steps:
- uses: actions/download-artifact@v3
with:
name: ${{ needs.build.outputs.targz }}
path: dist
- uses: actions/download-artifact@v3
with:
name: ${{ needs.build.outputs.wheel }}
path: dist
- uses: pypa/gh-action-pypi-publish@release/v1

View File

@ -6,6 +6,7 @@ We are currently supporting the latest released version of the library.
## Reporting a Vulnerability
Generic has GitHub's Private Security Vulnerability Reporting enabled. Please go to the Security tab to report security vulnerabilites.
For more information, please see the [GitHub docs on privately reporting](
Generic has GitHub's Private Security Vulnerability Reporting enabled. Please
go to the Security tab to report security vulnerabilities. For more
information, please see the [GitHub docs on privately reporting](
https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).