Skip to content

Commit

Permalink
feat: update PyPI release workflow to use OIDC
Browse files Browse the repository at this point in the history
  • Loading branch information
esolitos authored and gitbutler-client committed Aug 29, 2024
1 parent 72d3b2a commit d62d535
Show file tree
Hide file tree
Showing 5 changed files with 97 additions and 76 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,21 @@ on:
jobs:
update_version:
runs-on: ubuntu-latest

# The environment is reuiqred for OIDC to work.
# Ref: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
environment:
name: "PyPI - Pyvespa"
url: https://pypi.org/p/pyvespa

permissions:
contents: read
id-token: write

env:
# Workaround to ensure that the version is available
RELEASE_REF: ${{ github.ref || format('{0}{1}', 'refs/tags/', github.event.release.tag_name) }}

steps:
- uses: actions/checkout@v4

Expand Down Expand Up @@ -40,9 +52,6 @@ jobs:
python -m build
- name: Upload to PyPI
if: github.event_name == 'release'
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN_PYVESPA }}
run: |
python -m twine upload dist/*
uses: pypa/gh-action-pypi-publish@release/v1
with:
print-hash: true
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
- cron: "0 0 * * 1-4"

jobs:
check-and-update:
prepare:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set_output.outputs.version }}
Expand All @@ -28,6 +28,7 @@ jobs:
run: |
python -m pip install --upgrade pip
pip install -e .[build]
- name: Check latest version and set version variable
id: check_latest_version
run: |
Expand All @@ -36,34 +37,53 @@ jobs:
# Set the output variable
echo "version=$version" >> $GITHUB_OUTPUT
- name: Update the version (if not NA)
if: ${{ (steps.check_latest_version.outputs.version != 'NA') }}
check-and-update:
runs-on: ubuntu-latest
# Only run if we have a new version
if: ${{ needs.prepare.outputs.version != 'NA' }}
needs:
- prepare
env:
VERSION: ${{ needs.prepare.outputs.version }}
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"

- name: Install dependencies and this repo
run: |
python -m pip install --upgrade pip
pip install -e .[build]
- name: Update the version
run: |
# Print evaluation of the condition
echo "Version is not NA, updating version to ${{ steps.check_latest_version.outputs.version }}"
echo "Updating Vespa CLI version to ${{ steps.check_latest_version.outputs.version }}"
python utils/update_version.py --version ${{ steps.check_latest_version.outputs.version }}
echo "Updating Vespa CLI version to ${VERSION}"
python utils/update_version.py --version "${VERSION}"
- name: Download latest binaries
if: ${{ steps.check_latest_version.outputs.version != 'NA' }}
run: |
python utils/download_binaries.py --version ${{ steps.check_latest_version.outputs.version }}
python utils/download_binaries.py --version "${VERSION}"
- name: Upload binaries as artifact
uses: actions/upload-artifact@v4
with:
name: binaries
path: vespacli/vespacli/go-binaries

- name: Set the output variable
id: set_output
if: ${{ steps.check_latest_version.outputs.version != 'NA' }}
run: |
echo "version=${{ steps.check_latest_version.outputs.version }}" >> $GITHUB_OUTPUT

test:
needs: check-and-update
if: ${{ needs.check-and-update.outputs.version != 'NA' }}
runs-on: ${{ matrix.os }}
# Only run if we have a new version
if: ${{ needs.prepare.outputs.version != 'NA' }}
needs:
- prepare
- check-and-update
env:
VERSION: ${{ needs.prepare.outputs.version }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-12, macos-14]
Expand All @@ -85,16 +105,16 @@ jobs:
- name: Set permissions on all files in go-binaries
run: |
chmod -R +x vespacli/go-binaries/*
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .[build]
- name: Update latest version
run: |
python utils/update_version.py --version ${{ needs.check-and-update.outputs.version }}
python utils/update_version.py --version "${VERSION}"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
Expand All @@ -104,45 +124,25 @@ jobs:
run: |
vespa version
create-pr:
needs: [check-and-update, test]
outputs:
version: ${{ needs.check-and-update.outputs.version }}
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"

- name: Install dependencies and this repo
run: |
python -m pip install --upgrade pip
pip install -e .[build]
# The environment is reuiqred for OIDC to work.
# Ref: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
environment:
name: "PyPI - VespaCLI"
url: https://pypi.org/p/vespacli

- name: Update latest version
run: |
python utils/update_version.py --version ${{ needs.check-and-update.outputs.version }}
permissions:
contents: read
id-token: write

needs:
- prepare
- test
env:
VERSION: ${{ needs.prepare.outputs.version }}

- name: Commit and PR
if: github.event_name == 'release'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NEW_BRANCH: "update-vespa-cli-version-${{ needs.check-and-update.outputs.version }}"
run: |
git checkout -b "${NEW_BRANCH}"
git commit -a -m "Update Vespa CLI version to ${{ needs.check-and-update.outputs.version }}"
git push --set-upstream origin "${NEW_BRANCH}"
gh pr create -B master -H "${NEW_BRANCH}" \
-t "Update Vespa CLI version to ${{ needs.check-and-update.outputs.version }}" \
-b ":robot: This PR updates the Vespa CLI version to ${{ needs.check-and-update.outputs.version }}" \
-l "vespacli"
release:
needs: create-pr
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

Expand All @@ -165,18 +165,16 @@ jobs:
- name: Set permissions on all files in go-binaries
run: |
chmod -R +x vespacli/go-binaries/*
- name: Update latest version
run: |
python utils/update_version.py --version ${{ needs.create-pr.outputs.version }}
python utils/update_version.py --version "${VERSION}"
- name: Build
run: |
python -m build
- name: Upload to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN_VESPACLI }}
run: |
python -m twine upload dist/*
uses: pypa/gh-action-pypi-publish@release/v1
with:
print-hash: true
2 changes: 1 addition & 1 deletion vespacli/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ description = "A Python wrapper for Vespa CLI tools, supporting multiple platfor
keywords = [ "vespa", "cli", "wrapper",]
name = "vespacli"
readme = "README.md"
version = "8.391.23"
version = "8.dev"
[[project.authors]]
name = "Thomas Thoresen"
email = "[email protected]"
Expand Down
27 changes: 21 additions & 6 deletions vespacli/utils/check_latest_version.py
Original file line number Diff line number Diff line change
@@ -1,13 +1,28 @@
from download_binaries import VespaBinaryDownloader
from vespacli._version_generated import vespa_version
import sys
import requests
from packaging import version

if __name__ == "__main__":

def get_latest_pypi_version() -> version.Version:
response = requests.get(
"https://pypi.org/simple/vespacli/",
headers={"Accept": "application/vnd.pypi.simple.v1+json"}
)
latest_version = response.json()["releases"][-1]["version"]
return version.parse(latest_version)


def get_latest_github_version() -> version.Version:
downloader = VespaBinaryDownloader()
new_version = downloader.get_latest_version()
found_newer = new_version != vespa_version
if found_newer:
print(f"{new_version}")
return version.parse(downloader.get_latest_version())


if __name__ == "__main__":
gh_release = get_latest_github_version()
pypi_release = get_latest_pypi_version()
if gh_release > pypi_release:
print(f"{0}" % gh_release)
else:
print("NA")
sys.exit(0)
1 change: 0 additions & 1 deletion vespacli/vespacli/_version_generated.py

This file was deleted.

0 comments on commit d62d535

Please sign in to comment.