From 1d2d20affac9d21f9f376a37c3836c6c918fca0d Mon Sep 17 00:00:00 2001 From: Martin Bernstorff Date: Fri, 27 Oct 2023 20:50:49 +0000 Subject: [PATCH 1/5] ci: reenable release --- .devcontainer/devcontainer.json | 3 ++ .github/workflows/release.yml | 60 +++++++++++++++------------------ 2 files changed, 30 insertions(+), 33 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index ef8fca22..77f6a3c8 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -26,6 +26,9 @@ "features": { "ghcr.io/devcontainers/features/github-cli:1": {} }, + "mounts": [ + "source=${localEnv:HOME}/.config/gh/hosts.yml,target=/root/.config/gh/hosts.yml,type=bind,consistency=cache", + ], "postStartCommand": "make install" // Features to add to the dev container. More info: https://containers.dev/features. // "features": {}, diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3ec6f0f7..68a21a8d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,35 +1,29 @@ -# This workflow will -# 1) Update the version number in pyproject.toml based on the commit history -# 2) Create a git tag -# 3) Create a release on GitHub -# 4) Upload the package to PyPI +name: Release +on: + push: + branches: [main] +jobs: + release: + runs-on: ubuntu-latest + concurrency: release -# name: Release -# on: -# push: -# branches: [main] -# jobs: -# release: -# runs-on: ubuntu-latest -# concurrency: release + if: ${{ github.ref == 'refs/heads/main' }} + steps: + # Checkout action is required for token to persist + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} -# if: ${{ github.ref == 'refs/heads/main' }} -# steps: -# # Checkout action is required for token to persist -# - uses: actions/checkout@v3 -# with: -# fetch-depth: 0 -# token: ${{ secrets.GITHUB_TOKEN }} - -# - name: Python Semantic Release -# uses: relekang/python-semantic-release@v7.33.1 -# with: -# github_token: ${{ secrets.GITHUB_TOKEN }} -# # Remember to copy the [tool.semantic_release] section from pyproject.toml -# # as well -# # To enable pypi, -# # 1) Set upload_to_pypi to true in pyproject.toml and -# # 2) Set the pypi_token in the repo -# # 3) Uncomment the two lines below -# repository_username: __token__ -# repository_password: ${{ secrets.PYPI_API_TOKEN }} + - name: Python Semantic Release + uses: relekang/python-semantic-release@v7.33.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + # Remember to copy the [tool.semantic_release] section from pyproject.toml + # as well + # To enable pypi, + # 1) Set upload_to_pypi to true in pyproject.toml and + # 2) Set the pypi_token in the repo + # 3) Uncomment the two lines below + repository_username: __token__ + repository_password: ${{ secrets.PYPI_API_TOKEN }} From 6a81185f68c81d5b0ac23369c480687015f4acb0 Mon Sep 17 00:00:00 2001 From: Martin Bernstorff Date: Fri, 27 Oct 2023 20:53:29 +0000 Subject: [PATCH 2/5] ci: reenable release --- .github/workflows/release.yml | 48 ++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68a21a8d..917e5847 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,29 +1,47 @@ +# This workflow will +# - Find the latest version tag based on the commit history +# - Create a git tag for the new version +# - Update the version number in pyproject.toml based on the commit history +# - Upload the package to PyPI +# - Create a release on GitHub + name: Release on: - push: - branches: [main] + workflow_run: + workflows: ["tests"] + types: + - completed jobs: release: runs-on: ubuntu-latest concurrency: release + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing using PyPI + # a guide on how to set it up is available here: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ + - if: ${{ github.ref == 'refs/heads/main' }} + if: ${{ github.ref == 'refs/heads/main' && github.event.workflow_run.conclusion == 'success'}} steps: - # Checkout action is required for token to persist - uses: actions/checkout@v3 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.PAT }} - name: Python Semantic Release - uses: relekang/python-semantic-release@v7.33.1 + id: release + uses: python-semantic-release/python-semantic-release@v8.0.4 + with: + github_token: ${{ secrets.PAT }} + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + if: steps.release.outputs.released == 'true' + # This action supports PyPI's trusted publishing implementation, which allows authentication to PyPI without a manually + # configured API token or username/password combination. To perform trusted publishing with this action, your project's + # publisher must already be configured on PyPI. + + - name: Publish package distributions to GitHub Releases + uses: python-semantic-release/upload-to-gh-release@main + if: steps.release.outputs.released == 'true' with: - github_token: ${{ secrets.GITHUB_TOKEN }} - # Remember to copy the [tool.semantic_release] section from pyproject.toml - # as well - # To enable pypi, - # 1) Set upload_to_pypi to true in pyproject.toml and - # 2) Set the pypi_token in the repo - # 3) Uncomment the two lines below - repository_username: __token__ - repository_password: ${{ secrets.PYPI_API_TOKEN }} + github_token: ${{ secrets.PAT }} \ No newline at end of file From 255e2888d11ade7975dccde1285f98b335335349 Mon Sep 17 00:00:00 2001 From: Martin Bernstorff Date: Fri, 27 Oct 2023 20:55:18 +0000 Subject: [PATCH 3/5] misc. --- .github/workflows/cruft.yml | 66 ------------------------------------- pyproject.toml | 2 +- 2 files changed, 1 insertion(+), 67 deletions(-) delete mode 100644 .github/workflows/cruft.yml diff --git a/.github/workflows/cruft.yml b/.github/workflows/cruft.yml deleted file mode 100644 index 714de363..00000000 --- a/.github/workflows/cruft.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Cruft Check - -on: - pull_request: - branches: - - main - -jobs: - cruft-check: - runs-on: ubuntu-latest - permissions: - pull-requests: write - - steps: - # Avoid infinite loop where main - # Feature PR -> cruft check from main -> - # Cruft update PR -> cruft check from main -> - # Cruft update PR ... - - name: Check if pull request is from a fork - run: | - if [ "${{ github.event.pull_request.head.repo.fork }}" = "true" ]; then - echo "Pull request is from a fork and does not have permissions for PR creation. Exiting gracefully." - exit 0 - elif [ "${{github.event.pull_request.title}}" == "ci - update cruft" ]; then - echo "Pull request is already a cruft update. Exiting gracefully." - exit 0 - else - echo "Pull request is not from a fork, continuing." - fi - - - name: Checkout code - uses: actions/checkout@v3 - with: - ref: main - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: "3.9" - - - name: Install Cruft - run: pip install cruft - - - name: Update cruft - id: cruft_check - run: | - cruft_output=$(cruft update --skip-apply-ask) - if echo "$cruft_output" | grep -q "Good work!"; then - echo "$cruft_output" - echo "cruft_updated=true" >> $GITHUB_OUTPUT - else - echo "$cruft_output" - echo "cruft_updated=false" >> $GITHUB_OUTPUT - fi - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v4 - if: ${{ steps.cruft_check.outputs.cruft_updated == 'true' && github.event.pull_request.title != 'ci - update cruft' }} - continue-on-error: true - with: - title: "ci - update cruft" - branch: "update-cruft" - body: "🌲 Cruft updates" - token: ${{ secrets.PAT }} - commit-message: "ci: update cruft" - labels: "dependencies" # This makes the PR exempt from the stale bot diff --git a/pyproject.toml b/pyproject.toml index eb153203..c3c15270 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "personal-mnemonic-medium" -version = "0.0.0" +version = "0.2.0" authors = [{ name = "Martin Bernstorff", email = "martinbernstorff@gmail.com" }] description = "Personal Mnemonic Medium" classifiers = ["Programming Language :: Python :: 3.11"] From 357ac0a10ad7409b5d725d8c03ed8669cec0032b Mon Sep 17 00:00:00 2001 From: Martin Bernstorff Date: Fri, 27 Oct 2023 20:55:42 +0000 Subject: [PATCH 4/5] ci: update cruft --- .cruft.json | 2 +- .devcontainer/devcontainer.json | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.cruft.json b/.cruft.json index d6b1af7a..6ba1a114 100644 --- a/.cruft.json +++ b/.cruft.json @@ -1,6 +1,6 @@ { "template": "https://github.com/MartinBernstorff/nimble-python-cookiecutter", - "commit": "80b90f37d8ce87ffb1ab97cf2b518fc0fd431dfb", + "commit": "5a729f8039fb1444652177ddd964d1560c0b941d", "checkout": null, "context": { "cookiecutter": { diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 77f6a3c8..bb6213f9 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -9,7 +9,6 @@ "dockerfile": "../Dockerfile", "cacheFrom": "ghcr.io/martinbernstorff/personal-mnemonic-medium-devcontainer:latest" }, - // "features": {}, "customizations": { "vscode": { "extensions": [ @@ -23,6 +22,9 @@ ] } }, + "mounts": [ + "source=${localEnv:HOME}/.config/gh/hosts.yml,target=/root/.config/gh/hosts.yml,type=bind,consistency=cache", // GitHub CLI authentication login + ], "features": { "ghcr.io/devcontainers/features/github-cli:1": {} }, From 6d38c59ba3b38d3a71c09d2ea08cecfc84dd4a64 Mon Sep 17 00:00:00 2001 From: Martin Bernstorff Date: Fri, 27 Oct 2023 21:01:15 +0000 Subject: [PATCH 5/5] ci: create hosts before push --- .github/workflows/tests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ac2134b3..47305c32 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,6 +26,11 @@ jobs: registry: ghcr.io username: MartinBernstorff password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create github hosts file + run: | # If this file is not created, the dev container fails because of non-existant mount + mkdir -p ~/.config/gh + touch ~/.config/gh/hosts.yml - name: Pre-build dev container image uses: devcontainers/ci@v0.3