forked from perdoch/hesaff
-
Notifications
You must be signed in to change notification settings - Fork 6
430 lines (425 loc) · 16.3 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# Based on ~/code/xcookie/xcookie/rc/tests.yml.in
# Now based on ~/code/xcookie/xcookie/builders/github_actions.py
# See: https://github.com/Erotemic/xcookie
name: BinPyCI
on:
push:
pull_request:
branches: [ main ]
jobs:
build_binpy_wheels:
##
# Build the binary wheels. Note: even though cibuildwheel will test
# them internally here, we will test them independently later in the
# test_binpy_wheels step.
##
name: ${{ matrix.os }}, arch=${{ matrix.arch }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# Normally, xcookie generates explicit lists of platforms to build / test
# on, but in this case cibuildwheel does that for us, so we need to just
# set the environment variables for cibuildwheel. These are parsed out of
# the standard [tool.cibuildwheel] section in pyproject.toml and set
# explicitly here.
os:
- ubuntu-latest
cibw_skip:
- pp* cp27-* cp34-* cp35-* cp36-* *-musllinux_* *i686*
arch:
- auto
steps:
- name: Checkout source
uses: actions/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
if: runner.os == 'Linux' && matrix.arch != 'auto'
with:
platforms: all
- name: Build binary wheels
uses: pypa/[email protected]
with:
output-dir: wheelhouse
config-file: pyproject.toml
env:
CIBW_SKIP: ${{ matrix.cibw_skip }}
CIBW_ARCHS_LINUX: ${{ matrix.arch }}
- name: Show built files
shell: bash
run: ls -la wheelhouse
- name: Set up Python 3.12 to combine coverage
uses: actions/[email protected]
if: runner.os == 'Linux'
with:
python-version: '3.12'
- name: Combine coverage Linux
if: runner.os == 'Linux'
run: |-
echo '############ PWD'
pwd
cp .wheelhouse/.coverage* . || true
ls -al
python -m pip install coverage[toml]
echo '############ combine'
coverage combine . || true
echo '############ XML'
coverage xml -o ./coverage.xml || true
echo '### The cwd should now have a coverage.xml'
ls -altr
pwd
- uses: codecov/[email protected]
name: Codecov Upload
with:
file: ./coverage.xml
token: ${{ secrets.CODECOV_TOKEN }}
- uses: actions/[email protected]
name: Upload wheels artifact
with:
name: wheels
path: ./wheelhouse/pyhesaff*.whl
test_binpy_wheels:
##
# Download the previously build binary wheels from the
# build_binpy_wheels step, and test them in an independent
# environment.
##
name: ${{ matrix.python-version }} on ${{ matrix.os }}, arch=${{ matrix.arch }} with ${{ matrix.install-extras }}
if: "! startsWith(github.event.ref, 'refs/heads/release')"
runs-on: ${{ matrix.os }}
needs:
- build_binpy_wheels
strategy:
fail-fast: false
matrix:
# Xcookie generates an explicit list of environments that will be used
# for testing instead of using the more concise matrix notation.
include:
- python-version: '3.7'
install-extras: tests-strict,runtime-strict,headless-strict
os: ubuntu-latest
arch: auto
- python-version: '3.12'
install-extras: tests-strict,runtime-strict,optional-strict,headless-strict
os: ubuntu-latest
arch: auto
- python-version: '3.7'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
- python-version: '3.8'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
- python-version: '3.9'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
- python-version: '3.10'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
- python-version: '3.11'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
- python-version: '3.12'
install-extras: tests,optional,headless
os: ubuntu-latest
arch: auto
steps:
- name: Checkout source
uses: actions/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
if: runner.os == 'Linux' && matrix.arch != 'auto'
with:
platforms: all
- name: Setup Python
uses: actions/[email protected]
with:
python-version: ${{ matrix.python-version }}
- uses: actions/[email protected]
name: Download wheels
with:
name: wheels
path: wheelhouse
- name: Install wheel ${{ matrix.install-extras }}
shell: bash
env:
INSTALL_EXTRAS: ${{ matrix.install-extras }}
run: |-
echo "Finding the path to the wheel"
ls wheelhouse || echo "wheelhouse does not exist"
echo "Installing helpers"
pip install setuptools>=0.8 setuptools_scm wheel build -U
pip install tomli pkginfo
export WHEEL_FPATH=$(python -c "import pathlib; print(str(sorted(pathlib.Path('wheelhouse').glob('pyhesaff*.whl'))[-1]).replace(chr(92), chr(47)))")
export MOD_VERSION=$(python -c "from pkginfo import Wheel; print(Wheel('$WHEEL_FPATH').version)")
echo "$WHEEL_FPATH=WHEEL_FPATH"
echo "$INSTALL_EXTRAS=INSTALL_EXTRAS"
echo "$MOD_VERSION=MOD_VERSION"
pip install --prefer-binary "pyhesaff[$INSTALL_EXTRAS]==$MOD_VERSION" -f wheelhouse
echo "Install finished."
- name: Test wheel ${{ matrix.install-extras }}
shell: bash
env:
CI_PYTHON_VERSION: py${{ matrix.python-version }}
run: |-
echo "Creating test sandbox directory"
export WORKSPACE_DNAME="testdir_${CI_PYTHON_VERSION}_${GITHUB_RUN_ID}_${RUNNER_OS}"
echo "WORKSPACE_DNAME=$WORKSPACE_DNAME"
mkdir -p $WORKSPACE_DNAME
echo "cd-ing into the workspace"
cd $WORKSPACE_DNAME
pwd
ls -altr
# Get the path to the installed package and run the tests
export MOD_DPATH=$(python -c "import pyhesaff, os; print(os.path.dirname(pyhesaff.__file__))")
export MOD_NAME=pyhesaff
echo "
---
MOD_DPATH = $MOD_DPATH
---
running the pytest command inside the workspace
---
"
python -m pytest --verbose -p pytester -p no:doctest --xdoctest --cov-config ../pyproject.toml --cov-report term --durations=100 --cov="$MOD_NAME" "$MOD_DPATH" ../tests
echo "pytest command finished, moving the coverage file to the repo root"
ls -al
# Move coverage file to a new name
mv .coverage "../.coverage.$WORKSPACE_DNAME"
echo "changing directory back to th repo root"
cd ..
ls -al
- name: Combine coverage Linux
if: runner.os == 'Linux'
run: |-
echo '############ PWD'
pwd
cp .wheelhouse/.coverage* . || true
ls -al
python -m pip install coverage[toml]
echo '############ combine'
coverage combine . || true
echo '############ XML'
coverage xml -o ./coverage.xml || true
echo '### The cwd should now have a coverage.xml'
ls -altr
pwd
- uses: codecov/[email protected]
name: Codecov Upload
with:
file: ./coverage.xml
token: ${{ secrets.CODECOV_TOKEN }}
test_deploy:
name: Uploading Test to PyPi
runs-on: ubuntu-latest
if: github.event_name == 'push' && ! startsWith(github.event.ref, 'refs/tags') && ! startsWith(github.event.ref, 'refs/heads/release')
needs:
- build_binpy_wheels
steps:
- name: Checkout source
uses: actions/[email protected]
- uses: actions/[email protected]
name: Download wheels
with:
name: wheels
path: wheelhouse
- uses: actions/[email protected]
name: Download sdist
with:
name: sdist_wheels
path: wheelhouse
- name: Show files to upload
shell: bash
run: ls -la wheelhouse
- name: Sign and Publish
env:
TWINE_REPOSITORY_URL: https://test.pypi.org/legacy/
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TEST_TWINE_PASSWORD }}
CI_SECRET: ${{ secrets.CI_SECRET }}
run: |-
GPG_EXECUTABLE=gpg
$GPG_EXECUTABLE --version
openssl version
$GPG_EXECUTABLE --list-keys
echo "Decrypting Keys"
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_secret_gpg_subkeys.pgp.enc | $GPG_EXECUTABLE --import
echo "Finish Decrypt Keys"
$GPG_EXECUTABLE --list-keys || true
$GPG_EXECUTABLE --list-keys || echo "first invocation of gpg creates directories and returns 1"
$GPG_EXECUTABLE --list-keys
VERSION=$(python -c "import setup; print(setup.VERSION)")
pip install twine
pip install urllib3 requests[security] twine
GPG_KEYID=$(cat dev/public_gpg_key)
echo "GPG_KEYID = '$GPG_KEYID'"
GPG_SIGN_CMD="$GPG_EXECUTABLE --batch --yes --detach-sign --armor --local-user $GPG_KEYID"
WHEEL_PATHS=(wheelhouse/*.whl wheelhouse/*.tar.gz)
WHEEL_PATHS_STR=$(printf '"%s" ' "${WHEEL_PATHS[@]}")
echo "$WHEEL_PATHS_STR"
for WHEEL_PATH in "${WHEEL_PATHS[@]}"
do
echo "------"
echo "WHEEL_PATH = $WHEEL_PATH"
$GPG_SIGN_CMD --output $WHEEL_PATH.asc $WHEEL_PATH
$GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH || echo "hack, the first run of gpg very fails"
$GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH
done
ls -la wheelhouse
pip install opentimestamps-client
ots stamp wheelhouse/*.whl wheelhouse/*.tar.gz wheelhouse/*.asc
ls -la wheelhouse
twine upload --username __token__ --password "$TWINE_PASSWORD" --repository-url "$TWINE_REPOSITORY_URL" wheelhouse/*.whl wheelhouse/*.tar.gz --skip-existing --verbose || { echo "failed to twine upload" ; exit 1; }
- uses: actions/[email protected]
name: Upload deploy artifacts
with:
name: deploy_artifacts
path: |-
wheelhouse/*.whl
wheelhouse/*.zip
wheelhouse/*.tar.gz
wheelhouse/*.asc
wheelhouse/*.ots
live_deploy:
name: Uploading Live to PyPi
runs-on: ubuntu-latest
if: github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags') || startsWith(github.event.ref, 'refs/heads/release'))
needs:
- build_binpy_wheels
steps:
- name: Checkout source
uses: actions/[email protected]
- uses: actions/[email protected]
name: Download wheels
with:
name: wheels
path: wheelhouse
- uses: actions/[email protected]
name: Download sdist
with:
name: sdist_wheels
path: wheelhouse
- name: Show files to upload
shell: bash
run: ls -la wheelhouse
- name: Sign and Publish
env:
TWINE_REPOSITORY_URL: https://upload.pypi.org/legacy/
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
CI_SECRET: ${{ secrets.CI_SECRET }}
run: |-
GPG_EXECUTABLE=gpg
$GPG_EXECUTABLE --version
openssl version
$GPG_EXECUTABLE --list-keys
echo "Decrypting Keys"
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_secret_gpg_subkeys.pgp.enc | $GPG_EXECUTABLE --import
echo "Finish Decrypt Keys"
$GPG_EXECUTABLE --list-keys || true
$GPG_EXECUTABLE --list-keys || echo "first invocation of gpg creates directories and returns 1"
$GPG_EXECUTABLE --list-keys
VERSION=$(python -c "import setup; print(setup.VERSION)")
pip install twine
pip install urllib3 requests[security] twine
GPG_KEYID=$(cat dev/public_gpg_key)
echo "GPG_KEYID = '$GPG_KEYID'"
GPG_SIGN_CMD="$GPG_EXECUTABLE --batch --yes --detach-sign --armor --local-user $GPG_KEYID"
WHEEL_PATHS=(wheelhouse/*.whl wheelhouse/*.tar.gz)
WHEEL_PATHS_STR=$(printf '"%s" ' "${WHEEL_PATHS[@]}")
echo "$WHEEL_PATHS_STR"
for WHEEL_PATH in "${WHEEL_PATHS[@]}"
do
echo "------"
echo "WHEEL_PATH = $WHEEL_PATH"
$GPG_SIGN_CMD --output $WHEEL_PATH.asc $WHEEL_PATH
$GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH || echo "hack, the first run of gpg very fails"
$GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH
done
ls -la wheelhouse
pip install opentimestamps-client
ots stamp wheelhouse/*.whl wheelhouse/*.tar.gz wheelhouse/*.asc
ls -la wheelhouse
twine upload --username __token__ --password "$TWINE_PASSWORD" --repository-url "$TWINE_REPOSITORY_URL" wheelhouse/*.whl wheelhouse/*.tar.gz --skip-existing --verbose || { echo "failed to twine upload" ; exit 1; }
- uses: actions/[email protected]
name: Upload deploy artifacts
with:
name: deploy_artifacts
path: |-
wheelhouse/*.whl
wheelhouse/*.zip
wheelhouse/*.tar.gz
wheelhouse/*.asc
wheelhouse/*.ots
release:
name: Create Github Release
if: github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags') || startsWith(github.event.ref, 'refs/heads/release'))
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- live_deploy
steps:
- name: Checkout source
uses: actions/[email protected]
- uses: actions/[email protected]
name: Download artifacts
with:
name: deploy_artifacts
path: wheelhouse
- name: Show files to release
shell: bash
run: ls -la wheelhouse
- run: 'echo "Automatic Release Notes. TODO: improve" > ${{ github.workspace }}-CHANGELOG.txt'
- name: Tag Release Commit
if: (startsWith(github.event.ref, 'refs/heads/release'))
run: |-
export VERSION=$(python -c "import setup; print(setup.VERSION)")
git tag "v$VERSION"
git push origin "v$VERSION"
- uses: softprops/action-gh-release@v1
name: Create Release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
body_path: ${{ github.workspace }}-CHANGELOG.txt
tag_name: ${{ github.ref }}
name: Release ${{ github.ref }}
body: Automatic Release
generate_release_notes: true
draft: true
prerelease: false
files: |-
wheelhouse/*.whl
wheelhouse/*.asc
wheelhouse/*.ots
wheelhouse/*.zip
wheelhouse/*.tar.gz
###
# Unfortunately we cant (yet) use the yaml docstring trick here
# https://github.community/t/allow-unused-keys-in-workflow-yaml-files/172120
#__doc__: |
# # How to run locally
# # https://packaging.python.org/guides/using-testpypi/
# git clone https://github.com/nektos/act.git $HOME/code/act
# chmod +x $HOME/code/act/install.sh
# (cd $HOME/code/act && ./install.sh -b $HOME/.local/opt/act)
#
# load_secrets
# unset GITHUB_TOKEN
# $HOME/.local/opt/act/act \
# --secret=EROTEMIC_TWINE_PASSWORD=$EROTEMIC_TWINE_PASSWORD \
# --secret=EROTEMIC_TWINE_USERNAME=$EROTEMIC_TWINE_USERNAME \
# --secret=EROTEMIC_CI_SECRET=$EROTEMIC_CI_SECRET \
# --secret=EROTEMIC_TEST_TWINE_USERNAME=$EROTEMIC_TEST_TWINE_USERNAME \
# --secret=EROTEMIC_TEST_TWINE_PASSWORD=$EROTEMIC_TEST_TWINE_PASSWORD