Merge remote-tracking branch 'saltstack/main'

saltstack · Sep 17, 2024 · 696eded · 696eded
2 parents 4bfa00b + 17644d1
commit 696eded
Show file tree

Hide file tree

Showing 12 changed files with 101 additions and 61 deletions.
diff --git a/.github/workflows/build-cross-action.yml b/.github/workflows/build-cross-action.yml
@@ -64,7 +64,7 @@ jobs:
           python3 -c 'import os; print(os.name)'
 
       - name: Download Toolchain Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz
           path: toolchain/toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz
@@ -92,15 +92,15 @@ jobs:
           python3 -m nox -e tests -- tests/test_verify_build.py
 
       - name: Linux Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs
           path: logs/*
           retention-days: 5
 
       - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz"
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: ${{ matrix.host == matrix.target }}
         with:
           name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz
@@ -149,15 +149,15 @@ jobs:
           python3 -m nox -e tests -- tests/test_verify_build.py
 
       - name: MacOS Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs
           path: logs/*
           retention-days: 5
 
       - name: Python build
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
           path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
@@ -207,15 +207,15 @@ jobs:
           nox -e tests -- tests/test_verify_build.py
 
       - name: Upload Build Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs
           path: logs/*
           retention-days: 5
 
       - name: Upload Zipfile
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz
           path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz

diff --git a/.github/workflows/build-native-action.yml b/.github/workflows/build-native-action.yml
@@ -54,7 +54,7 @@ jobs:
           python3 -c 'import os; print(os.name)'
 
       - name: Download Toolchain Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz
           path: .
@@ -74,15 +74,15 @@ jobs:
           python3 -m nox -e tests -- -s tests/test_verify_build.py
 
       - name: Linux Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs
           path: logs/*
           retention-days: 5
 
       - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz"
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: ${{ matrix.host == matrix.target  && always()}}
         with:
           name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz
@@ -131,15 +131,15 @@ jobs:
           python3 -m nox -e tests -- tests/test_verify_build.py
 
       - name: MacOS Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs
           path: logs/*
           retention-days: 5
 
       - name: Python build
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
           path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
@@ -187,15 +187,15 @@ jobs:
           nox -e tests -- tests/test_verify_build.py
 
       - name: MacOS Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs
           path: logs/*
           retention-days: 5
 
       - name: Python build
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
           path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz
@@ -249,15 +249,15 @@ jobs:
           nox -e tests -- tests/test_verify_build.py
 
       - name: Upload Build Logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs
           path: logs/*
           retention-days: 5
 
       - name: Upload Zipfile
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz
           path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,10 +26,6 @@ on:
           -C--global-option=--tag-build=+dev$(git rev-parse --short HEAD)
           --wheel
           --outdir dist/
-    secrets:
-      PYPI_API_TOKEN:
-        required: false
-
 jobs:
 
   get-changed-files:
@@ -164,26 +160,17 @@ jobs:
       - test-fips
       - upload-build-artifacts
       - upload-toolchain-artifacts
-    secrets:
-      PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}"
 
-  push-tag:
-    name: Push Version Tag
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
+  create-release:
+    name: Create Github Release
+    uses: ./.github/workflows/github-release.yml
     if: ${{ inputs.kind == 'release' && success() }}
     needs:
       - build-python-package
       - deploy-python-package
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Push Tag
-        uses: rickstaa/action-create-tag@v1
-        with:
-          tag: "v${{ needs.build-python-package.outputs.version }}"
-          message: "Version ${{ needs.build-python-package.outputs.version }}"
+    with:
+      version: ${{ needs.build-python-package.outputs.version }}
+
 
   set-pipeline-exit-status:
     # This step is just so we can make github require this step, to pass checks
@@ -201,7 +188,7 @@ jobs:
       - upload-build-artifacts
       - upload-toolchain-artifacts
       - deploy-python-package
-      - push-tag
+      - create-release
     steps:
       - name: Get workflow information
         id: get-workflow-info

diff --git a/.github/workflows/deploy-build-action.yml b/.github/workflows/deploy-build-action.yml
@@ -79,7 +79,7 @@ jobs:
 
     steps:
     - name: Download Artifacts
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: ${{ matrix.python }}-${{ matrix.arch }}-${{ matrix.platform }}.tar.xz
         path: release-artifacts/

diff --git a/.github/workflows/deploy-package-action.yml b/.github/workflows/deploy-package-action.yml
@@ -1,22 +1,22 @@
 name: Relenv Python Package
 
-on:
-  workflow_call:
-    secrets:
-      PYPI_API_TOKEN:
-        required: true
+on: workflow_call
 
 jobs:
   build:
     name: Publish Python Wheel
     runs-on: ubuntu-latest
+    environment: release
     steps:
-    - name: Download Python Package Artifacts
-      uses: actions/download-artifact@v3
-      with:
-        name: dist
-        path: dist
-    - name: Publish distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}
+      - name: Download Python Package Artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+          path: dist
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          verbose: true
+          print-hash: true
+          skip-existing: true
+          verify-metadata: true
diff --git a/.github/workflows/deploy-toolchain-action.yml b/.github/workflows/deploy-toolchain-action.yml
@@ -28,7 +28,7 @@ jobs:
     steps:
 
     - name: Download Artifacts
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz
         path: release-artifacts/
@@ -47,4 +47,4 @@ jobs:
     - name: "Deploy Toolchain: ${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz"
       run: |
         aws s3 cp release-artifacts/* s3://salt-project-${{ steps.spb-environment.outputs.spb-environment }}-salt-artifacts-release/relenv/${{ inputs.version }}/toolchain/${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz
-  
+  
diff --git a/.github/workflows/docs-action.yml b/.github/workflows/docs-action.yml
@@ -33,7 +33,7 @@ jobs:
           nox --forcecolor -e docs
 
       - name: Store Generated Documentation
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: relenv-html-docs
           path: docs/build
diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml
@@ -0,0 +1,54 @@
+name: Create Github Release
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+
+jobs:
+  release:
+    name: Publish Python Wheel
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download Python Build Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: "v${{ inputs.version }}"
+          release_name: "Release v${{ inputs.version }}"
+          body: |
+            Release ${{ needs.build-python-package.outputs.version }}
+          draft: false
+          prerelease: false
+
+      - name: Upload Source Tarball
+        id: upload-release-asset-source
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
+          asset_path: dist/relenv-${{ inputs.version }}.tar.gz
+          asset_name: relenv-${{ inputs.version }}.tar.gz
+          asset_content_type: application/tar+gzip
+
+      - name: Upload Wheel
+        id: upload-release-asset-x86_64
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
+          asset_path: dist/relenv-${{ inputs.version }}-py3-none-any.whl
+          asset_name: relenv-${{ inputs.version }}-py3-none-any.whl
+          asset_content_type: application/zip
diff --git a/.github/workflows/package-action.yml b/.github/workflows/package-action.yml
@@ -54,7 +54,7 @@ jobs:
       run: "${{ inputs.cmd }}"
 
     - name: Python Build Artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: always()
       with:
         name: dist

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -23,10 +23,9 @@ jobs:
     permissions:
       contents: write
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/ci.yml
-    if: contains('["dwoz","MKLeb","s0undt3ch"]', github.actor)
+    if: contains('["dwoz", "twangboy", "dmurhpy18"]', github.actor)
     with:
       kind: "${{ inputs.kind }}"
       package_command: "${{ inputs.package_command }}"
-    secrets:
-      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.github/workflows/test-fips-action.yml b/.github/workflows/test-fips-action.yml
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Download Build Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ matrix.version }}-${{ matrix.arch }}-linux-gnu.tar.xz
           path: ./build/

diff --git a/.github/workflows/toolchain-action.yml b/.github/workflows/toolchain-action.yml
@@ -55,7 +55,7 @@ jobs:
           python3 -m relenv toolchain fetch --arch=${{ matrix.target }}
 
       - name: Logs toolchain ${{ matrix.target }} on ${{ matrix.host }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: ${{ matrix.host }}-${{ matrix.target }}-linux-gnu-toolchain-logs
@@ -67,7 +67,7 @@ jobs:
           tar -C toolchain -cJf toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz  ${{ matrix.target }}-linux-gnu
 
       - name: Toolchain build artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz
           path: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz