diff --git a/.github/workflows/build-cross-action.yml b/.github/workflows/build-cross-action.yml index 0d921b0e..5178902e 100644 --- a/.github/workflows/build-cross-action.yml +++ b/.github/workflows/build-cross-action.yml @@ -64,7 +64,7 @@ jobs: python3 -c 'import os; print(os.name)' - name: Download Toolchain Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: toolchain/toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -92,7 +92,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: Linux Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs @@ -100,7 +100,7 @@ jobs: retention-days: 5 - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ matrix.host == matrix.target }} with: name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -149,7 +149,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -157,7 +157,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -207,7 +207,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: Upload Build Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs @@ -215,7 +215,7 @@ jobs: retention-days: 5 - name: Upload Zipfile - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz diff --git a/.github/workflows/build-native-action.yml b/.github/workflows/build-native-action.yml index a1bd8eee..928f08c5 100644 --- a/.github/workflows/build-native-action.yml +++ b/.github/workflows/build-native-action.yml @@ -54,7 +54,7 @@ jobs: python3 -c 'import os; print(os.name)' - name: Download Toolchain Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: . @@ -74,7 +74,7 @@ jobs: python3 -m nox -e tests -- -s tests/test_verify_build.py - name: Linux Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs @@ -82,7 +82,7 @@ jobs: retention-days: 5 - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ matrix.host == matrix.target && always()}} with: name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -131,7 +131,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -139,7 +139,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -187,7 +187,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -195,7 +195,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -249,7 +249,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: Upload Build Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs @@ -257,7 +257,7 @@ jobs: retention-days: 5 - name: Upload Zipfile - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a17eef8..32a25902 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,10 +26,6 @@ on: -C--global-option=--tag-build=+dev$(git rev-parse --short HEAD) --wheel --outdir dist/ - secrets: - PYPI_API_TOKEN: - required: false - jobs: get-changed-files: @@ -164,26 +160,17 @@ jobs: - test-fips - upload-build-artifacts - upload-toolchain-artifacts - secrets: - PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}" - push-tag: - name: Push Version Tag - runs-on: ubuntu-latest - permissions: - contents: write + create-release: + name: Create Github Release + uses: ./.github/workflows/github-release.yml if: ${{ inputs.kind == 'release' && success() }} needs: - build-python-package - deploy-python-package - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Push Tag - uses: rickstaa/action-create-tag@v1 - with: - tag: "v${{ needs.build-python-package.outputs.version }}" - message: "Version ${{ needs.build-python-package.outputs.version }}" + with: + version: ${{ needs.build-python-package.outputs.version }} + set-pipeline-exit-status: # This step is just so we can make github require this step, to pass checks @@ -201,7 +188,7 @@ jobs: - upload-build-artifacts - upload-toolchain-artifacts - deploy-python-package - - push-tag + - create-release steps: - name: Get workflow information id: get-workflow-info diff --git a/.github/workflows/deploy-build-action.yml b/.github/workflows/deploy-build-action.yml index a3e64f8c..69476c00 100644 --- a/.github/workflows/deploy-build-action.yml +++ b/.github/workflows/deploy-build-action.yml @@ -79,7 +79,7 @@ jobs: steps: - name: Download Artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ matrix.python }}-${{ matrix.arch }}-${{ matrix.platform }}.tar.xz path: release-artifacts/ diff --git a/.github/workflows/deploy-package-action.yml b/.github/workflows/deploy-package-action.yml index 27605e17..bbf404d7 100644 --- a/.github/workflows/deploy-package-action.yml +++ b/.github/workflows/deploy-package-action.yml @@ -1,22 +1,22 @@ name: Relenv Python Package -on: - workflow_call: - secrets: - PYPI_API_TOKEN: - required: true +on: workflow_call jobs: build: name: Publish Python Wheel runs-on: ubuntu-latest + environment: release steps: - - name: Download Python Package Artifacts - uses: actions/download-artifact@v3 - with: - name: dist - path: dist - - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }} + - name: Download Python Package Artifacts + uses: actions/download-artifact@v3 + with: + name: dist + path: dist + - name: Publish distribution to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + verbose: true + print-hash: true + skip-existing: true + verify-metadata: true diff --git a/.github/workflows/deploy-toolchain-action.yml b/.github/workflows/deploy-toolchain-action.yml index cf8d7e26..b98b58b3 100644 --- a/.github/workflows/deploy-toolchain-action.yml +++ b/.github/workflows/deploy-toolchain-action.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Download Artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: release-artifacts/ @@ -47,4 +47,4 @@ jobs: - name: "Deploy Toolchain: ${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz" run: | aws s3 cp release-artifacts/* s3://salt-project-${{ steps.spb-environment.outputs.spb-environment }}-salt-artifacts-release/relenv/${{ inputs.version }}/toolchain/${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz - \ No newline at end of file + diff --git a/.github/workflows/docs-action.yml b/.github/workflows/docs-action.yml index 3f685668..f0693538 100644 --- a/.github/workflows/docs-action.yml +++ b/.github/workflows/docs-action.yml @@ -33,7 +33,7 @@ jobs: nox --forcecolor -e docs - name: Store Generated Documentation - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: relenv-html-docs path: docs/build diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml new file mode 100644 index 00000000..9b3391b7 --- /dev/null +++ b/.github/workflows/github-release.yml @@ -0,0 +1,54 @@ +name: Create Github Release + +on: + workflow_call: + inputs: + version: + required: true + type: string + +jobs: + release: + name: Publish Python Wheel + runs-on: ubuntu-latest + steps: + - name: Download Python Build Artifacts + uses: actions/download-artifact@v4 + with: + name: dist + path: dist + + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: "v${{ inputs.version }}" + release_name: "Release v${{ inputs.version }}" + body: | + Release ${{ needs.build-python-package.outputs.version }} + draft: false + prerelease: false + + - name: Upload Source Tarball + id: upload-release-asset-source + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: dist/relenv-${{ inputs.version }}.tar.gz + asset_name: relenv-${{ inputs.version }}.tar.gz + asset_content_type: application/tar+gzip + + - name: Upload Wheel + id: upload-release-asset-x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: dist/relenv-${{ inputs.version }}-py3-none-any.whl + asset_name: relenv-${{ inputs.version }}-py3-none-any.whl + asset_content_type: application/zip diff --git a/.github/workflows/package-action.yml b/.github/workflows/package-action.yml index 85bde7a0..d760bfac 100644 --- a/.github/workflows/package-action.yml +++ b/.github/workflows/package-action.yml @@ -54,7 +54,7 @@ jobs: run: "${{ inputs.cmd }}" - name: Python Build Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: dist diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06a204c0..ae8e4547 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,10 +23,9 @@ jobs: permissions: contents: write pull-requests: read + id-token: write uses: ./.github/workflows/ci.yml - if: contains('["dwoz","MKLeb","s0undt3ch"]', github.actor) + if: contains('["dwoz", "twangboy", "dmurhpy18"]', github.actor) with: kind: "${{ inputs.kind }}" package_command: "${{ inputs.package_command }}" - secrets: - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/test-fips-action.yml b/.github/workflows/test-fips-action.yml index 0c774063..c3737325 100644 --- a/.github/workflows/test-fips-action.yml +++ b/.github/workflows/test-fips-action.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v3 - name: Download Build Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-linux-gnu.tar.xz path: ./build/ diff --git a/.github/workflows/toolchain-action.yml b/.github/workflows/toolchain-action.yml index 642b95fc..48977be1 100644 --- a/.github/workflows/toolchain-action.yml +++ b/.github/workflows/toolchain-action.yml @@ -55,7 +55,7 @@ jobs: python3 -m relenv toolchain fetch --arch=${{ matrix.target }} - name: Logs toolchain ${{ matrix.target }} on ${{ matrix.host }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.host }}-${{ matrix.target }}-linux-gnu-toolchain-logs @@ -67,7 +67,7 @@ jobs: tar -C toolchain -cJf toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz ${{ matrix.target }}-linux-gnu - name: Toolchain build artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz