From 769a6735ea040e3cecc431f8eec809bcb4a1f655 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Sat, 14 Sep 2024 13:57:26 -0700 Subject: [PATCH 1/5] Update changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f38d6e29..fe2e9565 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,9 @@ -0.17.0 +0.17.1 ====== * Upgrade openssl to 3.2.3 * Add enable md2 flag to openssl compilation +* Fix pip install --target with pip version 24.2 0.17.0 From d7507a702f1b33b7f53007d93805bc464fb3cf65 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Sat, 14 Sep 2024 14:22:56 -0700 Subject: [PATCH 2/5] Add github release setp --- .github/workflows/build-cross-action.yml | 14 ++--- .github/workflows/build-native-action.yml | 18 +++---- .github/workflows/ci.yml | 21 +++----- .github/workflows/deploy-build-action.yml | 2 +- .github/workflows/deploy-toolchain-action.yml | 4 +- .github/workflows/docs-action.yml | 2 +- .github/workflows/github-release.yml | 54 +++++++++++++++++++ .github/workflows/package-action.yml | 2 +- .github/workflows/test-fips-action.yml | 2 +- .github/workflows/toolchain-action.yml | 4 +- 10 files changed, 85 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/github-release.yml diff --git a/.github/workflows/build-cross-action.yml b/.github/workflows/build-cross-action.yml index 0d921b0e..5178902e 100644 --- a/.github/workflows/build-cross-action.yml +++ b/.github/workflows/build-cross-action.yml @@ -64,7 +64,7 @@ jobs: python3 -c 'import os; print(os.name)' - name: Download Toolchain Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: toolchain/toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -92,7 +92,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: Linux Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs @@ -100,7 +100,7 @@ jobs: retention-days: 5 - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ matrix.host == matrix.target }} with: name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -149,7 +149,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -157,7 +157,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -207,7 +207,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: Upload Build Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs @@ -215,7 +215,7 @@ jobs: retention-days: 5 - name: Upload Zipfile - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz diff --git a/.github/workflows/build-native-action.yml b/.github/workflows/build-native-action.yml index a1bd8eee..928f08c5 100644 --- a/.github/workflows/build-native-action.yml +++ b/.github/workflows/build-native-action.yml @@ -54,7 +54,7 @@ jobs: python3 -c 'import os; print(os.name)' - name: Download Toolchain Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: . @@ -74,7 +74,7 @@ jobs: python3 -m nox -e tests -- -s tests/test_verify_build.py - name: Linux Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.host }}-${{ matrix.target }}-linux-gnu-logs @@ -82,7 +82,7 @@ jobs: retention-days: 5 - name: "Upload artifact: build/${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ matrix.host == matrix.target && always()}} with: name: ${{ matrix.version }}-${{ matrix.target }}-linux-gnu.tar.xz @@ -131,7 +131,7 @@ jobs: python3 -m nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -139,7 +139,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -187,7 +187,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: MacOS Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos-logs @@ -195,7 +195,7 @@ jobs: retention-days: 5 - name: Python build - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-macos.tar.xz @@ -249,7 +249,7 @@ jobs: nox -e tests -- tests/test_verify_build.py - name: Upload Build Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.version }}-${{ matrix.arch }}-windows-logs @@ -257,7 +257,7 @@ jobs: retention-days: 5 - name: Upload Zipfile - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz path: build/${{ matrix.version }}-${{ matrix.arch }}-win.tar.xz diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a17eef8..61f548d0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -167,23 +167,16 @@ jobs: secrets: PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}" - push-tag: - name: Push Version Tag - runs-on: ubuntu-latest - permissions: - contents: write + create-release: + name: Create Github Release + uses: ./.github/workflows/github-release.yml if: ${{ inputs.kind == 'release' && success() }} needs: - build-python-package - deploy-python-package - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Push Tag - uses: rickstaa/action-create-tag@v1 - with: - tag: "v${{ needs.build-python-package.outputs.version }}" - message: "Version ${{ needs.build-python-package.outputs.version }}" + with: + version: ${{ needs.build-python-package.outputs.version }} + set-pipeline-exit-status: # This step is just so we can make github require this step, to pass checks @@ -201,7 +194,7 @@ jobs: - upload-build-artifacts - upload-toolchain-artifacts - deploy-python-package - - push-tag + - create-release steps: - name: Get workflow information id: get-workflow-info diff --git a/.github/workflows/deploy-build-action.yml b/.github/workflows/deploy-build-action.yml index a3e64f8c..69476c00 100644 --- a/.github/workflows/deploy-build-action.yml +++ b/.github/workflows/deploy-build-action.yml @@ -79,7 +79,7 @@ jobs: steps: - name: Download Artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ matrix.python }}-${{ matrix.arch }}-${{ matrix.platform }}.tar.xz path: release-artifacts/ diff --git a/.github/workflows/deploy-toolchain-action.yml b/.github/workflows/deploy-toolchain-action.yml index cf8d7e26..b98b58b3 100644 --- a/.github/workflows/deploy-toolchain-action.yml +++ b/.github/workflows/deploy-toolchain-action.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Download Artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: release-artifacts/ @@ -47,4 +47,4 @@ jobs: - name: "Deploy Toolchain: ${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz" run: | aws s3 cp release-artifacts/* s3://salt-project-${{ steps.spb-environment.outputs.spb-environment }}-salt-artifacts-release/relenv/${{ inputs.version }}/toolchain/${{ matrix.host }}/${{ matrix.target }}-linux-gnu.tar.xz - \ No newline at end of file + diff --git a/.github/workflows/docs-action.yml b/.github/workflows/docs-action.yml index 3f685668..f0693538 100644 --- a/.github/workflows/docs-action.yml +++ b/.github/workflows/docs-action.yml @@ -33,7 +33,7 @@ jobs: nox --forcecolor -e docs - name: Store Generated Documentation - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: relenv-html-docs path: docs/build diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml new file mode 100644 index 00000000..9b3391b7 --- /dev/null +++ b/.github/workflows/github-release.yml @@ -0,0 +1,54 @@ +name: Create Github Release + +on: + workflow_call: + inputs: + version: + required: true + type: string + +jobs: + release: + name: Publish Python Wheel + runs-on: ubuntu-latest + steps: + - name: Download Python Build Artifacts + uses: actions/download-artifact@v4 + with: + name: dist + path: dist + + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: "v${{ inputs.version }}" + release_name: "Release v${{ inputs.version }}" + body: | + Release ${{ needs.build-python-package.outputs.version }} + draft: false + prerelease: false + + - name: Upload Source Tarball + id: upload-release-asset-source + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: dist/relenv-${{ inputs.version }}.tar.gz + asset_name: relenv-${{ inputs.version }}.tar.gz + asset_content_type: application/tar+gzip + + - name: Upload Wheel + id: upload-release-asset-x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: dist/relenv-${{ inputs.version }}-py3-none-any.whl + asset_name: relenv-${{ inputs.version }}-py3-none-any.whl + asset_content_type: application/zip diff --git a/.github/workflows/package-action.yml b/.github/workflows/package-action.yml index 85bde7a0..d760bfac 100644 --- a/.github/workflows/package-action.yml +++ b/.github/workflows/package-action.yml @@ -54,7 +54,7 @@ jobs: run: "${{ inputs.cmd }}" - name: Python Build Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: dist diff --git a/.github/workflows/test-fips-action.yml b/.github/workflows/test-fips-action.yml index 0c774063..c3737325 100644 --- a/.github/workflows/test-fips-action.yml +++ b/.github/workflows/test-fips-action.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v3 - name: Download Build Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ matrix.version }}-${{ matrix.arch }}-linux-gnu.tar.xz path: ./build/ diff --git a/.github/workflows/toolchain-action.yml b/.github/workflows/toolchain-action.yml index 642b95fc..48977be1 100644 --- a/.github/workflows/toolchain-action.yml +++ b/.github/workflows/toolchain-action.yml @@ -55,7 +55,7 @@ jobs: python3 -m relenv toolchain fetch --arch=${{ matrix.target }} - name: Logs toolchain ${{ matrix.target }} on ${{ matrix.host }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.host }}-${{ matrix.target }}-linux-gnu-toolchain-logs @@ -67,7 +67,7 @@ jobs: tar -C toolchain -cJf toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz ${{ matrix.target }}-linux-gnu - name: Toolchain build artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz path: toolchain-${{ matrix.host }}-${{ matrix.target }}-linux-gnu.tar.xz From 8674c1a7eac092bb3ed56f8278a2998a1827d4d8 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Mon, 16 Sep 2024 14:18:21 -0700 Subject: [PATCH 3/5] Use trusted publisher --- .github/workflows/deploy-package-action.yml | 27 ++++++++++----------- .github/workflows/release.yml | 3 ++- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/deploy-package-action.yml b/.github/workflows/deploy-package-action.yml index 27605e17..861200e0 100644 --- a/.github/workflows/deploy-package-action.yml +++ b/.github/workflows/deploy-package-action.yml @@ -1,22 +1,21 @@ name: Relenv Python Package -on: - workflow_call: - secrets: - PYPI_API_TOKEN: - required: true +on: workflow_call jobs: build: name: Publish Python Wheel runs-on: ubuntu-latest steps: - - name: Download Python Package Artifacts - uses: actions/download-artifact@v3 - with: - name: dist - path: dist - - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }} + - name: Download Python Package Artifacts + uses: actions/download-artifact@v3 + with: + name: dist + path: dist + - name: Publish distribution to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + verbose: true + print-hash: true + skip-existing: true + verify-metadata: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06a204c0..a694004b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,8 +23,9 @@ jobs: permissions: contents: write pull-requests: read + id-token: write uses: ./.github/workflows/ci.yml - if: contains('["dwoz","MKLeb","s0undt3ch"]', github.actor) + if: contains('["dwoz", "twangboy", "dmurhpy18"]', github.actor) with: kind: "${{ inputs.kind }}" package_command: "${{ inputs.package_command }}" From c9d38ff0dbad3f887268634a09bd4de3123e3409 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Mon, 16 Sep 2024 14:47:55 -0700 Subject: [PATCH 4/5] Remove pypi secret --- .github/workflows/ci.yml | 6 ------ .github/workflows/release.yml | 2 -- 2 files changed, 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 61f548d0..32a25902 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,10 +26,6 @@ on: -C--global-option=--tag-build=+dev$(git rev-parse --short HEAD) --wheel --outdir dist/ - secrets: - PYPI_API_TOKEN: - required: false - jobs: get-changed-files: @@ -164,8 +160,6 @@ jobs: - test-fips - upload-build-artifacts - upload-toolchain-artifacts - secrets: - PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}" create-release: name: Create Github Release diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a694004b..ae8e4547 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,5 +29,3 @@ jobs: with: kind: "${{ inputs.kind }}" package_command: "${{ inputs.package_command }}" - secrets: - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} From 17644d16c93106af04f96d389ed67316c1a865d9 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Mon, 16 Sep 2024 14:51:33 -0700 Subject: [PATCH 5/5] Add proper environment name --- .github/workflows/deploy-package-action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-package-action.yml b/.github/workflows/deploy-package-action.yml index 861200e0..bbf404d7 100644 --- a/.github/workflows/deploy-package-action.yml +++ b/.github/workflows/deploy-package-action.yml @@ -6,6 +6,7 @@ jobs: build: name: Publish Python Wheel runs-on: ubuntu-latest + environment: release steps: - name: Download Python Package Artifacts uses: actions/download-artifact@v3