From 27b5da97e4ae44d120b2bd3951ba44aa84086d8f Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 22:47:08 +0900 Subject: [PATCH 1/9] Update permissions in ci.yml Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5cda84..e156bb0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,9 @@ on: - "README.rst" - "ss/*" +permissions: + contents: read + jobs: build-package: runs-on: ubuntu-latest From 3a5b4e7d998f7c0b6b0123feab6fe46e2283543f Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 22:47:46 +0900 Subject: [PATCH 2/9] Fix build-package job Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e156bb0..4dbcc4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,8 +9,8 @@ on: - "README.rst" - "ss/*" pull_request: - branches-ignore: - - master + # branches-ignore: + # - master paths-ignore: - ".gitignore" - "README.rst" @@ -26,14 +26,32 @@ jobs: group: ${{ github.event_name }}-${{ github.workflow }}-${{ github.ref_name }}-build cancel-in-progress: true timeout-minutes: 20 - container: - image: ghcr.io/thombashi/python-ci:3.11 steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Setup Python ${{ matrix.python-version }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + cache: pip + cache-dependency-path: | + setup.py + **/*requirements.txt + tox.ini + + - run: make setup-ci - run: make build + - uses: actions/upload-artifact@v4 + with: + name: dist + path: ./dist/* + lint: runs-on: ubuntu-latest concurrency: From b968596e840a928a755c1f0667fcdeb13a78a10b Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:02:21 +0900 Subject: [PATCH 3/9] Fix lint job Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4dbcc4d..934e2a9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,11 +58,23 @@ jobs: group: ${{ github.event_name }}-${{ github.workflow }}-${{ github.ref_name }}-lint cancel-in-progress: true timeout-minutes: 20 - container: - image: ghcr.io/thombashi/python-ci:3.11 steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + cache: pip + cache-dependency-path: | + setup.py + **/*requirements.txt + tox.ini + + - run: make setup-ci - run: make check From b2b1685897d6175b8806f0d2e48a6c102b3dce5e Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:09:11 +0900 Subject: [PATCH 4/9] Exclude macOS with Python 3.7 from matrix in ci.yml Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 934e2a9..ba04d70 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,6 +88,9 @@ jobs: matrix: python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "pypy-3.10"] os: [ubuntu-latest, macos-latest, windows-latest] + exclude: + - os: macos-latest + python-version: "3.7" timeout-minutes: 20 steps: From 12de70081df1f0420a3d9fe35d05f3554b1acc5a Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:18:58 +0900 Subject: [PATCH 5/9] Add publish-package job to ci.yml Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba04d70..77e9b34 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,31 @@ jobs: name: dist path: ./dist/* + publish-package: + needs: build-package + runs-on: ubuntu-latest + concurrency: + group: ${{ github.event_name }}-${{ github.workflow }}-${{ github.ref_name }}-publish-pkg + cancel-in-progress: true + timeout-minutes: 20 + environment: + name: testpypi + url: https://pypi.org/p/tcolorpy + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + + steps: + - uses: actions/download-artifact@v4 + with: + name: dist + path: ./dist + + - name: Publish package to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ + skip-existing: true + lint: runs-on: ubuntu-latest concurrency: From 4ae17b61bbc4e31f72ad2ece4d6dd279046950db Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:49:27 +0900 Subject: [PATCH 6/9] Set python-version to jobs Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 77e9b34..eed1a8c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: - name: Setup Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python-version }} + python-version: "3.12" cache: pip cache-dependency-path: | setup.py @@ -92,7 +92,7 @@ jobs: - uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python-version }} + python-version: "3.12" cache: pip cache-dependency-path: | setup.py From 1103d18f6c4f4aead9b20b1c63f4b23f5cc56447 Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:51:20 +0900 Subject: [PATCH 7/9] Refactoring Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eed1a8c..4ed36ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,7 @@ jobs: fetch-depth: 0 fetch-tags: true - - name: Setup Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + - uses: actions/setup-python@v5 with: python-version: "3.12" cache: pip @@ -132,7 +131,7 @@ jobs: tox.ini - name: Install pip - run: python -m pip install --upgrade --disable-pip-version-check "pip>=21.1" + run: python -m pip install --upgrade --disable-pip-version-check pip - run: make setup-ci From c34516918b12e342442f4f433f9ec90b3ce7c322 Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sat, 27 Apr 2024 23:54:26 +0900 Subject: [PATCH 8/9] Add sign-package job to ci.yml Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ed36ce..a1504a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,6 +76,34 @@ jobs: repository-url: https://test.pypi.org/legacy/ skip-existing: true + sign-package: + needs: build-package + runs-on: ubuntu-latest + concurrency: + group: ${{ github.event_name }}-${{ github.workflow }}-${{ github.ref_name }}-sign-pkg + cancel-in-progress: true + timeout-minutes: 20 + permissions: + id-token: write + + steps: + - uses: actions/download-artifact@v4 + with: + name: dist + path: ./dist + + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v2.1.1 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + + - uses: actions/upload-artifact@v4 + with: + name: sigstore + path: ./dist/*.sigstore + lint: runs-on: ubuntu-latest concurrency: From a1ee0ed04e14abdeab4aa77f730876f753a7bcd0 Mon Sep 17 00:00:00 2001 From: Tsuyoshi Hombashi Date: Sun, 28 Apr 2024 00:11:35 +0900 Subject: [PATCH 9/9] Refactor CI Signed-off-by: Tsuyoshi Hombashi --- .github/workflows/ci.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a1504a0..768cc66 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,8 +9,6 @@ on: - "README.rst" - "ss/*" pull_request: - # branches-ignore: - # - master paths-ignore: - ".gitignore" - "README.rst" @@ -158,19 +156,18 @@ jobs: **/*requirements.txt tox.ini - - name: Install pip + - name: Upgrade pip run: python -m pip install --upgrade --disable-pip-version-check pip - run: make setup-ci - name: Run tests - run: | - tox -e cov + run: tox -e cov env: PYTEST_DISCORD_WEBHOOK: ${{ secrets.PYTEST_DISCORD_WEBHOOK }} - name: Upload coverage report - if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.8' + if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' run: | python -m pip install --upgrade --disable-pip-version-check coveralls tomli coveralls --service=github