From c882fd58b1e9298c3cbe009717786f55f69e8464 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:06:57 +0530 Subject: [PATCH 1/6] Rename job to CI --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4acec7b..203b4e4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: main +name: CI on: push: From d6660e3cd8603d88dd8e79dfb6891a695a3254a9 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:07:23 +0530 Subject: [PATCH 2/6] Remove dist build and publish jobs --- .github/workflows/main.yml | 48 -------------------------------------- 1 file changed, 48 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 203b4e4..ef3e485 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,33 +9,6 @@ concurrency: cancel-in-progress: true jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup Python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 - with: - python-version: "3.12" - - - name: Set up Node.js - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - with: - node-version: "20" - - - name: Build - run: | - python -m pip install build - python -m build . - - - name: Store the distribution packages - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 - with: - name: python-package-distributions - path: dist/ - if-no-files-found: error - test: runs-on: ubuntu-latest steps: @@ -119,24 +92,3 @@ jobs: run: | cd integration_tests make test-recipe - - publish: - name: Publish to PyPI - needs: - - build - runs-on: ubuntu-latest - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') - environment: - name: pypi - url: https://pypi.org/p/pyodide-build - permissions: - id-token: write # IMPORTANT: mandatory for trusted publishing - steps: - - name: Download all the dists - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: dist/ - merge-multiple: true - - - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 From eb6ab58641406d3f0e49050166755793d337062d Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:07:39 +0530 Subject: [PATCH 3/6] Move integration test trigger to workflow file --- .github/workflows/main.yml | 13 ++++++++++++- tools/check_integration_test_trigger.sh | 13 ------------- 2 files changed, 12 insertions(+), 14 deletions(-) delete mode 100755 tools/check_integration_test_trigger.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ef3e485..2b88aeb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,7 +51,18 @@ jobs: - id: check-integration-test-trigger name: Check integration test trigger - run: bash tools/check_integration_test_trigger.sh + shell: bash + run: | + set -e -x + + COMMIT_MSG=$(git log --no-merges -1 --oneline) + + # The integration tests will be triggered on push or on pull_request when the commit + # message contains "[integration]" + if [[ "$GITHUB_EVENT_NAME" == push || + "$COMMIT_MSG" =~ \[integration\] ]]; then + echo "trigger=true" >> "$GITHUB_OUTPUT" + fi integration-test: runs-on: ubuntu-latest diff --git a/tools/check_integration_test_trigger.sh b/tools/check_integration_test_trigger.sh deleted file mode 100755 index 19b88b4..0000000 --- a/tools/check_integration_test_trigger.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e -set -x - -COMMIT_MSG=$(git log --no-merges -1 --oneline) - -# The integration tests will be triggered on push or on pull_request when the commit -# message contains "[integration]" -if [[ "$GITHUB_EVENT_NAME" == push || - "$COMMIT_MSG" =~ \[integration\] ]]; then - echo "trigger=true" >> "$GITHUB_OUTPUT" -fi From ff92b0a1591b4fcc2e5c29e2de1da955078cb16c Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:08:00 +0530 Subject: [PATCH 4/6] Add release workflow --- .github/workflows/release.yml | 50 +++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..b89fac3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,50 @@ +name: CD + +on: + release: + types: [published] + workflow_dispatch: + schedule: + - cron: "0 3 * * 1" + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Setup Python + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + with: + python-version: "3.12" + + - name: Build + run: | + python -m pip install build + python -m build . + + - name: Store the distribution packages + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + with: + name: python-package-distributions + path: dist/ + if-no-files-found: error + + publish: + name: Publish to PyPI + needs: [build] + runs-on: ubuntu-latest + if: github.event_name == 'release' && github.event.action == 'published' + environment: + name: pypi + url: https://pypi.org/p/pyodide-build + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the dists + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: dist/ + merge-multiple: true + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 From 03828b6bbb3d3676479348c7dab2f0535fc93fbd Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:08:52 +0530 Subject: [PATCH 5/6] Generate attestations --- .github/workflows/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b89fac3..7a30fb4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,5 +46,11 @@ jobs: with: path: dist/ merge-multiple: true + + - name: Generate artifact attestations + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + with: + subject-path: "dist/*" + - name: Publish distribution 📦 to PyPI uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 From a38397b3f2772425c65510d8d871a4a9b588275b Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:11:38 +0530 Subject: [PATCH 6/6] Add additional permissions --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7a30fb4..79d32f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,6 +40,8 @@ jobs: url: https://pypi.org/p/pyodide-build permissions: id-token: write # IMPORTANT: mandatory for trusted publishing + attestations: write + contents: read steps: - name: Download all the dists uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8