feat: add workflows for Python projects (#175)

# Description Adds a default workflow to build Python projects and publish them to PyPi.org.
Hapag-Lloyd · Jan 10, 2025 · 9f97dc6 · 9f97dc6
1 parent e446e8a
commit 9f97dc6
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 9 deletions.
diff --git a/.config/dictionaries/project.txt b/.config/dictionaries/project.txt
@@ -3,13 +3,19 @@ aquasecurity
 buildx
 conventionalcommits
 cpus
+dists
 dockerhub
+doctest
 dorny
 hlag
 hmarr
+hoverkraft
 ibiqlik
+junitxml
 ludeeus
 ossrh
+pypa
+pytest
 releaserc
 rhysd
 sarif

diff --git a/.config/dictionaries/workflow.txt b/.config/dictionaries/workflow.txt
@@ -1,3 +1,4 @@
 CODEOWNERS
 Hapag
 nullglob
+pypi
diff --git a/.github/workflows/python_pypi_publish_callable.yml b/.github/workflows/python_pypi_publish_callable.yml
@@ -0,0 +1,77 @@
+---
+name: Publish Python 🐍 distribution 📦 to PyPI
+
+# USE_WORKFLOW
+# yamllint disable rule:comments
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    inputs:
+      pypi-url:
+        type: string
+        required: true
+        description: "The URL of the PyPI project, e.g. https://pypi.org/p/my-fancy-package"
+      python-version:
+        type: string
+        required: true
+        description: "The minimum Python version to support"
+# /USE_WORKFLOW
+# USE_REPOSITORY
+##
+## Global variables from project settings:
+##   PYPI_URL: The URL of the PyPI project, e.g. https://pypi.org/p/my-fancy-package
+##   PYTHON_VERSION: The minimum Python version to support.
+##
+#
+## yamllint disable-line rule:truthy
+#on:
+#  release:
+#    types: [published]
+# /USE_REPOSITORY
+# yamllint enable rule:comments
+
+jobs:
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+      - name: Set up Python ${{ inputs.python-version }}
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: ${{ inputs.python-version }}
+          cache: "pip"
+          cache-dependency-path: setup.cfg
+      - name: Install pypa/build
+        run: >-
+          python3 -m pip install build --user
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    name: >-
+      Publish Python 🐍 distribution 📦 to PyPI
+    if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: ${{ inputs.pypi-url }}
+    permissions:
+      id-token: write # IMPORTANT: mandatory for trusted publishing
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: python-package-distributions
+          path: dist/
+      - name: Publish distribution 📦 to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/python_python_callable.yml b/.github/workflows/python_python_callable.yml
@@ -0,0 +1,83 @@
+---
+name: Python build
+
+# USE_WORKFLOW
+# yamllint disable rule:comments
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    inputs:
+      python-version:
+        type: string
+        required: true
+        description: "The minimum Python version to support"
+      python-versions:
+        type: string
+        required: true
+        description: "The Python versions to test. Usually a list of newer versions we support."
+# /USE_WORKFLOW
+# USE_REPOSITORY
+##
+## Global variables from project settings:
+##   PYTHON_VERSION: The minimum Python version to support.
+##   PYTHON_VERSIONS: The Python versions to test. Usually a list of newer versions we support.
+##
+#
+## yamllint disable-line rule:truthy
+#on: pull_request
+# /USE_REPOSITORY
+# yamllint enable rule:comments
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python ${{ inputs.python-version }}
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: ${{ inputs.python-version }}
+          cache: "pip"
+          cache-dependency-path: setup.cfg
+
+      - name: Install dependencies
+        run: |
+          python -m pip install -e "."
+
+      - uses: astral-sh/ruff-action@e6390afda04da2e9ef69fe1e2ae0264164550c21 # v3.0.1
+        name: Lint on ${{ inputs.python-version }}
+        with:
+          args: "check"
+          # renovate: datasource=github-releases depName=astral-sh/ruff
+          version: "0.8.6"
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ${{ fromJSON(inputs.python-versions) }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "pip"
+          cache-dependency-path: setup.cfg
+
+      - name: Install dependencies
+        run: |
+          python -m pip install -e ".[test]"
+
+      - name: Run docker-compose
+        uses: hoverkraft-tech/compose-action@v2.0.1
+        with:
+          compose-file: "./tests/docker-compose.yml"
+
+      - name: Test on ${{ matrix.python-version }}
+        run: |
+          pytest -v --doctest-modules --junitxml=junit/test-results.xml --cov-report=xml --cov-report=html
diff --git a/simulate.sh b/simulate.sh
@@ -26,7 +26,7 @@ git checkout main
 
 cp ../update_workflows.sh .
 
-./update_workflows.sh github-only --force . --dry-run --local-workflow-path ../
+./update_workflows.sh python --force . --dry-run --local-workflow-path ../
 # script is now located in .github/
 rm update_workflows.sh
 

diff --git a/update_workflows.sh b/update_workflows.sh
@@ -67,7 +67,7 @@ function ensure_repo_preconditions_or_exit() {
 
 function show_help_and_exit() {
   echo "Usage: $0 <repository-type> --release-type auto|manual --dry-run"
-  echo "repository-type: docker, github-only, maven, terraform_module"
+  echo "repository-type: docker, github-only, maven, python, terraform_module"
   echo "--release-type: (optional)"
   echo "  auto: the release will be triggered automatically on a push to the default branch"
   echo "  manual: the release will be triggered manually via separate PR, which is created automatically"
@@ -77,6 +77,8 @@ function show_help_and_exit() {
 }
 
 function create_commit_and_pr() {
+  workflow_tag=$1
+
   git add .
   git commit -m "update workflows to latest version"
   git push --set-upstream origin "$branch_name"
@@ -95,7 +97,7 @@ EOF
   if [ "$dry_run" == "true" ]; then
     echo "Dry run, no PR created"
   else
-    gh pr create --title "ci(deps): update workflows to latest version" --body "$body" --base main
+    gh pr create --title "ci(deps): update workflows to $workflow_tag" --body "$body" --base main
     gh pr view --web
   fi
 }
@@ -145,7 +147,7 @@ function ensure_and_set_parameters_or_exit() {
   repository_type=$1
 
   # check for correct type: docker, github-only, maven, terraform_module
-  if [ "$repository_type" != "github-only" ] && [ "$repository_type" != "maven" ] && [ "$repository_type" != "terraform_module" ] && [ "$repository_type" != "docker" ]; then
+  if [ "$repository_type" != "github-only" ] && [ "$repository_type" != "maven" ] && [ "$repository_type" != "terraform_module" ] && [ "$repository_type" != "docker" ] && [ "$repository_type" != "python" ]; then
     echo "The repository type $repository_type is not supported."
     show_help_and_exit
   fi
@@ -298,13 +300,37 @@ EOF
       type=$(yq ".on.workflow_call.inputs.$input.type" "$file".bak)
       required=$(yq ".on.workflow_call.inputs.$input.required" "$file".bak)
       description=$(yq ".on.workflow_call.inputs.$input.description" "$file".bak)
+      default="\"my special value\""
+      todo="# TODO insert correct value for $input"$'\n'"      "
+
+      case "$input" in
+        "python-version")
+          # no expansion of the variable as it is a string we want to keep
+          # shellcheck disable=SC2016
+          default='${{ vars.PYTHON_VERSION }}'
+          todo=""
+          ;;
+        "python-versions")
+          # no expansion of the variable as it is a string we want to keep
+          # shellcheck disable=SC2016
+          default='${{ vars.PYTHON_VERSIONS }}'
+          todo=""
+          ;;
+        "pypi-url")
+          # no expansion of the variable as it is a string we want to keep
+          # shellcheck disable=SC2016
+          default='${{ vars.PYPI_URL }}'
+          todo=""
+          ;;
+        *)
+          ;;
+      esac
 
       cat >> "$file" <<-EOF
-      # TODO insert correct value for $input
-      # type: $type
+      $todo# type: $type
       # required: $required
       # description: $description
-      $input: "my-special-value"
+      $input: $default
 EOF
     done
 
@@ -327,7 +353,7 @@ done
 #
 # Remove the prefix from the workflow files
 #
-prefixes=("default_" "terraform_module_" "docker_" "maven_")
+prefixes=("default_" "terraform_module_" "docker_" "maven_" "python_")
 
 # iterate over each file in the directory
 for file in .github/workflows/*.yml
@@ -382,7 +408,7 @@ done
 
 pre-commit install -c .config/.pre-commit-config.yaml
 
-create_commit_and_pr .
+create_commit_and_pr "$tag"
 
 # do not remove the latest template path if it was provided as a parameter
 if [ -z "$local_workflow_path" ]; then