Merge pull request #40 from anvilproject/dependabot/pip/mkdocs-1.5.2 #356
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will install Python dependencies, run tests and lint with a single version of Python | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | |
| # Optionally debug via SSH | |
| # Ref: https://fleetdm.com/engineering/tips-for-github-actions-usability | |
| # | |
| # To use this step uncomment and place anywhere in the build steps. The build will pause on this step and | |
| # output a ssh address associated with the Github action worker. Helpful for debugging build steps and | |
| # and intermediary files/artifacts. | |
| # | |
| # - name: Setup tmate session | |
| # uses: mxschmitt/action-tmate@v3 | |
| name: DRS Downloader | |
| on: | |
| push: | |
| branches: [ "main", "feature/**" ] | |
| tags: | |
| - '**' | |
| pull_request: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: write | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: ["ubuntu-latest", "macos-latest", "windows-latest"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| shell: bash | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install flake8 pytest | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
| pip install -e . | |
| - name: Lint with flake8 | |
| run: | | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 tests/ drs_downloader/ --count --statistics | |
| - name: Unit tests (No server dependencies) with pytest | |
| run: pytest tests/unit --cov=drs_downloader --cov-report term-missing | |
| # - name: Unit and Integration tests with pytest | |
| # run: pytest tests/unit tests/integration --cov=drs_downloader --cov-report term-missing | |
| build-linux: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cache executable | |
| id: cache-linux | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./dist/drs_downloader | |
| key: drs_downloader-linux | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| shell: bash | |
| run: | | |
| python -m venv venv | |
| source ./venv/bin/activate | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| pyinstaller drs_downloader/cli.py --onefile --name drs_downloader | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: drs_downloader-linux | |
| path: ./dist/drs_downloader | |
| build-windows: | |
| needs: test | |
| runs-on: windows-latest | |
| steps: | |
| - name: Cache executable | |
| id: cache-windows | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./dist/drs_downloader.exe | |
| key: drs_downloader-windows | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| shell: bash | |
| run: | | |
| python -m venv venv | |
| venv/Scripts/activate.bat | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| pyinstaller drs_downloader/cli.py --onefile --name drs_downloader | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: drs_downloader-windows | |
| path: ./dist/drs_downloader.exe | |
| build-macos: | |
| needs: test | |
| runs-on: macos-latest | |
| steps: | |
| - name: Cache executable | |
| id: cache-macos | |
| uses: actions/cache@v3 | |
| with: | |
| path: drs_downloader.pkg | |
| key: drs_downloader-macos | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.10" | |
| - name: Build executable | |
| shell: bash | |
| env: | |
| APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} | |
| APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
| APPLE_NOTARY_USER: ${{ secrets.APPLE_NOTARY_USER }} | |
| APPLE_NOTARY_PASSWORD: ${{ secrets.APPLE_NOTARY_PASSWORD }} | |
| APPLE_TEAM_ID: ZA685R3CWP | |
| run: | | |
| # Setup | |
| SIGNFILE="$(pwd)/dist/drs_downloader" | |
| # Export certs | |
| echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12 | |
| # Create keychain | |
| security create-keychain -p actions macos-build.keychain | |
| security default-keychain -s macos-build.keychain | |
| security unlock-keychain -p actions macos-build.keychain | |
| security set-keychain-settings -t 3600 -u macos-build.keychain | |
| # Import certs to keychain | |
| security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign | |
| # Key signing | |
| security set-key-partition-list -S apple-tool:,apple: -s -k actions macos-build.keychain | |
| # Verify keychain things | |
| security find-identity -v macos-build.keychain | grep "$APPLE_TEAM_ID" | grep "Developer ID Application" | |
| security find-identity -v macos-build.keychain | grep "$APPLE_TEAM_ID" | grep "Developer ID Installer" | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| pyinstaller --codesign-identity ZA685R3CWP --onefile drs_downloader/cli.py --name drs_downloader | |
| # Force the codesignature | |
| codesign --force --options=runtime -s "$APPLE_TEAM_ID" "$SIGNFILE" | |
| # Verify the code signature | |
| codesign -v "$SIGNFILE" --verbose | |
| mkdir -p ./dist/pkg | |
| cp ./dist/drs_downloader ./dist/pkg/drs_downloader | |
| pkgbuild --identifier "org.anvilproject.drs_downloader.pkg" --timestamp --install-location /Applications --root ./dist/pkg installer.pkg | |
| productbuild --resources ./resources --distribution ./distribution.xml drs_downloader.pkg | |
| productsign --sign "$APPLE_TEAM_ID" --timestamp drs_downloader.pkg drs_downloader_signed.pkg | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id "$APPLE_NOTARY_USER" --team-id "$APPLE_TEAM_ID" --password "$APPLE_NOTARY_PASSWORD" --keychain /Users/runner/Library/Keychains/macos-build.keychain-db | |
| xcrun notarytool submit drs_downloader_signed.pkg --keychain-profile "notarytool-profile" --wait | |
| xcrun stapler staple drs_downloader_signed.pkg | |
| mv drs_downloader_signed.pkg drs_downloader.pkg | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: drs_downloader-macos | |
| path: drs_downloader.pkg | |
| release: | |
| needs: [build-windows, build-linux, build-macos] | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| - name: Create checksums | |
| shell: bash | |
| run: | | |
| mkdir release | |
| mv drs_downloader-*/* release | |
| cd release | |
| sha256sum * > checksums.txt | |
| - name: Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| release/* |