Skip to content

Merge pull request #38 from anvilproject/dependabot/pip/click-8.1.6 #357

Merge pull request #38 from anvilproject/dependabot/pip/click-8.1.6

Merge pull request #38 from anvilproject/dependabot/pip/click-8.1.6 #357

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
# Optionally debug via SSH
# Ref: https://fleetdm.com/engineering/tips-for-github-actions-usability
#
# To use this step uncomment and place anywhere in the build steps. The build will pause on this step and
# output a ssh address associated with the Github action worker. Helpful for debugging build steps and
# and intermediary files/artifacts.
#
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
name: DRS Downloader
on:
push:
branches: [ "main", "feature/**" ]
tags:
- '**'
pull_request:
branches: [ "main" ]
permissions:
contents: write
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest", "macos-latest", "windows-latest"]
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: "3.10"
- name: Install dependencies
shell: bash
run: |
python -m pip install --upgrade pip
pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
pip install -e .
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 tests/ drs_downloader/ --count --statistics
- name: Unit tests (No server dependencies) with pytest
run: pytest tests/unit --cov=drs_downloader --cov-report term-missing
# - name: Unit and Integration tests with pytest
# run: pytest tests/unit tests/integration --cov=drs_downloader --cov-report term-missing
build-linux:
needs: test
runs-on: ubuntu-latest
steps:
- name: Cache executable
id: cache-linux
uses: actions/cache@v3
with:
path: ./dist/drs_downloader
key: drs_downloader-linux
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.10"
- name: Install dependencies
shell: bash
run: |
python -m venv venv
source ./venv/bin/activate
pip install -r requirements.txt -r requirements-dev.txt
pyinstaller drs_downloader/cli.py --onefile --name drs_downloader
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: drs_downloader-linux
path: ./dist/drs_downloader
build-windows:
needs: test
runs-on: windows-latest
steps:
- name: Cache executable
id: cache-windows
uses: actions/cache@v3
with:
path: ./dist/drs_downloader.exe
key: drs_downloader-windows
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.10"
- name: Install dependencies
shell: bash
run: |
python -m venv venv
venv/Scripts/activate.bat
pip install -r requirements.txt -r requirements-dev.txt
pyinstaller drs_downloader/cli.py --onefile --name drs_downloader
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: drs_downloader-windows
path: ./dist/drs_downloader.exe
build-macos:
needs: test
runs-on: macos-latest
steps:
- name: Cache executable
id: cache-macos
uses: actions/cache@v3
with:
path: drs_downloader.pkg
key: drs_downloader-macos
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.10"
- name: Build executable
shell: bash
env:
APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_NOTARY_USER: ${{ secrets.APPLE_NOTARY_USER }}
APPLE_NOTARY_PASSWORD: ${{ secrets.APPLE_NOTARY_PASSWORD }}
APPLE_TEAM_ID: ZA685R3CWP
run: |
# Setup
SIGNFILE="$(pwd)/dist/drs_downloader"
# Export certs
echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12
# Create keychain
security create-keychain -p actions macos-build.keychain
security default-keychain -s macos-build.keychain
security unlock-keychain -p actions macos-build.keychain
security set-keychain-settings -t 3600 -u macos-build.keychain
# Import certs to keychain
security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign
# Key signing
security set-key-partition-list -S apple-tool:,apple: -s -k actions macos-build.keychain
# Verify keychain things
security find-identity -v macos-build.keychain | grep "$APPLE_TEAM_ID" | grep "Developer ID Application"
security find-identity -v macos-build.keychain | grep "$APPLE_TEAM_ID" | grep "Developer ID Installer"
pip install -r requirements.txt -r requirements-dev.txt
pyinstaller --codesign-identity ZA685R3CWP --onefile drs_downloader/cli.py --name drs_downloader
# Force the codesignature
codesign --force --options=runtime -s "$APPLE_TEAM_ID" "$SIGNFILE"
# Verify the code signature
codesign -v "$SIGNFILE" --verbose
mkdir -p ./dist/pkg
cp ./dist/drs_downloader ./dist/pkg/drs_downloader
pkgbuild --identifier "org.anvilproject.drs_downloader.pkg" --timestamp --install-location /Applications --root ./dist/pkg installer.pkg
productbuild --resources ./resources --distribution ./distribution.xml drs_downloader.pkg
productsign --sign "$APPLE_TEAM_ID" --timestamp drs_downloader.pkg drs_downloader_signed.pkg
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$APPLE_NOTARY_USER" --team-id "$APPLE_TEAM_ID" --password "$APPLE_NOTARY_PASSWORD" --keychain /Users/runner/Library/Keychains/macos-build.keychain-db
xcrun notarytool submit drs_downloader_signed.pkg --keychain-profile "notarytool-profile" --wait
xcrun stapler staple drs_downloader_signed.pkg
mv drs_downloader_signed.pkg drs_downloader.pkg
- uses: actions/upload-artifact@v3
with:
name: drs_downloader-macos
path: drs_downloader.pkg
release:
needs: [build-windows, build-linux, build-macos]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
- name: Create checksums
shell: bash
run: |
mkdir release
mv drs_downloader-*/* release
cd release
sha256sum * > checksums.txt
- name: Release
uses: softprops/action-gh-release@v1
with:
files: |
release/*