From e94cc0bcacb3ce7a8fe2048d46ad51e8fe498637 Mon Sep 17 00:00:00 2001 From: Russell Martin Date: Mon, 27 May 2024 17:20:02 -0400 Subject: [PATCH] Use new create package action with attestation (forked repo action) --- .github/workflows/ci.yml | 57 ++++++++++++++++++++++------------- .github/workflows/release.yml | 24 +++++++++------ changes/2604.misc.rst | 1 + demo/pyproject.toml | 4 +++ toga/pyproject.toml | 5 +++ tox.ini | 10 ------ 6 files changed, 60 insertions(+), 41 deletions(-) create mode 100644 changes/2604.misc.rst diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 551b78e478..25ef4e4836 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,10 +5,15 @@ on: branches: - main workflow_call: + inputs: + attest-package: + description: "Create GitHub provenance attestation for the package." + default: "false" + type: string outputs: - artifact-name: - description: "Name of the uploaded artifact; use for artifact retrieval." - value: ${{ jobs.package.outputs.artifact-name }} + artifact-basename: + description: "Base name of the uploaded artifacts; use for artifact retrieval." + value: ${{ jobs.package.outputs.artifact-basename }} env: min_python_version: "3.8" @@ -38,12 +43,11 @@ jobs: tox-source: "./core[dev]" package: - name: Python package - uses: beeware/.github/.github/workflows/python-package-create.yml@main - with: - tox-source: "./core[dev]" - build-subdirectory: ${{ matrix.subdir }} - distribution-path: "*/dist/*" + name: Package Toga + permissions: + id-token: write + contents: read + attestations: write strategy: matrix: subdir: @@ -58,6 +62,11 @@ jobs: - "textual" - "web" - "winforms" +# uses: beeware/.github/.github/workflows/python-package-create.yml@main + uses: rmartin16/.github-beeware/.github/workflows/python-package-create.yml@hynek-build + with: + build-subdirectory: ${{ matrix.subdir }} + attest: ${{ inputs.attest-package }} core: name: Test core @@ -94,30 +103,35 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4.1.6 + with: + fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5.1.0 with: python-version: ${{ matrix.python-version }} - - name: Install dev Dependencies - run: | - # We don't actually want to install toga-core; - # we just want the dev extras so we have a known version of tox and coverage - python -m pip install ./core[dev] + - name: Install Tox + uses: beeware/.github/.github/actions/install-requirement@main + with: + requirements: tox + extra: dev + project-root: core - name: Get Packages uses: actions/download-artifact@v4.1.7 with: - pattern: ${{ needs.package.outputs.artifact-name }}-* + pattern: ${{ format('{0}-*', needs.package.outputs.artifact-basename) }} merge-multiple: true + path: dist - name: Test run: | # The $(ls ...) shell expansion is done in the Github environment; # the value of TOGA_INSTALL_COMMAND will be a literal string without any shell expansions to perform - TOGA_INSTALL_COMMAND="python -m pip install ../$(ls core/dist/toga_core-*.whl)[dev] ../$(ls dummy/dist/toga_dummy-*.whl)" \ + TOGA_INSTALL_COMMAND="python -m pip install ../$(ls dist/toga_core-*.whl)[dev] ../$(ls dist/toga_dummy-*.whl)" \ tox -e py-cov + tox -qe coverage$(tr -dc "0-9" <<< "${{ matrix.python-version }}") mv core/.coverage core/.coverage.${{ matrix.platform }}.${{ matrix.python-version }} @@ -145,11 +159,12 @@ jobs: # https://github.com/nedbat/coveragepy/issues/1572#issuecomment-1522546425 python-version: ${{ env.min_python_version }} - - name: Install dev dependencies - run: | - # We don't actually want to install toga-core; - # we just want the dev extras so we have a known version of coverage - python -m pip install ./core[dev] + - name: Install Tox + uses: beeware/.github/.github/actions/install-requirement@main + with: + requirements: tox + extra: dev + project-root: core - name: Retrieve Coverage Data uses: actions/download-artifact@v4.1.7 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 89fa2e056d..83278a20b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,8 @@ on: jobs: ci: uses: ./.github/workflows/ci.yml + with: + attest-package: "true" docs: name: Verify Docs Build @@ -24,28 +26,29 @@ jobs: permissions: contents: write steps: - - name: Set build variables + - name: Set Build Variables run: | - echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV + echo "VERSION=${GITHUB_REF_NAME#v}" | tee -a $GITHUB_ENV - - name: Get packages + - name: Get Packages uses: actions/download-artifact@v4.1.7 with: - pattern: ${{ needs.ci.outputs.artifact-name }}-* + pattern: ${{ format('{0}-*', needs.ci.outputs.artifact-basename) }} merge-multiple: true + path: dist - - name: Create release + - name: Create Release uses: ncipollo/release-action@v1.14.0 with: name: ${{ env.VERSION }} draft: true - artifacts: "*/dist/*" + artifacts: "dist/*" artifactErrorsFailBuild: true deploy-test: name: Publish to TestPyPI runs-on: ubuntu-latest - needs: [ci, release] + needs: [ ci, release ] permissions: # This permission is required for trusted publishing. id-token: write @@ -68,16 +71,17 @@ jobs: - "toga_web" - "toga_winforms" steps: - - name: Get packages + - name: Get Packages uses: actions/download-artifact@v4.1.7 with: - pattern: ${{ needs.ci.outputs.artifact-name }}-* + pattern: ${{ format('{0}-*', needs.ci.outputs.artifact-basename) }} merge-multiple: true + path: staging_dist - name: Extract ${{ matrix.package }} run: | mkdir dist - mv */dist/$(echo ${{ matrix.package }} | sed 's/_/?/')-[0-9]* dist + mv staging_dist/$(echo ${{ matrix.package }} | sed 's/_/?/')-[0-9]* dist - name: Publish to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/changes/2604.misc.rst b/changes/2604.misc.rst new file mode 100644 index 0000000000..3f31ce7113 --- /dev/null +++ b/changes/2604.misc.rst @@ -0,0 +1 @@ +``hynek/build-and-inspect-python-package`` is now used to create the Python package. diff --git a/demo/pyproject.toml b/demo/pyproject.toml index 3b9f39cc81..dd9f696b62 100644 --- a/demo/pyproject.toml +++ b/demo/pyproject.toml @@ -119,3 +119,7 @@ build_gradle_dependencies = [ "com.google.android.material:material:1.11.0", "androidx.swiperefreshlayout:swiperefreshlayout:1.1.0", ] + +[tool.check-wheel-contents] +# WOO2: duplicated files (i.e. resource images) +ignore = "W002" diff --git a/toga/pyproject.toml b/toga/pyproject.toml index 085e281626..0472125a47 100644 --- a/toga/pyproject.toml +++ b/toga/pyproject.toml @@ -81,3 +81,8 @@ dependencies = [ # Web "toga-web == {version}; sys_platform=='emscripten'", ] + +[tool.check-wheel-contents] +# WOO7: wheel library is empty +# W008: wheel is empty +ignore = "W007,W008" diff --git a/tox.ini b/tox.ini index 0229bedd22..da319af80e 100644 --- a/tox.ini +++ b/tox.ini @@ -106,13 +106,3 @@ commands = all : python -m sphinx {[docs]sphinx_args} {posargs} -v -a -E -b html {[docs]docs_dir} {[docs]build_dir}{/}html live-!src : sphinx-autobuild {[docs]sphinx_args} {posargs} -b html {[docs]docs_dir} {[docs]build_dir}{/}live live-src : sphinx-autobuild {[docs]sphinx_args} {posargs} -a -E --watch {tox_root}{/}core{/}src{/}toga -b html {[docs]docs_dir} {[docs]build_dir}{/}live - -[testenv:package] -skip_install = True -passenv = FORCE_COLOR -deps = - build==1.2.1 - twine==5.1.0 -commands = - python -m build {posargs} - python -m twine check {posargs}{/}dist{/}*