From e2540afb076226e667b832c7c4b5d4669e0fd1af Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 6 Oct 2024 14:20:26 +0300 Subject: [PATCH] Generate digital attestations for PyPI (PEP 740) (#135) --- .github/workflows/deploy.yml | 6 ++++++ .github/workflows/main.yml | 8 ++++++++ .pre-commit-config.yaml | 8 ++++---- cherry_picker/cherry_picker.py | 2 +- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index afdf7d6..6dc1929 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -11,6 +11,9 @@ on: permissions: contents: read +env: + FORCE_COLOR: 1 + jobs: # Always build & lint package. build-package: @@ -47,6 +50,7 @@ jobs: - name: Publish to Test PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: + attestations: true repository-url: https://test.pypi.org/legacy/ # Publish to PyPI on GitHub Releases. @@ -71,3 +75,5 @@ jobs: - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 + with: + attestations: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 60f56db..a3fb835 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,6 +2,9 @@ name: tests on: [push, pull_request, workflow_dispatch] +permissions: + contents: read + env: FORCE_COLOR: 1 @@ -13,12 +16,14 @@ jobs: matrix: python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] os: [windows-latest, macos-latest, ubuntu-latest] + steps: - uses: actions/checkout@v4 with: # fetch all branches and tags # ref actions/checkout#448 fetch-depth: 0 + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: @@ -26,11 +31,14 @@ jobs: allow-prereleases: true cache: pip cache-dependency-path: pyproject.toml + - name: Install tox run: | python -m pip install tox + - name: Run tests run: tox -e py + - name: Upload coverage uses: codecov/codecov-action@v4 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 71227b0..2a532db 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.6.7 + rev: v0.6.8 hooks: - id: ruff args: [--exit-non-zero-on-fix] @@ -31,12 +31,12 @@ repos: - id: check-github-workflows - repo: https://github.com/rhysd/actionlint - rev: v1.7.1 + rev: v1.7.2 hooks: - id: actionlint - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.10.1 + rev: v1.11.2 hooks: - id: mypy args: @@ -56,7 +56,7 @@ repos: - id: pyproject-fmt - repo: https://github.com/abravalheri/validate-pyproject - rev: v0.19 + rev: v0.20.2 hooks: - id: validate-pyproject diff --git a/cherry_picker/cherry_picker.py b/cherry_picker/cherry_picker.py index 89fc411..95229b1 100755 --- a/cherry_picker/cherry_picker.py +++ b/cherry_picker/cherry_picker.py @@ -36,7 +36,7 @@ WORKFLOW_STATES = enum.Enum( - "Workflow states", + "WORKFLOW_STATES", """ FETCHING_UPSTREAM FETCHED_UPSTREAM