Skip to content

use the preferred option annotated version, also fixes test errors #701

use the preferred option annotated version, also fixes test errors

use the preferred option annotated version, also fixes test errors #701

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
# These jobs are specifically designed to test the codebase
# and ensure that basic contributing from both mac and windows will work
# Once both windows and mac builds are successful, the next steps will
# - using semantic-version will version the code, pushing the version back to the repo
# - push a package to pypi
# - push a formula to the homebrew repo
name: secureliCI
on:
push
jobs:
build-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.9
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.9"
- name: Set Up Project
run: |
pip install poetry
poetry install
- name: Run Tests
run: |
poetry run poe precommit
# Both of these lines error when run on a windows image, more research required as to why
# poetry run poe coverage
# poetry run secureli build
build-linux:
runs-on: ubuntu-latest
steps:
- name: Get App Token
uses: tibdex/github-app-token@v1
id: app_token
with:
app_id: 360953
private_key: ${{ secrets.ACTIONHELPER }}
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Validate Branch name
run: ./scripts/get-current-branch.sh
- name: Set up Python 3.9
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.9"
- name: Set Up Project
run: |
pip install poetry
poetry install
- name: Run Tests
run: |
export GH_TOKEN=${{ secrets.ADMIN_TOKEN_SASCHA }}
poetry run poe precommit
poetry run poe coverage
poetry run secureli build
secureli-release-noop:
needs: [ build-linux, build-windows ]
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
concurrency: release
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Python Semantic Release
uses: relekang/python-semantic-release@master
with:
root_options: -vv --noop
secureli-release:
needs: [ build-linux, build-windows ]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
concurrency: release
permissions:
id-token: write
contents: write
outputs:
uploaded: ${{ steps.upload.outputs.uploaded }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.ADMIN_TOKEN_SASCHA }}
- name: Python Semantic Release
id: release
uses: python-semantic-release/python-semantic-release@v8.0.4
with:
github_token: ${{ secrets.ADMIN_TOKEN_SASCHA }}
- name: Upload assets to GitHub Releases
id: upload
run: |
if [[ -n "$(find . -maxdepth 1 -name 'secureli*' -print -quit)" ]]; then
export GH_TOKEN=${{ secrets.ADMIN_TOKEN_SASCHA }}
gh release upload ${{ steps.release.outputs.tag }} ./dist/secureli*
echo "uploaded=true" >> "$GITHUB_OUTPUT"
else
echo "uploaded=false" >> "$GITHUB_OUTPUT"
fi
- name: Display Output
run: echo uploaded=${{ steps.upload.outputs.uploaded }}
secureli-publish:
name: Upload release to PyPI
if: github.ref == 'refs/heads/main' && needs.secureli-release.outputs.uploaded == 'true'
runs-on: ubuntu-latest
needs: secureli-release
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- name: Display Inputs
run: echo uploaded=${{ needs.secureli-release.outputs.uploaded }}
- name: Checkout seCureLI Repo
uses: actions/checkout@v3
with:
ref: main
fetch-depth: 0
- run: |
pip install poetry
poetry install
poetry build
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
skip-existing: true
deploy:
name: Upload Homebrew Formula
if: github.ref == 'refs/heads/main' && needs.secureli-release.outputs.uploaded == 'true'
runs-on: ubuntu-latest
needs: secureli-release
steps:
- name: Display Inputs
run: echo uploaded=${{ needs.secureli-release.outputs.uploaded }}
- name: Get App Token
uses: tibdex/github-app-token@v1
id: app_token
with:
app_id: 360953
private_key: ${{ secrets.ACTIONHELPER }}
- uses: actions/checkout@v3
with:
ref: main
fetch-depth: 0
- name: Checkout seCureLI Homebrew Repo
uses: actions/checkout@v3
with:
repository: slalombuild/homebrew-secureli
token: ${{ secrets.ADMIN_TOKEN_SASCHA }}
path: homebrew-secureli
ref: main
fetch-depth: 0
- name: Homebrew Formula Generation
env:
GH_TOKEN: ${{ secrets.ADMIN_TOKEN_SASCHA }}
run: ./scripts/secureli-deployment.sh