From 0a8bbb50992a26c0020337784fc656b4c1eab222 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 9 May 2024 13:00:54 +0100
Subject: [PATCH 1/3] ci: Download after checkout
---
.github/workflows/build-publish.yml | 26 ++++++++------------------
1 file changed, 8 insertions(+), 18 deletions(-)
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index fc40b25..c07338b 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -18,17 +18,14 @@ jobs:
steps:
- name: Checkout this repo
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
-
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: '3.11'
-
- name: Install Poetry
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 # v3.0.0
with:
poetry-version: '1.8.2'
-
# The dark mode and light mode Atsign logos in the GitHub README don't
# show properly on PyPI so we have a copy of the README.md in
# README.PyPI.md with just the light mode logo.
@@ -36,11 +33,9 @@ jobs:
- name: Check that READMEs are in sync
run: |
diff <(tail -n +2 README.md) <(tail -n +2 README.PyPI.md)
-
- name: Build using Poetry
run: |
poetry build
-
- name: Store the distribution packages
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
@@ -52,14 +47,11 @@ jobs:
needs:
- build
runs-on: ubuntu-latest
-
environment:
name: testpypi
url: https://test.pypi.org/p/atsdk
-
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
-
steps:
- name: Download all the dists
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
@@ -83,7 +75,6 @@ jobs:
url: https://pypi.org/p/atsdk
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
-
steps:
- name: Download all the dists
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
@@ -92,6 +83,8 @@ jobs:
path: dist/
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
+ with:
+ skip-existing: true
github-release:
name: Attest Python distribution artifacts and upload them to the GitHub Release
@@ -100,23 +93,21 @@ jobs:
runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
-
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
attestations: write
-
steps:
- - name: Download all the dists
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
- with:
- name: python-package-distributions
- path: dist/
- name: Checkout requirements.txt
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
sparse-checkout: requirements.txt
sparse-checkout-cone-mode: false
+ - name: Download all the dists
+ uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+ with:
+ name: python-package-distributions
+ path: dist/
- name: Install Syft
uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
- name: Generate SBOMs
@@ -140,8 +131,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
- # `dist/` contains the built packages, and the
- # sigstore-produced signatures and certificates.
+ # `dist/` contains the built packages
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
From 99b67e6a32de59f8370ed9dd835cf9752bf87750 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 9 May 2024 14:43:04 +0100
Subject: [PATCH 2/3] docs: Badges and more robust PyPI REAME mechanism
---
.github/workflows/build-publish.yml | 8 +-
README.PyPI.md | 190 ----------------------------
README.PyPI.md.stub | 1 +
README.md | 2 +
4 files changed, 8 insertions(+), 193 deletions(-)
delete mode 100644 README.PyPI.md
create mode 100644 README.PyPI.md.stub
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index c07338b..a7a4b83 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -29,10 +29,12 @@ jobs:
# The dark mode and light mode Atsign logos in the GitHub README don't
# show properly on PyPI so we have a copy of the README.md in
# README.PyPI.md with just the light mode logo.
- # This step checks that we don't have drift between the docs.
- - name: Check that READMEs are in sync
+ # That README is generated here from a stub header line plus the rest
+ # of the main README.md
+ - name: Generate README for PyPI
run: |
- diff <(tail -n +2 README.md) <(tail -n +2 README.PyPI.md)
+ mv README.PyPI.md.stub README.PyPI.md
+ tail -n +2 README.md >> README.PyPI.md
- name: Build using Poetry
run: |
poetry build
diff --git a/README.PyPI.md b/README.PyPI.md
deleted file mode 100644
index 9d83108..0000000
--- a/README.PyPI.md
+++ /dev/null
@@ -1,190 +0,0 @@
-
-
-[](https://securityscorecards.dev/viewer/?uri=github.com/atsign-foundation/at_python&sort_by=check-score&sort_direction=desc)
-[](https://www.bestpractices.dev/projects/8104)
-
-# The atPlatform for Python developers - (Beta Version)
-
-This repo contains library, samples and examples for developers who wish
-to work with the atPlatform from Python code.
-
-## Getting Started
-
-### 1. Installation
-
-This package can be installed from PyPI with:
-
-```sh
-pip install atsdk
-```
-
-Alternatively clone this repo and from the repo root:
-
-```shell
-pip install -r requirements.txt
-pip install .
-```
-
-### 2. Setting up your `.atKeys`
-
-To run the examples save .atKeys file in the '~/.atsign/keys/' directory.
-
-### 3. Sending and Receiving Data
-
-There are 3 ways in which data can be sent and received from at server.
-
-1. Using PublicKey
-
- ```python
- from at_client import AtClient
- from at_client.common import AtSign
- from at_client.common.keys import PublicKey
-
- atsign = AtSign("@bob")
- atclient = AtClient(atsign)
- pk = PublicKey("key", atsign)
-
- # Sending data
- response = atclient.put(pk, "value")
- print(response)
-
- # Receiving Data
- response = atclient.get(pk)
- print(response)
-
- # Deleting data
- response = atclient.delete(pk)
- print(response)
- ```
-
-2. Using SelfKey
-
- ```python
- from at_client import AtClient
- from at_client.common import AtSign
- from at_client.common.keys import SelfKey
-
- atsign = AtSign("@bob")
- atclient = AtClient(atsign)
- sk = SelfKey("key", atsign)
-
- # Sending data
- response = atclient.put(sk, "value")
- print(response)
-
- # Receiving Data
- response = atclient.get(sk)
- print(response)
-
- # Deleting data
- response = atclient.delete(sk)
- print(response)
- ```
-
-3. Using SharedKey
-
- ```python
- from at_client import AtClient
- from at_client.common import AtSign
- from at_client.common.keys import SharedKey
-
- bob = AtSign("@bob")
- alice = AtSign("@alice")
- bob_atclient = AtClient(bob)
- sk = SharedKey("key", bob, alice)
-
- # Sending data
- response = bob_atclient.put(sk, "value")
- print(response)
-
- # Receiving Data
- alice_atclient = AtClient(alice)
- response = alice_atclient.get(sk)
- print(response)
-
- # Deleting data
- response = bob_atclient.delete(sk)
- print(response)
- ```
-
-### CLI Tools
-
-* **REPL** - you can use this to type atPlatform commands and see responses;
-but the best thing about the REPL currently is that it shows the data
-notifications as they are received. The REPL code has the essentials of what
-a 'receiving' client needs to do - i.e.
- * create an AtClient (assigning a Queue object to its queue parameter)
- * start two new threads
- * one for the AtClient.start_monitor() task: receives data update/delete
- notification events (the event data contains the ciphertext)
- * the other one calls handle_event() method, which will read the
- upcoming events in the queue and handle them:
- * calling AtClient.handle_event() (to decrypt the notifications and
- introducing the result as a new event in the queue)
- * reading the new event, which contains the decrypted result
- * Instructions to run the REPL:
- 1) Run repl.py and choose an atSign using option `1`
- 2) Select option `2`. REPL will start and activate monitor mode
- automatically in a different thread. You can still send commands/verbs.
- You will start seeing your own notifications (from yourself to yourself)
- and heartbeat working (noop verb is sent from time to time as a keepalive)
- 3) Use `at_talk` or any other tool to send notifications to your atSign
- from a different atSign. You should be able to see the complete
- notification, and the encrypted and decrypted value of it.
-
-* **REGISTER** - use this cli to register new free atsign. Uses onboarding
-cli to create atkey files.
- * Use following command to run the REGISTER cli using email:
-
- ```shell
- python register.py -e
- ```
-
- * Use following command to run the REGISTER cli using api-key:
-
- ```shell
- python register.py -k
- ```
-
-* **ONBOARDING** - use this cli to onboard a new atSign. Once onboarding
-is complete it creates the all-important keys file. Onboard is a subset of
-Register.
- * Use following command to run the ONBOARDING cli:
-
- ```shell
- python onboarding.py -a -c
- ```
-
-* **SHARE** - use this cli to share data between 2 atsigns.
- * Use following command to run the SHARE cli:
-
- ```shell
- python share.py -a -o -k -s
- ```
-
-* **GET** - use this cli to get shared data between 2 atsigns.
- * Use following command to run the GET cli:
-
- ```shell
- python get.py -a -o -k
- ```
-
-* **DELETE** - use this cli to delete any key shared between 2 atsigns.
- * Use following command to run the DELETE cli:
-
- ```shell
- python delete.py -a -o -k
- ```
-
-## Open source usage and contributions
-
-This is open source code, so feel free to use it as is, suggest changes or
-enhancements or create your own version. See
-[CONTRIBUTING.md](./CONTRIBUTING.md) for detailed guidance on how to setup
-tools, tests and make a pull request.
-
-## Maintainers
-
-This project was created by [Umang Shah](https://github.com/shahumang19)
-and is maintained by [Chris Swan](https://github.com/cpswan) and
-[Xavier Lin](https://github.com/xlin123)
diff --git a/README.PyPI.md.stub b/README.PyPI.md.stub
new file mode 100644
index 0000000..2841701
--- /dev/null
+++ b/README.PyPI.md.stub
@@ -0,0 +1 @@
+
diff --git a/README.md b/README.md
index 987b99c..db34e93 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
+[](./LICENSE)
+[](https://badge.fury.io/py/sshnpd)
[](https://securityscorecards.dev/viewer/?uri=github.com/atsign-foundation/at_python&sort_by=check-score&sort_direction=desc)
[](https://www.bestpractices.dev/projects/8104)
From 50a653f3ed091679f06135f4357dbbc94acf3e32 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 9 May 2024 14:49:30 +0100
Subject: [PATCH 3/3] docs: Correct PyPI badge ref
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index db34e93..445d197 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
[](./LICENSE)
-[](https://badge.fury.io/py/sshnpd)
+[](https://badge.fury.io/py/atsdk)
[](https://securityscorecards.dev/viewer/?uri=github.com/atsign-foundation/at_python&sort_by=check-score&sort_direction=desc)
[](https://www.bestpractices.dev/projects/8104)