build: bump actions/upload-artifact from 4.4.3 to 4.5.0 (#516) #530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a workflow for previewing packages. It can be used for testing before a release to the "production" systems. | |
| # It will automatically create developmental release builds and make them available for all pushes to `main`. There is | |
| # also an ability to manually trigger this workflow, with additional options to (1) publish the package to TestPyPI and | |
| # (2) build, test, and make available a Windows standalone binary. | |
| --- | |
| name: Preview | |
| on: | |
| # Allow running this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| inputs: | |
| TestPyPI: | |
| description: "Publish to TestPyPI" | |
| type: boolean | |
| required: true | |
| default: false | |
| CompileWindows: | |
| description: "Create Windows binary" | |
| type: boolean | |
| required: true | |
| default: true | |
| push: | |
| branches: | |
| - main | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| POETRY_VERSION: "1.8.5" | |
| jobs: | |
| publish_preview: | |
| name: Build and Publish for Preview | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| outputs: | |
| next_ver: ${{ steps.dev_ver.outputs.next_ver }} | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # `python-semantic-release` needs full history to properly determine the next release version | |
| fetch-depth: 0 | |
| - name: Install poetry | |
| run: pipx install poetry==${{ env.POETRY_VERSION }} | |
| - name: Configure poetry | |
| run: | | |
| poetry config virtualenvs.in-project true | |
| poetry config repositories.testpypi https://test.pypi.org/legacy/ | |
| - name: Set up Python | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'poetry' | |
| - name: Install the project with poetry | |
| run: | | |
| poetry env use python${{ env.PYTHON_VERSION }} | |
| poetry check --lock | |
| poetry lock --no-update --no-cache | |
| poetry install --verbose --no-root --sync --with test,ci | |
| - name: Make developmental release version | |
| id: dev_ver | |
| # poetry version rules do not provide for developmental releases as specified in PEP440. | |
| # It can be pieced together with these commands. | |
| run: | | |
| curr_ver=$(poetry version --short) | |
| next_ver=$(poetry run semantic-release -v version --print) | |
| if [ "${curr_ver}" = "${next_ver}" ]; then | |
| next_ver=$(poetry run semantic-release -v version --print --patch) | |
| fi | |
| echo "next_ver=${next_ver}" >> "${GITHUB_OUTPUT}" | |
| poetry version "${next_ver}.dev${GITHUB_RUN_NUMBER}" | |
| - name: Run tox via poetry | |
| run: poetry run tox | |
| - name: Build wheel and source distribution | |
| run: poetry build -vvv | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: dist | |
| path: ./dist/ | |
| if-no-files-found: error | |
| - name: Publish to TestPyPI | |
| if: inputs.TestPyPI | |
| run: poetry publish --repository testpypi --username __token__ --password ${{ secrets.TESTPYPI_API_TOKEN }} | |
| build_windows: | |
| name: Build Windows ${{ matrix.name }} binary | |
| if: inputs.CompileWindows | |
| needs: publish_preview | |
| runs-on: windows-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: standalone | |
| options: --standalone --remove-output | |
| binary: ./build/cli.dist/phylum-ci.exe | |
| artifact: ./phylum-ci.zip | |
| - name: onefile | |
| options: --onefile --onefile-tempdir-spec="{CACHE_DIR}/{PRODUCT}/{VERSION}" | |
| binary: ./build/phylum-ci.exe | |
| artifact: ./build/phylum-ci.exe | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # Nuitka needs the packaged form and not the editable install Poetry provides | |
| # Ref: https://github.com/Nuitka/Nuitka/issues/2965 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| - name: Set up Python | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install poetry | |
| run: pipx install --python ${{ env.PYTHON_VERSION }} poetry==${{ env.POETRY_VERSION }} | |
| - name: Configure poetry | |
| run: poetry config virtualenvs.in-project true | |
| - name: Install the project with poetry | |
| run: | | |
| poetry check --lock | |
| poetry lock --no-update --no-cache | |
| poetry install --verbose --no-root --sync --with compile | |
| poetry run python -m pip install --find-links dist --no-index phylum | |
| - name: Compile binary with Nuitka | |
| env: | |
| PREVIEW_VER: ${{ needs.publish_preview.outputs.next_ver }} | |
| run: | | |
| poetry run python -m nuitka ` | |
| ${{ matrix.options }} ` | |
| --output-dir=build ` | |
| --output-filename="phylum-ci.exe" ` | |
| --include-package=phylum ` | |
| --include-package-data=phylum ` | |
| --include-distribution-metadata=phylum ` | |
| --product-name=phylum-ci ` | |
| --product-version=${env:PREVIEW_VER} ` | |
| --file-version=${env:GITHUB_RUN_NUMBER} ` | |
| --company-name="Phylum, Inc." ` | |
| --copyright="Copyright (C) 2024 Phylum, Inc." ` | |
| --file-description="Analyze dependencies in CI with Phylum" ` | |
| --windows-icon-from-ico="docs/img/favicon.ico" ` | |
| --warn-implicit-exceptions ` | |
| --warn-unusual-code ` | |
| --assume-yes-for-downloads ` | |
| --report=nuitka-compilation-report.xml ` | |
| --deployment ` | |
| src/phylum/ci/cli.py | |
| # Create the archive here because the confirmation step adds files to the source path | |
| - name: Create standalone zip archive | |
| if: matrix.name == 'standalone' | |
| run: Compress-Archive -Path ./build/cli.dist/* -DestinationPath ${{ matrix.artifact }} | |
| - name: Confirm operation of binary | |
| env: | |
| PHYLUM_API_KEY: ${{ secrets.PHYLUM_TOKEN }} | |
| PHYLUM_BYPASS_CI_DETECTION: true | |
| run: | | |
| ${{ matrix.binary }} -h | |
| ${{ matrix.binary }} -vvaf | |
| - name: Upload ${{ matrix.name }} artifact | |
| if: always() | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: phylum-ci-${{ matrix.name }} | |
| path: ${{ matrix.artifact }} | |
| if-no-files-found: error | |
| - name: Upload compilation report | |
| if: always() | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: nuitka-compilation-report-${{ matrix.name }} | |
| path: ./nuitka-compilation-report.xml | |
| if-no-files-found: warn | |
| # Nuitka will create a crash report with a static name when there are failures | |
| - name: Upload crash report | |
| if: always() | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: nuitka-crash-report-${{ matrix.name }} | |
| path: ./nuitka-crash-report.xml | |
| if-no-files-found: ignore |