chore: Secureli 265 python311 support (#317) #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will call the build_and_test.yml workflow to install Python dependencies, run tests and lint | ||
| # with a single version of Python | ||
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | ||
| # These jobs are specifically designed to test the codebase | ||
| # and ensure that basic contributing from both mac and windows will work | ||
| # Once both windows and mac builds are successful, the next steps will | ||
| # - using semantic-version will version the code, pushing the version back to the repo | ||
| # - push a package to pypi | ||
| # - push a formula to the homebrew repo | ||
| name: Publish | ||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| jobs: | ||
| build-test: | ||
| name: Build & Test | ||
| uses: ./.github/workflows/build_and_test.yml | ||
| secureli-release: | ||
| name: GH Release | ||
| needs: [ build-test ] | ||
| runs-on: ubuntu-latest | ||
| environment: publish | ||
| concurrency: release | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| outputs: | ||
| uploaded: ${{ steps.upload.outputs.uploaded }} | ||
| steps: | ||
| - name: Get App Token | ||
| uses: tibdex/github-app-token@v2 | ||
| id: app_token | ||
| with: | ||
| app_id: ${{ secrets.APP_ID }} | ||
| private_key: ${{ secrets.APP_PRIVATE_KEY }} | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ steps.app_token.outputs.token }} | ||
| - name: Set up Python 3.11 | ||
| id:setup-python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: 3.11 | ||
| - name: Install dependencies | ||
| id: | ||
| run: | | ||
| python3.11 -m pip install poetry --upgrade pip | ||
| poetry config virtualenvs.create false | ||
| poetry install | ||
| # Can't use: python-semantic-release/[email protected] | ||
| # it's running Python 3.10, and Secureli requires >=3.11 | ||
| - name: Python Semantic Release | ||
| id: release | ||
| run: | | ||
| git config --global user.name "github-actions" | ||
| git config --global user.email "[email protected]" | ||
| semantic-release publish -D commit_author="github-actions <[email protected]>" | ||
| env: | ||
| github_token: ${{ steps.app_token.outputs.token }} | ||
| - name: Upload assets to GitHub Releases | ||
| id: upload | ||
| env: | ||
| GH_TOKEN: ${{ steps.app_token.outputs.token }} | ||
| run: | | ||
| if [[ -d dist ]]; then | ||
| if [[ -n "$(find ./dist -name 'secureli*' -print -quit)" ]]; then | ||
| gh release upload ${{ steps.release.outputs.tag }} ./dist/secureli* | ||
| echo "uploaded=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "uploaded=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| else | ||
| echo "uploaded=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - name: Display Output | ||
| run: echo uploaded=${{ steps.upload.outputs.uploaded }} | ||
| secureli-publish: | ||
| name: PyPI Publish | ||
| if: needs.secureli-release.outputs.uploaded == 'true' | ||
| runs-on: ubuntu-latest | ||
| needs: secureli-release | ||
| permissions: | ||
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | ||
| steps: | ||
| - name: Display Inputs | ||
| run: echo uploaded=${{ needs.secureli-release.outputs.uploaded }} | ||
| - name: Checkout seCureLI Repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: main | ||
| fetch-depth: 0 | ||
| - name: Set up Python 3.11 | ||
| id: setup-python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: "3.11" | ||
| - run: | | ||
| pip install poetry | ||
| poetry install | ||
| poetry build | ||
| - name: Publish package distributions to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| skip-existing: true | ||
| deploy: | ||
| name: Upload Homebrew Formula | ||
| if: needs.secureli-release.outputs.uploaded == 'true' | ||
| runs-on: ubuntu-latest | ||
| environment: publish | ||
| needs: secureli-release | ||
| steps: | ||
| - name: Display Inputs | ||
| run: echo uploaded=${{ needs.secureli-release.outputs.uploaded }} | ||
| - name: Get App Token | ||
| uses: tibdex/github-app-token@v2 | ||
| id: app_token | ||
| with: | ||
| app_id: ${{ secrets.APP_ID }} | ||
| private_key: ${{ secrets.APP_PRIVATE_KEY }} | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: main | ||
| fetch-depth: 0 | ||
| - name: Checkout seCureLI Homebrew Repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: slalombuild/homebrew-secureli | ||
| token: ${{ steps.app_token.outputs.token }} | ||
| path: homebrew-secureli | ||
| ref: main | ||
| fetch-depth: 0 | ||
| - name: Homebrew Formula Generation | ||
| env: | ||
| GH_TOKEN: ${{ steps.app_token.outputs.token }} | ||
| run: ./scripts/secureli-deployment.sh | ||
| integration-testing: | ||
| name: Integration Testing | ||
| needs: [ build-test, secureli-release, secureli-publish, deploy ] | ||
| if: | | ||
| always() && | ||
| (needs.secureli-publish.result == 'success' || needs.secureli-publish.result == 'skipped') && | ||
| (needs.deploy.result == 'success' || needs.deploy.result == 'skipped') | ||
| uses: ./.github/workflows/integration_testing.yml | ||
