commit: ea5e51ea68b0e206ff485aeca655917c35d69295
Author: Brian Harring <ferringb <AT> gmail <DOT> com>
AuthorDate: Mon Dec 1 00:19:20 2025 +0000
Commit: Brian Harring <ferringb <AT> gmail <DOT> com>
CommitDate: Mon Dec 1 00:34:40 2025 +0000
URL:
https://gitweb.gentoo.org/proj/pkgcore/snakeoil.git/commit/?id=ea5e51ea
chore(gh): use the release artifact for testing
Signed-off-by: Brian Harring <ferringb <AT> gmail.com>
.github/workflows/release.yml | 134 ++++++++++++++++++++++++++++--------------
.github/workflows/test.yml | 21 ++++++-
Makefile | 20 +++++--
doc/build.sh | 39 ++++++++++++
4 files changed, 164 insertions(+), 50 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 612b413..7cc4449 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,33 +2,26 @@ name: release
on:
push:
- branches: [deploy]
+ branches: [release-test-pypi, release-test-github, release-test-full]
tags: [v*]
+ workflow_dispatch:
+
jobs:
- build-and-deploy:
+ build:
runs-on: ubuntu-latest
- environment: release
-
- permissions:
- id-token: write # Used to authenticate to PyPI via OIDC
-
- contents: write # Used to authenticate github release publish
+ outputs:
+ release-artifact-id: ${{ steps.upload-release.outputs.artifact-id }}
+ wheel-artifact-id: ${{ steps.upload-wheel.outputs.artifact-id }}
+ artifact-runner: ${{ github.job }}
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v5
- name: Reject any VCS dependencies
- shell: python
- run: |
- import re, tomllib
- manifest = tomllib.load(open('pyproject.toml', 'rb'))
- deps = manifest['build-system']['requires']
- deps.extend(manifest['project']['dependencies'])
- if rejects := list(filter(re.compile(r'@[^+]+').search, deps)):
- rejects = " \n".join(sorted(rejects))
- raise Exception(f'VCS dependencies were detected in
[build-system]:\n {rejects}')
+ continue-on-error: ${{ github.ref_type == 'branch' && github.ref_name !=
'release-test-full' }}
+ uses: pkgcore/gh-actions/reject-python-vcs-deps@main
- name: Set up Python 3.13
uses: actions/setup-python@v5
@@ -40,43 +33,98 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip
- pip install build .[test]
-
- - name: Test with pytest
- env:
- PY_COLORS: 1 # forcibly enable pytest colors
- run: pytest
+ pip install build ".[doc]"
- - name: Build sdist
+ - name: Build the release
run: |
- git clean -fxd
- # build sdist
- make sdist
-
- - name: Build wheel
- run: make wheel
+ make release
- name: Output dist file info
run: |
sha512sum dist/*
+ echo ::group::Release contents
tar -ztf dist/*.tar.gz | sort
+ echo ::endgroup::
+ echo ::group::All generated content in dist
+ find .
+ echo ::endgroup::
+
+ - name: Upload wheel
+ id: upload-wheel
+ uses: actions/upload-artifact@v5
+ with:
+ name: wheel-release
+ path: dist/*.whl
+ if-no-files-found: error
- - uses: actions/upload-artifact@v4
+ - name: Upload release source
+ id: upload-release
+ uses: actions/upload-artifact@v5
with:
- name: results
- path: dist/*
+ name: release-source
+ path: dist/*.tar.gz
if-no-files-found: error
- compression-level: 0
- overwrite: true
- - name: publish
- uses: pypa/gh-action-pypi-publish@release/v1
- if: startsWith(github.ref, 'refs/tags/')
+ test:
+ needs: [build]
+ uses: ./.github/workflows/test.yml
+ with:
+ release-artifact-id: ${{ needs.build.outputs.release-artifact-id }}
+ disable-format-check: true
+
+ publish:
+ if: github.ref_type == 'tag'
+ needs: [build, test]
+ environment: release
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+ contents: write # release uploads
+ runs-on: ubuntu-latest
+
+ steps:
+ - &common_download_artifacts
+ name: Download artifacts
+ uses: actions/download-artifact@v5
+ with:
+ merge-multiple: true # store both in the root, not in named directories
+ artifact-ids: ${{ needs.build.outputs.release-artifact-id }},${{
needs.build.outputs.wheel-artifact-id }}
+
+ - name: Publish github source
+ uses: softprops/action-gh-release@v2
+ with:
+ files: '*.tar.*'
+ fail_on_unmatched_files: true
+
+ - name: Publish to PyPi server
+ uses: pypa/gh-action-pypi-publish@release/v1.13
+ with:
+ packages-dir: .
+
+ test-publish:
+ # use the full form to ensure insane tags and errors in 'on' filter still
don't kick.
+ if: github.ref_type == 'branch'
+ needs: [build, test]
+ environment: test-release
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+ contents: write # release uploads-
+ runs-on: ubuntu-latest
- - name: Create GitHub release
- uses: softprops/action-gh-release@v1
- if: startsWith(github.ref, 'refs/tags/')
+ steps:
+ - *common_download_artifacts
+ - name: Publish github source
+ uses: softprops/action-gh-release@v2
+ if: github.ref_name == 'release-test-github' || github.ref_name ==
'release-test-full'
with:
- files: dist/*.tar.gz
+ files: '*.tar.*'
fail_on_unmatched_files: true
draft: true
+
+ - name: Publish to Test PyPi server
+ if: github.ref_name == 'release-test-pypi' || github.ref_name ==
'release-test-full'
+ uses: pypa/gh-action-pypi-publish@release/v1.13
+ with:
+ packages-dir: .
+ repository-url: https://test.pypi.org/legacy/
+ # attestations are bound in a way re-releasing isn't possible.
Disable for tests.
+ attestations: false
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 48643cc..accd3ce 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,9 +2,20 @@ name: test
on:
push:
- branches-ignore: [deploy]
+ branches-ignore: [release-test-*]
pull_request:
branches: [master]
+ workflow_call:
+ inputs:
+ release-artifact-id:
+ required: false
+ type: string
+ default: ''
+ description: The artifact-id to run the tests against.
+ disable-format-check:
+ type: string
+ default: ''
+ description: Disable ruff format check if it is a non empty value
jobs:
build:
@@ -26,7 +37,9 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: pkgcore/gh-actions/get-source@main
+ with:
+ artifact-id: ${{ inputs.release-artifact-id }}
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
@@ -66,8 +79,9 @@ jobs:
fail-fast: false
steps:
- name: Checkout snakeoil
- uses: actions/checkout@v4
+ uses: pkgcore/gh-actions/get-source@main
with:
+ artifact-id: ${{ inputs.release-artifact-id }}
path: snakeoil
- name: Find last ${{ matrix.repo }} release
@@ -112,6 +126,7 @@ jobs:
format:
runs-on: ubuntu-latest
+ if: inputs.disable-format-check == ''
steps:
- name: Checkout code
uses: actions/checkout@v4
diff --git a/Makefile b/Makefile
index a342679..cb167e8 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,31 @@
PYTHON ?= python
-SPHINX_BUILD ?= sphinx-build
-
.PHONY: man html
man html:
- $(SPHINX_BUILD) -a -b $@ doc build/sphinx/$@
+ doc/build.sh $@ "$$(pwd)/build/sphinx/$@"
+
+html: man
+
+.PHONY: docs
+docs: man html
.PHONY: sdist wheel
sdist wheel:
$(PYTHON) -m build --$@
+sdist: man
+
+.PHONY: release
+release: sdist wheel
+
.PHONY: clean
clean:
- $(RM) -r build/sphinx doc/api dist
+ $(RM) -rf build/sphinx doc/api dist
.PHONY: format
format:
$(PYTHON) -m ruff format
+
+.PHONY: dev-environment
+dev-environment:
+ $(PYTHON) -m pip install -e .[test,doc,formatter]
diff --git a/doc/build.sh b/doc/build.sh
new file mode 100755
index 0000000..5199737
--- /dev/null
+++ b/doc/build.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -e
+base=$(dirname "$(dirname "$(readlink -f "$0")")")
+
+if [ ${#} -ne 2 ]; then
+ echo "requires 2 arguments; the sphinx mode, and where to put the output."
+ exit 1;
+fi
+mode="$1"
+output="$2"
+
+
+
+# the point of this script is to capture sphinx output for extension
+# failures, and also dump that log automatically.
+
+# force US; sphinx errors are localized, and we're abusing grep.
+export LANG=en_US.UTF-8
+
+# capture stderr
+t=$(mktemp)
+if python -m sphinx.cmd.build -a -b "$mode" "$base/doc" "$output" 2>$t; then
+ exit $?
+fi
+
+# extract the traceback path
+dump=$(grep -A1 'traceback has been saved in' "$t" | tail -n1)
+cat < "$t"
+echo
+if [ -z "$dump" ]; then
+ echo "FAILED auto extracting the traceback file. you'll have to do it
manually"
+else
+ echo
+ echo "contents of $dump"
+ echo
+ cat < "$dump"
+ rm "$t"
+fi
+
+exit 2
\ No newline at end of file
