commit: c3ae2a7c22dd688bbc67736576e8e824f85468ae
Author: Brian Harring <ferringb <AT> gmail <DOT> com>
AuthorDate: Mon Dec 1 00:48:25 2025 +0000
Commit: Brian Harring <ferringb <AT> gmail <DOT> com>
CommitDate: Mon Dec 1 00:52:21 2025 +0000
URL:
https://gitweb.gentoo.org/proj/pkgcore/pkgcheck.git/commit/?id=c3ae2a7c
chore: pull in the reusable test.yml changes
Signed-off-by: Brian Harring <ferringb <AT> gmail.com>
.github/workflows/release.yml | 138 +++++++++++++++++++++++++++++-------------
.github/workflows/test.yml | 19 +++++-
2 files changed, 112 insertions(+), 45 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f866d9aa..d36784d0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,86 +1,138 @@
+
name: release
on:
push:
- branches: [deploy]
+ branches: [release-test-pypi, release-test-github, release-test-full]
tags: [v*]
workflow_dispatch:
+
jobs:
- build-and-deploy:
+ build:
runs-on: ubuntu-latest
- environment: release
-
- permissions:
- id-token: write # Used to authenticate to PyPI via OIDC
-
- contents: write # Used to authenticate github release publish
+ outputs:
+ release-artifact-id: ${{ steps.upload-release.outputs.artifact-id }}
+ wheel-artifact-id: ${{ steps.upload-wheel.outputs.artifact-id }}
+ artifact-runner: ${{ github.job }}
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v5
- name: Reject any VCS dependencies
- shell: python
- continue-on-error: ${{ github.ref_type == 'branch' }}
- run: |
- import re, tomllib
- manifest = tomllib.load(open('pyproject.toml', 'rb'))
- deps = manifest['build-system']['requires']
- deps.extend(manifest['project']['dependencies'])
- if rejects := list(filter(re.compile(r'@[^+]+').search, deps)):
- rejects = " \n".join(sorted(rejects))
- raise Exception(f'VCS dependencies were detected in
[build-system]:\n {rejects}')
+ continue-on-error: ${{ github.ref_type == 'branch' && github.ref_name !=
'release-test-full' }}
+ uses: pkgcore/gh-actions/reject-python-vcs-deps@main
- name: Set up Python 3.13
uses: actions/setup-python@v5
with:
python-version: "3.13"
+ cache: 'pip'
+ cache-dependency-path: pyproject.toml
- name: Install dependencies
run: |
python -m pip install --upgrade pip
- pip install build ".[test,doc]"
+ pip install build ".[doc]"
- - name: Test with pytest
- env:
- PY_COLORS: 1 # forcibly enable pytest colors
- run: pytest
-
- - name: Build sdist
+ - name: Build the release
run: |
- git clean -fxd
- make man
- make sdist
-
- - name: Build wheel
- run: make wheel
+ make release
- name: Output dist file info
run: |
sha512sum dist/*
+ echo ::group::Release contents
tar -ztf dist/*.tar.gz | sort
+ echo ::endgroup::
+ echo ::group::All generated content in dist
+ find .
+ echo ::endgroup::
+
+ - name: Upload wheel
+ id: upload-wheel
+ uses: actions/upload-artifact@v5
+ with:
+ name: wheel-release
+ path: dist/*.whl
+ if-no-files-found: error
- - uses: actions/upload-artifact@v4
+ - name: Upload release source
+ id: upload-release
+ uses: actions/upload-artifact@v5
with:
- name: results
- path: dist/*
+ name: release-source
+ path: dist/*.tar.gz
+ if-no-files-found: error
+
+ test:
+ needs: [build]
+ uses: ./.github/workflows/test.yml
+ with:
+ release-artifact-id: ${{ needs.build.outputs.release-artifact-id }}
+ disable-format-check: true
+
+ publish:
+ if: github.ref_type == 'tag'
+ needs: [build, test]
+ environment: release
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+ contents: write # release uploads
+ runs-on: ubuntu-latest
- - name: publish
- uses: pypa/gh-action-pypi-publish@release/v1
- if: startsWith(github.ref, 'refs/tags/')
+ steps:
+ - &common_download_artifacts
+ name: Download artifacts
+ uses: actions/download-artifact@v5
+ with:
+ merge-multiple: true # store both in the root, not in named directories
+ artifact-ids: ${{ needs.build.outputs.release-artifact-id }},${{
needs.build.outputs.wheel-artifact-id }}
+
+ - name: Publish github source
+ uses: softprops/action-gh-release@v2
+ with:
+ files: '*.tar.*'
+ fail_on_unmatched_files: true
+
+ - name: Publish to PyPi server
+ uses: pypa/gh-action-pypi-publish@release/v1.13
+ with:
+ packages-dir: .
- - name: Create GitHub release
- uses: softprops/action-gh-release@v1
- if: startsWith(github.ref, 'refs/tags/')
+ test-publish:
+ # use the full form to ensure insane tags and errors in 'on' filter still
don't kick.
+ if: github.ref_type == 'branch'
+ needs: [build, test]
+ environment: test-release
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+ contents: write # release uploads-
+ runs-on: ubuntu-latest
+
+ steps:
+ - *common_download_artifacts
+ - name: Publish github source
+ uses: softprops/action-gh-release@v2
+ if: github.ref_name == 'release-test-github' || github.ref_name ==
'release-test-full'
with:
- files: dist/*.tar.gz
+ files: '*.tar.*'
fail_on_unmatched_files: true
draft: true
+ - name: Publish to Test PyPi server
+ if: github.ref_name == 'release-test-pypi' || github.ref_name ==
'release-test-full'
+ uses: pypa/gh-action-pypi-publish@release/v1.13
+ with:
+ packages-dir: .
+ repository-url: https://test.pypi.org/legacy/
+ # attestations are bound in a way re-releasing isn't possible.
Disable for tests.
+ attestations: false
+
build-and-push-docker-image:
if: startsWith(github.ref, 'refs/tags/')
- needs: ["build-and-deploy"]
+ needs: ["publish"]
runs-on: ubuntu-latest
environment: release
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 10ce8c20..7098f0d1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,9 +2,20 @@ name: test
on:
push:
- branches-ignore: [deploy]
+ branches-ignore: [release-test-*]
pull_request:
branches: [master]
+ workflow_call:
+ inputs:
+ release-artifact-id:
+ required: false
+ type: string
+ default: ''
+ description: The artifact-id to run the tests against.
+ disable-format-check:
+ type: string
+ default: ''
+ description: Disable ruff linting and ruff check if it is a non empty
value
jobs:
test:
@@ -36,7 +47,9 @@ jobs:
run: bash --version
- name: Checkout code
- uses: actions/checkout@v4
+ uses: pkgcore/gh-actions/get-source@main
+ with:
+ artifact-id: ${{ inputs.release-artifact-id }}
# experimental targets generally lack lxml wheels
- name: Install libxml2 and libxslt development packages
@@ -89,6 +102,7 @@ jobs:
lint:
runs-on: ubuntu-latest
+ if: inputs.disable-format-check == ''
steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -108,6 +122,7 @@ jobs:
format:
runs-on: ubuntu-latest
+ if: inputs.disable-format-check == ''
steps:
- name: Checkout code
uses: actions/checkout@v4
