From 399d417765d71c738f6878d1ed6a653e31701e72 Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Tue, 30 Jul 2024 13:56:08 -0400 Subject: [PATCH 1/5] Change authors to maintainers The metadata "dict-like" syntax from PyPA documentation is not currently accepted by Poetry. Poetry requires the authors field be defined. References: * https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#authors-maintainers Signed-off-by: Alex Nelson --- pyproject.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 3e80eab..c540589 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -3,6 +3,8 @@ name = "case-mapping" version = "0.1.0" description = "Classes to support representation of the CASE Cyber Ontology" authors = [ +] +maintainers = [ "Cyber Domain Ontology Maintainers " ] license = "Apache-2.0" From 04f35a8eb69db74888ee4168a60c323939d3ddb3 Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Tue, 30 Jul 2024 13:56:50 -0400 Subject: [PATCH 2/5] Update workflow to use PyPI Trusted Publisher framework References: * https://docs.pypi.org/trusted-publishers/using-a-publisher/ * https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds Signed-off-by: Alex Nelson --- .github/workflows/ci.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a2e7ef..e07811a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,9 +58,13 @@ jobs: run: | poetry build - # Only push to PyPi when a tag is created starting with 'v' + pypi-publish: + needs: build + environment: release + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + # https://docs.pypi.org/trusted-publishers/using-a-publisher/ + id-token: write + steps: - name: Push to PyPi - if: startsWith(github.ref, 'refs/tags/v') - run: | - poetry config pypi-token.pypi ${{ secrets.PYPI_TOKEN }} - poetry publish + uses: pypa/gh-action-pypi-publish@release/v1 From 431f09877554aa915eab768f20ee897ffe89a626 Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Tue, 30 Jul 2024 14:05:10 -0400 Subject: [PATCH 3/5] Update workflow to use PyPI Trusted Publisher framework (2nd try) References: * https://docs.pypi.org/trusted-publishers/using-a-publisher/ Signed-off-by: Alex Nelson --- .github/workflows/ci.yml | 11 ----------- .github/workflows/publish.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e07811a..c753d46 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,14 +57,3 @@ jobs: - name: Build Package run: | poetry build - - pypi-publish: - needs: build - environment: release - permissions: - # IMPORTANT: this permission is mandatory for trusted publishing - # https://docs.pypi.org/trusted-publishers/using-a-publisher/ - id-token: write - steps: - - name: Push to PyPi - uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..e34d18f --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,31 @@ +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +# This file was started from template code from: +# https://docs.pypi.org/trusted-publishers/using-a-publisher/ + +name: Publish + +jobs: + pypi-publish: + name: Upload release to PyPI + runs-on: ubuntu-latest + environment: release + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + # https://docs.pypi.org/trusted-publishers/using-a-publisher/ + id-token: write + steps: + - name: Push to PyPi + uses: pypa/gh-action-pypi-publish@release/v1 From f557e5278caecd2b15241385d282a9e6beba81de Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Tue, 30 Jul 2024 14:10:39 -0400 Subject: [PATCH 4/5] Add publishing workflow trigger References: * https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release Signed-off-by: Alex Nelson --- .github/workflows/publish.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e34d18f..6d1d1b7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -17,6 +17,10 @@ name: Publish +on: + release: + types: [released] + jobs: pypi-publish: name: Upload release to PyPI From 3be58778d510ff217f4cb7a055b8c9c0ce20063b Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Tue, 30 Jul 2024 14:12:58 -0400 Subject: [PATCH 5/5] Bump Action versions Done on seeing warnings in the last action run log. Signed-off-by: Alex Nelson --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c753d46..9281610 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,10 +15,10 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }}