-
Notifications
You must be signed in to change notification settings - Fork 1
203 lines (178 loc) · 7.28 KB
/
preview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# This is a workflow for previewing packages. It can be used for testing before a release to the "production" systems.
# It will automatically create developmental release builds and make them available for all pushes to `main`. There is
# also an ability to manually trigger this workflow, with additional options to (1) publish the package to TestPyPI and
# (2) build, test, and make available a Windows standalone binary.
---
name: Preview
on:
# Allow running this workflow manually from the Actions tab
workflow_dispatch:
inputs:
TestPyPI:
description: "Publish to TestPyPI"
type: boolean
required: true
default: false
CompileWindows:
description: "Create Windows binary"
type: boolean
required: true
default: true
push:
branches:
- main
env:
PYTHON_VERSION: "3.13"
POETRY_VERSION: "1.8.5"
jobs:
publish_preview:
name: Build and Publish for Preview
runs-on: ubuntu-latest
defaults:
run:
shell: bash
outputs:
next_ver: ${{ steps.dev_ver.outputs.next_ver }}
steps:
- name: Checkout the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# `python-semantic-release` needs full history to properly determine the next release version
fetch-depth: 0
- name: Install poetry
run: pipx install poetry==${{ env.POETRY_VERSION }}
- name: Configure poetry
run: |
poetry config virtualenvs.in-project true
poetry config repositories.testpypi https://test.pypi.org/legacy/
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ env.PYTHON_VERSION }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with test,ci
- name: Make developmental release version
id: dev_ver
# poetry version rules do not provide for developmental releases as specified in PEP440.
# It can be pieced together with these commands.
run: |
curr_ver=$(poetry version --short)
next_ver=$(poetry run semantic-release -v version --print)
if [ "${curr_ver}" = "${next_ver}" ]; then
next_ver=$(poetry run semantic-release -v version --print --patch)
fi
echo "next_ver=${next_ver}" >> "${GITHUB_OUTPUT}"
poetry version "${next_ver}.dev${GITHUB_RUN_NUMBER}"
- name: Run tox via poetry
run: poetry run tox
- name: Build wheel and source distribution
run: poetry build -vvv
- name: Upload build artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: dist
path: ./dist/
if-no-files-found: error
- name: Publish to TestPyPI
if: inputs.TestPyPI
run: poetry publish --repository testpypi --username __token__ --password ${{ secrets.TESTPYPI_API_TOKEN }}
build_windows:
name: Build Windows ${{ matrix.name }} binary
if: inputs.CompileWindows
needs: publish_preview
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
include:
- name: standalone
options: --standalone --remove-output
binary: ./build/cli.dist/phylum-ci.exe
artifact: ./phylum-ci.zip
- name: onefile
options: --onefile --onefile-tempdir-spec="{CACHE_DIR}/{PRODUCT}/{VERSION}"
binary: ./build/phylum-ci.exe
artifact: ./build/phylum-ci.exe
steps:
- name: Checkout the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Nuitka needs the packaged form and not the editable install Poetry provides
# Ref: https://github.com/Nuitka/Nuitka/issues/2965
- name: Download build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install poetry
run: pipx install --python ${{ env.PYTHON_VERSION }} poetry==${{ env.POETRY_VERSION }}
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Install the project with poetry
run: |
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with compile
poetry run python -m pip install --find-links dist --no-index phylum
- name: Compile binary with Nuitka
env:
PREVIEW_VER: ${{ needs.publish_preview.outputs.next_ver }}
run: |
poetry run python -m nuitka `
${{ matrix.options }} `
--output-dir=build `
--output-filename="phylum-ci.exe" `
--include-package=phylum `
--include-package-data=phylum `
--include-distribution-metadata=phylum `
--product-name=phylum-ci `
--product-version=${env:PREVIEW_VER} `
--file-version=${env:GITHUB_RUN_NUMBER} `
--company-name="Phylum, Inc." `
--copyright="Copyright (C) 2024 Phylum, Inc." `
--file-description="Analyze dependencies in CI with Phylum" `
--windows-icon-from-ico="docs/img/favicon.ico" `
--warn-implicit-exceptions `
--warn-unusual-code `
--assume-yes-for-downloads `
--report=nuitka-compilation-report.xml `
--deployment `
src/phylum/ci/cli.py
# Create the archive here because the confirmation step adds files to the source path
- name: Create standalone zip archive
if: matrix.name == 'standalone'
run: Compress-Archive -Path ./build/cli.dist/* -DestinationPath ${{ matrix.artifact }}
- name: Confirm operation of binary
env:
PHYLUM_API_KEY: ${{ secrets.PHYLUM_TOKEN }}
PHYLUM_BYPASS_CI_DETECTION: true
run: |
${{ matrix.binary }} -h
${{ matrix.binary }} -vvaf
- name: Upload ${{ matrix.name }} artifact
if: always()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: phylum-ci-${{ matrix.name }}
path: ${{ matrix.artifact }}
if-no-files-found: error
- name: Upload compilation report
if: always()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: nuitka-compilation-report-${{ matrix.name }}
path: ./nuitka-compilation-report.xml
if-no-files-found: warn
# Nuitka will create a crash report with a static name when there are failures
- name: Upload crash report
if: always()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: nuitka-crash-report-${{ matrix.name }}
path: ./nuitka-crash-report.xml
if-no-files-found: ignore