Upgrade Codecov upload method (#68)

* Upgrade upload method Signed-off-by: Conor MacBride <conor@macbride.me> Use Powershell for Windows Signed-off-by: Conor MacBride <conor@macbride.me> Update CODECOV_TOKEN variable Signed-off-by: Conor MacBride <conor@macbride.me> Access CODECOV_TOKEN as env var Signed-off-by: Conor MacBride <conor@macbride.me> Remove check for no token Signed-off-by: Conor MacBride <conor@macbride.me> Add original token check template exp Signed-off-by: Conor MacBride <conor@macbride.me> * Add integrity check Signed-off-by: Conor MacBride <conor@macbride.me> * Ensure signature is verified before running Signed-off-by: Conor MacBride <conor@macbride.me> * Docker codecov uploads Signed-off-by: Conor MacBride <conor@macbride.me> * Update run-tox-env.yml * Attempt using a nicer name for the codecov upload * Fix wheel test * bump rtd * More arguments with rtd Co-authored-by: Stuart Mumford <stuart@cadair.com>
OpenAstronomy · Oct 28, 2021 · 9d1e97f · 9d1e97f
1 parent e7768fe
commit 9d1e97f
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 12 deletions.
diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -1,9 +1,13 @@
 version: 2
 
 build:
-  image: latest
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
 
-python:
-  version: 3.7
+sphinx:
+  configuration: docs/conf.py
 
-formats: []
+python:
+  install:
+    - requirements: docs/requirements.txt
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -1,5 +1,6 @@
 variables:
   CIBW_BUILD: cp38-*
+  CIBW_SKIP: "*-musl*"
   CIBW_BEFORE_BUILD_LINUX: "yum -y install fftw-devel; git clean -xfd -e wheelhouse"
   CIBW_BEFORE_BUILD_MACOS: "brew install fftw; git clean -xfd -e wheelhouse"
 

diff --git a/docs/requirements.txt b/docs/requirements.txt
@@ -0,0 +1 @@
+sphinx>=4
diff --git a/run-tox-env.yml b/run-tox-env.yml
@@ -188,15 +188,48 @@ jobs:
                 CONDA_BUILD_SYSROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk
 
         - ${{ if eq(coalesce(env['coverage'], parameters.coverage), 'codecov') }}:
-          - task: Bash@3
-            inputs:
-              targetType: 'inline'
-              script: bash <(curl -s https://codecov.io/bash)
-            displayName: Running codecov
-            condition: succeededOrFailed()
-            ${{ if ne(variables.CODECOV_TOKEN, '') }}:
+          - ${{ if or(eq(env_pair.key, 'macos'), startsWith(env_pair.key, 'linux'), eq(env_pair.key, 'manylinux')) }}:
+            - task: Bash@3
+              inputs:
+                targetType: 'inline'
+                script: |
+                  curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import
+                  curl -Os https://uploader.codecov.io/latest/${OSNAME}/codecov
+                  curl -Os https://uploader.codecov.io/latest/${OSNAME}/codecov.SHA256SUM
+                  curl -Os https://uploader.codecov.io/latest/${OSNAME}/codecov.SHA256SUM.sig
+                  # chain all the following commands so the task exits if any fail
+                  gpgv codecov.SHA256SUM.sig codecov.SHA256SUM && \
+                  shasum -a 256 -c codecov.SHA256SUM && \
+                  chmod +x codecov && \
+                  ./codecov -n ${{ variables['friendly_name'] }}
+              displayName: Running codecov
+              condition: succeededOrFailed()
               env:
-                CODECOV_TOKEN: $(CODECOV_TOKEN)
+                ${{ if eq(env_pair.key, 'macos') }}:
+                  OSNAME: macos
+                ${{ if or(startsWith(env_pair.key, 'linux'), eq(env_pair.key, 'manylinux')) }}:
+                  OSNAME: linux
+                ${{ if ne(variables.CODECOV_TOKEN, '') }}:
+                  CODECOV_TOKEN: $(CODECOV_TOKEN)
+          - ${{ if eq(env_pair.key, 'windows') }}:
+            - task: PowerShell@2
+              inputs:
+                targetType: 'inline'
+                script: |
+                  $ProgressPreference = 'SilentlyContinue'
+                  Invoke-WebRequest -Uri https://keybase.io/codecovsecurity/pgp_keys.asc -OutFile codecov.asc
+                  gpg.exe --import codecov.asc
+                  Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe
+                  Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe.SHA256SUM -Outfile codecov.exe.SHA256SUM
+                  Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe.SHA256SUM.sig -Outfile codecov.exe.SHA256SUM.sig
+                  gpg.exe --verify codecov.exe.SHA256SUM.sig codecov.exe.SHA256SUM
+                  If ($(Compare-Object -ReferenceObject  $(($(certUtil -hashfile codecov.exe SHA256)[1], "codecov.exe") -join "  ") -DifferenceObject $(Get-Content codecov.exe.SHA256SUM)).length -eq 0) { .\codecov.exe -n ${{ variables['friendly_name'] }} } Else {exit 1}
+                errorActionPreference: 'stop'
+              displayName: Running codecov
+              condition: succeededOrFailed()
+              ${{ if ne(variables.CODECOV_TOKEN, '') }}:
+                env:
+                  CODECOV_TOKEN: $(CODECOV_TOKEN)
 
         - ${{ if eq(variables['pytest'], 'true') }}:
           - task: PublishTestResults@2