-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Add GH action and release please support
- Loading branch information
Showing
10 changed files
with
270 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
name: Build Documentation | ||
description: 'Build Documentation.' | ||
|
||
runs: | ||
using: composite | ||
steps: | ||
- name: Build Documentation | ||
shell: bash | ||
run: make docs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Build distribution files | ||
description: 'Build distribution files' | ||
outputs: | ||
package-hashes: | ||
description: "base64-encoded sha256 hashes of distribution files" | ||
value: ${{ steps.package-hashes.outputs.package-hashes }} | ||
|
||
runs: | ||
using: composite | ||
steps: | ||
- name: Build distribution files | ||
shell: bash | ||
run: poetry build | ||
- name: Hash build files for provenance | ||
id: package-hashes | ||
shell: bash | ||
working-directory: ./dist | ||
run: | | ||
echo "package-hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: Publish Package | ||
description: 'Publish the package to PyPI' | ||
inputs: | ||
token: | ||
description: 'Token to use for publishing.' | ||
required: true | ||
dry_run: | ||
description: 'Is this a dry run. If so no package will be published.' | ||
required: true | ||
|
||
runs: | ||
using: composite | ||
steps: | ||
- name: Publish package distributions to PyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
if: ${{ inputs.dry_run == 'false' }} | ||
with: | ||
password: ${{inputs.token}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
name: Quality control checks | ||
|
||
on: | ||
push: | ||
branches: [ main, 'feat/**' ] | ||
paths-ignore: | ||
- '**.md' # Do not need to run CI for markdown changes. | ||
pull_request: | ||
branches: [ main, 'feat/**' ] | ||
paths-ignore: | ||
- '**.md' | ||
|
||
jobs: | ||
linux: | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
matrix: | ||
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
|
||
- name: Install poetry | ||
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | ||
|
||
- uses: ./.github/actions/build | ||
- uses: ./.github/actions/build-docs | ||
|
||
- name: Run tests | ||
run: make test | ||
|
||
- name: Verify typehints | ||
run: make lint | ||
|
||
windows: | ||
runs-on: windows-latest | ||
|
||
defaults: | ||
run: | ||
shell: powershell | ||
|
||
strategy: | ||
matrix: | ||
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
|
||
- name: Install poetry | ||
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | ||
|
||
- name: Install requirements | ||
run: poetry install | ||
|
||
- name: Run tests | ||
run: make test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Lint PR title | ||
|
||
on: | ||
pull_request_target: | ||
types: | ||
- opened | ||
- edited | ||
- synchronize | ||
|
||
jobs: | ||
lint-pr-title: | ||
uses: launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Publish Package | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
dry_run: | ||
description: 'Is this a dry run? If so no package will be published.' | ||
type: boolean | ||
required: true | ||
|
||
jobs: | ||
build-publish: | ||
runs-on: ubuntu-latest | ||
# Needed to get tokens during publishing. | ||
permissions: | ||
id-token: write | ||
contents: read | ||
outputs: | ||
package-hashes: ${{ steps.build.outputs.package-hashes}} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: actions/setup-python@v4 | ||
with: | ||
python-version: 3.8 | ||
|
||
- name: Install poetry | ||
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | ||
|
||
- uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0 | ||
name: 'Get PyPI token' | ||
with: | ||
aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN' | ||
|
||
- uses: ./.github/actions/build | ||
id: build | ||
|
||
- uses: ./.github/actions/publish | ||
with: | ||
token: ${{env.PYPI_AUTH_TOKEN}} | ||
dry_run: ${{ inputs.dry_run }} | ||
|
||
release-provenance: | ||
needs: [ 'build-publish' ] | ||
permissions: | ||
actions: read | ||
id-token: write | ||
contents: write | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 | ||
with: | ||
base64-subjects: "${{ needs.build-publish.outputs.package-hashes }}" | ||
upload-assets: ${{ !inputs.dry_run }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
name: Run Release Please | ||
|
||
on: | ||
push: | ||
branches: [ main ] | ||
|
||
jobs: | ||
release-package: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
id-token: write # Needed if using OIDC to get release secrets. | ||
contents: write # Contents and pull-requests are for release-please to make releases. | ||
pull-requests: write | ||
outputs: | ||
release-created: ${{ steps.release.outputs.release_created }} | ||
upload-tag-name: ${{ steps.release.outputs.tag_name }} | ||
package-hashes: ${{ steps.build.outputs.package-hashes}} | ||
steps: | ||
- uses: google-github-actions/release-please-action@v3 | ||
id: release | ||
with: | ||
command: manifest | ||
token: ${{secrets.GITHUB_TOKEN}} | ||
default-branch: main | ||
|
||
- uses: actions/checkout@v4 | ||
if: ${{ steps.release.outputs.releases_created }} | ||
with: | ||
fetch-depth: 0 # If you only need the current version keep this. | ||
|
||
- uses: actions/setup-python@v4 | ||
if: ${{ steps.release.outputs.releases_created }} | ||
with: | ||
python-version: 3.8 | ||
|
||
- name: Install poetry | ||
if: ${{ steps.release.outputs.releases_created }} | ||
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | ||
|
||
- uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0 | ||
if: ${{ steps.release.outputs.releases_created }} | ||
name: 'Get PyPI token' | ||
with: | ||
aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN' | ||
|
||
- uses: ./.github/actions/build | ||
id: build | ||
if: ${{ steps.release.outputs.releases_created }} | ||
|
||
- uses: ./.github/actions/build-docs | ||
if: ${{ steps.release.outputs.releases_created }} | ||
|
||
- uses: ./.github/actions/publish | ||
if: ${{ steps.release.outputs.releases_created }} | ||
with: | ||
token: ${{env.PYPI_AUTH_TOKEN}} | ||
dry_run: false | ||
|
||
release-provenance: | ||
needs: [ 'release-package' ] | ||
if: ${{ needs.release-package.outputs.release-created }} | ||
permissions: | ||
actions: read | ||
id-token: write | ||
contents: write | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 | ||
with: | ||
base64-subjects: "${{ needs.release-package.outputs.package-hashes }}" | ||
upload-assets: true | ||
upload-tag-name: ${{ needs.release-package.outputs.upload-tag-name }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
name: 'Close stale issues and PRs' | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
# Happen once per day at 1:30 AM | ||
- cron: '30 1 * * *' | ||
|
||
jobs: | ||
sdk-close-stale: | ||
uses: launchdarkly/gh-actions/.github/workflows/sdk-stale.yml@main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
".": "0.0.0" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"packages": { | ||
".": { | ||
"release-type": "python", | ||
"versioning": "default", | ||
"include-v-in-tag": false, | ||
"extra-files": ["ldotel/__init__.py", "PROVENANCE.md"], | ||
"include-component-in-tag": false | ||
} | ||
} | ||
} |