Move to a more sane version (like nudge) and build 3.10.2 python

- This also makes changelog a bit more dynamic
macadmins · Feb 10, 2022 · 8fd214b · 8fd214b
1 parent 251cdfb
commit 8fd214b
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 70 deletions.
diff --git a/.github/workflows/build_python_3.9.10.yml → .github/workflows/build_python_3.10.x.yml b/.github/workflows/build_python_3.9.10.yml → .github/workflows/build_python_3.10.x.yml
@@ -5,7 +5,7 @@ env:
   DEV_INSTALLER_ID: "Developer ID Installer: Clever DevOps Co. (9GQZ7KUFR6)"
   DEV_APPLICATION_ID: "Developer ID Application: Clever DevOps Co. (9GQZ7KUFR6)"
   NOTARY_PASS: ${{ secrets.NOTARY_PASS }}
-  PYTHON_VERSION: "3.9.10"
+  PYTHON_VERSION: "3.10.2"
 
 on:
   pull_request:
@@ -18,14 +18,10 @@ jobs:
     runs-on: macos-11.0
 
     steps:
-    - name: Set environment variables
-      id: set_env_var
-      run: |
-         echo "BUILD_DATE=$(/bin/date -u "+%m%d%Y%H%M%S")" >> $GITHUB_ENV
-         echo "BUILD_DATE_RELEASE=$(/bin/date -u "+%B %d %Y %H:%M:%S")" >> $GITHUB_ENV
-
     - name: Checkout python repo
       uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
 
     - name: Install Apple Developer ID Application certificates
       uses: apple-actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071
@@ -45,84 +41,88 @@ jobs:
     - name: Run build package script
       run: ./build_python_framework_pkgs.zsh "$TYPE" "$DEV_INSTALLER_ID" "$DEV_APPLICATION_ID" "$PYTHON_VERSION" "${BUILD_DATE}" "${NOTARY_PASS}"
 
+    - name: get environment variables
+      id: get_env_var
+      run: |
+         echo "PYTHON_BUILD_VERSION=$(/bin/cat ./build_info.txt)" >> $GITHUB_ENV
+
+    - name: Generate changelog
+      id: changelog
+      uses: metcalfc/changelog-generator@e5306b306fa2e34f05258789e0e5c526c1bd4352 # v1.0.0
+      with:
+        myToken: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Create Release
       if: github.ref == 'refs/heads/main'
       id: create_release
       uses: actions/create-release@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        tag_name: v.${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}
-        release_name: Python ${{env.PYTHON_VERSION}} (${{env.BUILD_DATE_RELEASE}})
+        tag_name: v${{env.PYTHON_BUILD_VERSION}}
+        release_name: Python ${{env.PYTHON_BUILD_VERSION}}
         body: |
             # Notes
-            Python 3.9.10 Framework
+            Python ${{env.PYTHON_VERSION}} Framework
 
             ## Changes
-            - Upgraded Python to 3.9.10
-            **Note: Some of these updates have breaking changes. Always test your code before deploying to production!**
-            - Updated the following libraries:
-              - attrs to 21.4.0
-              - black to 22.1.0
-              - certifi to 2021.10.8
-              - cffi to 1.15.0
-              - cfgv to 3.3.1
-              - chardet to 4.0.0
-              - click to 8.0.3
-              - distlib to 0.3.4
-              - filelock to 3.4.2
-              - flake8-bugbear to 22.1.11
-              - flake8 to 4.0.1
-              - identify to 2.4.7
-              - idna to 3.3
-              - importlib-metadata to 4.10.1
-              - isort to 5.10.1
-              - packaging to 21.3
-              - pathspec to 0.9.0
-              - pre-commit to 2.17.0
-              - pycodestyle to 2.8.0
-              - pycparser to 2.21
-              - pyflakes to 2.4.0
-              - pyobjc to 8.2
-              - pyparsing to 3.0.7
-              - PyYAML to 6.0
-              - regex to 2022.1.18
-              - requests to 2.27.1
-              - tokenize-rt to 4.2.0
-              - typed-ast to 1.5.2
-              - urllib3 to 1.26.8
-              - virtualenv to 20.13.0
-              - xattr to 0.9.9
-              - zipp to 3.7.0
+            **Note: Some of these updates have breaking changes. Always test your code before deploying production!**
+            - Library versions:
+              - attrs 21.4.0
+              - black 22.1.0
+              - certifi 2021.10.8
+              - cffi 1.15.0
+              - cfgv 3.3.1
+              - chardet 4.0.0
+              - click 8.0.3
+              - distlib 0.3.4
+              - filelock 3.4.2
+              - flake8-bugbear 22.1.11
+              - flake8 4.0.1
+              - identify 2.4.7
+              - idna 3.3
+              - importlib-metadata 4.10.1
+              - isort 5.10.1
+              - packaging 21.3
+              - pathspec 0.9.0
+              - pre-commit 2.17.0
+              - pycodestyle 2.8.0
+              - pycparser 2.21
+              - pyflakes 2.4.0
+              - pyobjc 8.2
+              - pyparsing 3.0.7
+              - PyYAML 6.0
+              - regex 2022.1.18
+              - requests 2.27.1
+              - tokenize-rt 4.2.0
+              - typed-ast 1.5.2
+              - urllib3 1.26.8
+              - virtualenv 20.13.0
+              - xattr 0.9.9
+              - zipp 3.7.0
+            
+            ${{ steps.changelog.outputs.changelog }}
 
             # Flavors of Python
             At this time, the automated build process will **only** create the Recommended package
 
             ## Recommended
             This is a Python.framework that contains everything from minimal, and a few libraries that various well known open source projects require.
+
+            ## Signing/Notarization
+            The signed package is fully notarized, including the Python.framework file
         draft: false
         prerelease: true
 
-    - name: Upload Unsigned Package Release Asset
-      if: github.ref == 'refs/heads/main'
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: ./outputs/python_${{env.TYPE}}-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.pkg
-        asset_name: python_${{env.TYPE}}-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.pkg
-        asset_content_type: application/x-newton-compatible-pkg
-
     - name: Upload Signed Package Release Asset
       if: github.ref == 'refs/heads/main'
       uses: actions/upload-release-asset@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: ./outputs/python_${{env.TYPE}}_signed-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.pkg
-        asset_name: python_${{env.TYPE}}_signed-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.pkg
+        asset_path: ./outputs/python_${{env.TYPE}}_signed-${{env.PYTHON_BUILD_VERSION}}.pkg
+        asset_name: python_${{env.TYPE}}_signed-${{env.PYTHON_BUILD_VERSION}}.pkg
         asset_content_type: application/x-newton-compatible-pkg
 
     - name: Upload Python Framework Release Asset
@@ -132,8 +132,8 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: ./outputs/Python3.framework_${{env.TYPE}}-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.zip
-        asset_name: Python3.framework_${{env.TYPE}}-${{env.PYTHON_VERSION}}.${{env.BUILD_DATE}}.zip
+        asset_path: ./outputs/Python3.framework_${{env.TYPE}}-${{env.PYTHON_BUILD_VERSION}}.zip
+        asset_name: Python3.framework_${{env.TYPE}}-${{env.PYTHON_BUILD_VERSION}}.zip
         asset_content_type: application/zip
 
     - name: Upload packages

diff --git a/build_python_framework_pkgs.zsh b/build_python_framework_pkgs.zsh
@@ -21,6 +21,7 @@ PIPCACHEDIR="/Users/${CONSOLEUSER}/Library/Caches/pip"
 XCODE_PATH="/Applications/Xcode_13.2.1.app"
 XCODE_NOTARY_PATH="$XCODE_PATH/Contents/Developer/usr/bin/notarytool"
 XCODE_STAPLER_PATH="$XCODE_PATH/Contents/Developer/usr/bin/stapler"
+NEWSUBBUILD=$((80620 + $(git rev-parse HEAD~0 | xargs -I{} git rev-list --count {})))
 
 # Sanity Checks
 ## Type Check
@@ -54,10 +55,14 @@ fi
 if [ -n "$4" ]; then
   PYTHON_VERSION=$4
 else
-  PYTHON_VERSION=3.9.10
+  PYTHON_VERSION=3.10.2
 fi
 # Set python bin version based on PYTHON_VERSION
 PYTHON_BIN_VERSION="${PYTHON_VERSION%.*}"
+AUTOMATED_PYTHON_BUILD="$PYTHON_VERSION.$NEWSUBBUILD"
+
+# Create files to use for build process info
+echo "$AUTOMATED_PYTHON_BUILD" > $TOOLSDIR/build_info.txt
 
 if [ -n "$5" ]; then
   DATE=$5
@@ -224,15 +229,15 @@ fi
   "identifier": "org.macadmins.python.$TYPE",
   "postinstall_action": "none",
   "distribution_style": true,
-  "version": "$PYTHON_VERSION.$DATE",
-  "name": "python_$TYPE-$PYTHON_VERSION.$DATE.pkg",
+  "version": "$AUTOMATED_PYTHON_BUILD",
+  "name": "python_$TYPE-$AUTOMATED_PYTHON_BUILD.pkg",
   "install_location": "/"
 }
 JSONFILE
 # Create the unsigned pkg
 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$TOOLSDIR/$TYPE"
 # Move the unsigned pkg
-/bin/mv "$TOOLSDIR/$TYPE/build/python_$TYPE-$PYTHON_VERSION.$DATE.pkg" "$OUTPUTSDIR"
+/bin/mv "$TOOLSDIR/$TYPE/build/python_$TYPE-$AUTOMATED_PYTHON_BUILD.pkg" "$OUTPUTSDIR"
 
 if [ -n "$2" ]; then
   # Create the json file for munki-pkg (signed)
@@ -243,8 +248,8 @@ if [ -n "$2" ]; then
     "identifier": "org.macadmins.python.$TYPE",
     "postinstall_action": "none",
     "distribution_style": true,
-    "version": "$PYTHON_VERSION.$DATE",
-    "name": "python_${TYPE}_signed-$PYTHON_VERSION.$DATE.pkg",
+    "version": "$AUTOMATED_PYTHON_BUILD",
+    "name": "python_${TYPE}_signed-$AUTOMATED_PYTHON_BUILD.pkg",
     "install_location": "/",
     "preserve_xattr": true,
     "signing_info": {
@@ -263,18 +268,18 @@ SIGNED_JSONFILE
       # Notarize and staple the package
       $XCODE_NOTARY_PATH store-credentials --apple-id "macadmins@cleverdevops.com" --team-id "9GQZ7KUFR6" --password "$NOTARY_PASS" macadminpython
       # If these fail, it will bail on the entire process
-      $XCODE_NOTARY_PATH submit "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$PYTHON_VERSION.$DATE.pkg" --keychain-profile "macadminpython" --wait
-      $XCODE_STAPLER_PATH staple "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$PYTHON_VERSION.$DATE.pkg"
+      $XCODE_NOTARY_PATH submit "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$AUTOMATED_PYTHON_BUILD.pkg" --keychain-profile "macadminpython" --wait
+      $XCODE_STAPLER_PATH staple "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$AUTOMATED_PYTHON_BUILD.pkg"
     fi
     # Move the signed + notarized pkg
-    /bin/mv "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$PYTHON_VERSION.$DATE.pkg" "$OUTPUTSDIR"
+    /bin/mv "$TOOLSDIR/$TYPE/build/python_${TYPE}_signed-$AUTOMATED_PYTHON_BUILD.pkg" "$OUTPUTSDIR"
   fi
 else
   echo "no signing identity passed, skipping signed package creation"
 fi
 
 # Zip and move the framework
-ZIPFILE="Python3.framework_$TYPE-$PYTHON_VERSION.$DATE.zip"
+ZIPFILE="Python3.framework_$TYPE-$AUTOMATED_PYTHON_BUILD.zip"
 /usr/bin/ditto -c -k --sequesterRsrc "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}/" ${ZIPFILE}
 /bin/mv ${ZIPFILE} "$OUTPUTSDIR"