From 1240c127a915e8087653750c95222cafc0932a0f Mon Sep 17 00:00:00 2001 From: Randy Syring Date: Wed, 6 Aug 2025 16:46:50 -0400 Subject: [PATCH] Fix CI and pypi publishing --- .github/workflows/nox.yaml | 189 +++++++++++++++++++++--------------- .github/workflows/pypi.yaml | 45 --------- env-config.yaml | 5 +- mise.toml | 8 ++ 4 files changed, 125 insertions(+), 122 deletions(-) delete mode 100644 .github/workflows/pypi.yaml diff --git a/.github/workflows/nox.yaml b/.github/workflows/nox.yaml index 8b50e81..3080c47 100644 --- a/.github/workflows/nox.yaml +++ b/.github/workflows/nox.yaml @@ -9,6 +9,7 @@ on: pull_request: workflow_dispatch: + # Limit this workflow to a single run at a time per-branch to avoid wasting worker resources concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -26,31 +27,31 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # - uses: ./.github/actions/uv-setup + - uses: ./.github/actions/uv-setup - # - id: nox-sessions - # run: | - # sessions=$(uv run --only-group nox -- tasks/gh-nox-sessions) - # echo "sessions=$sessions" >> $GITHUB_OUTPUT - # env: - # PYTHONPATH: './src' + - id: nox-sessions + run: | + sessions=$(uv run --only-group nox -- tasks/gh-nox-sessions) + echo "sessions=$sessions" >> $GITHUB_OUTPUT + env: + PYTHONPATH: './src' - # nox-other: - # needs: generate-matrix - # runs-on: ubuntu-24.04 + nox-other: + needs: generate-matrix + runs-on: ubuntu-24.04 - # strategy: - # fail-fast: false - # matrix: - # session: ${{ fromJson(needs.generate-matrix.outputs.nox-sessions).other }} + strategy: + fail-fast: false + matrix: + session: ${{ fromJson(needs.generate-matrix.outputs.nox-sessions).other }} - # steps: - # - name: Checkout - # uses: actions/checkout@v4 + steps: + - name: Checkout + uses: actions/checkout@v4 - # - uses: ./.github/actions/nox-run - # with: - # nox-session: ${{ matrix.session }} + - uses: ./.github/actions/nox-run + with: + nox-session: ${{ matrix.session }} nox-pg: @@ -84,59 +85,95 @@ jobs: nox-session: ${{ matrix.session }} - # nox-mssql: - # needs: generate-matrix - # runs-on: ubuntu-24.04 - - # strategy: - # fail-fast: false - # matrix: - # session: ${{ fromJson(needs.generate-matrix.outputs.nox-sessions).mssql }} - - # services: - # mssql: - # image: mcr.microsoft.com/mssql/server:2019-latest - # env: - # ACCEPT_EULA: Y - # SA_PASSWORD: Docker-sa-password - # ports: - # - 1433:1433 - # options: >- - # --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P Docker-sa-password -Q \"select 'ok'\"" - # --health-interval=3s - # --health-timeout=3s - # --health-retries=15 - - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - - # - uses: ./.github/actions/nox-run - # with: - # nox-session: ${{ matrix.session }} - - - # codecov: - # needs: [nox-other, nox-pg, nox-mssql] - # runs-on: ubuntu-latest - - # permissions: - # id-token: write # For codecov OIDC - - # steps: - # # Codecov action says we have to have done a checkout - # - name: Checkout - # uses: actions/checkout@v4 - - # - uses: actions/download-artifact@v5 - # with: - # path: ci/github-coverage - # merge-multiple: true - - # - name: Coverage files - # run: ls -R ci/ - - # - uses: codecov/codecov-action@v5 - # with: - # use_oidc: true - # files: ci/github-coverage/*.xml + nox-mssql: + needs: generate-matrix + runs-on: ubuntu-24.04 + + strategy: + fail-fast: false + matrix: + session: ${{ fromJson(needs.generate-matrix.outputs.nox-sessions).mssql }} + + services: + mssql: + image: mcr.microsoft.com/mssql/server:2019-latest + env: + ACCEPT_EULA: Y + SA_PASSWORD: Docker-sa-password + ports: + - 1433:1433 + options: >- + --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P Docker-sa-password -Q \"select 'ok'\"" + --health-interval=3s + --health-timeout=3s + --health-retries=15 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: ./.github/actions/nox-run + with: + nox-session: ${{ matrix.session }} + + + codecov: + needs: [nox-other, nox-pg, nox-mssql] + runs-on: ubuntu-latest + + permissions: + id-token: write # For codecov OIDC + + steps: + # Codecov action says we have to have done a checkout + - name: Checkout + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v5 + with: + path: ci/github-coverage + merge-multiple: true + + - name: Coverage files + run: ls -R ci/ + + - uses: codecov/codecov-action@v5 + with: + use_oidc: true + files: ci/github-coverage/*.xml + + pypi-publish: + needs: [nox-other, nox-pg, nox-mssql] + runs-on: ubuntu-latest + + env: + upload-url: ${{ startsWith(github.ref, 'refs/tags/v') && 'https://upload.pypi.org/legacy/' || 'https://test.pypi.org/legacy/' }} + + permissions: + # required for pypa/gh-action-pypi-publish + id-token: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: ./.github/actions/uv-setup + + - name: Hatch build + run: | + uv run --only-group release -- hatch --version + uv run --only-group release -- hatch build + + - name: Uploading to + run: echo ${{ env.upload-url }} + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: tmp/dist + repository-url: ${{ env.upload-url }} + # If it's not a version tag, we only care that the publish step runs ok. We don't + # (currently) care that the artifact uploaded to the test repo will keep matching the + # source code in the PR. Without this, we'd have to come up with a way to modify the + # version for each CI publish, which is unneeded complexity. + skip-existing: ${{ !startsWith(github.ref, 'refs/tags/v') }} diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml deleted file mode 100644 index bf6bdc8..0000000 --- a/.github/workflows/pypi.yaml +++ /dev/null @@ -1,45 +0,0 @@ -name: PyPI publish - -on: - workflow_run: - workflows: - - Nox - types: - - completed - -# Limit this workflow to a single run at a time per-branch to avoid wasting worker resources -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - -jobs: - build: - name: Build project then publish to pypi - runs-on: ubuntu-latest - - # Only run when the nox run is a success and we have a version tag - if: github.event.workflow_run.conclusion == 'success' - - env: - PYPI_URL: ${{ github.event_name == 'pull_request' && 'https://test.pypi.org/legacy/' || 'https://upload.pypi.org/legacy/' }} - - permissions: - # required for pypa/gh-action-pypi-publish - id-token: write - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: ./.github/actions/uv-setup - - - name: Hatch build - run: | - uv run --only-group release -- hatch --version - uv run --only-group release -- hatch build - - - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - packages-dir: tmp/dist diff --git a/env-config.yaml b/env-config.yaml index 2567aa4..a16eabd 100644 --- a/env-config.yaml +++ b/env-config.yaml @@ -1,4 +1,7 @@ profile: pypi: HATCH_INDEX_USER: '__token__' - HATCH_INDEX_AUTH: 'op://private/pypi.python.org/api-token' + HATCH_INDEX_AUTH: 'op://my/private/pypi.org/api-token' + test-pypi: + HATCH_INDEX_USER: '__token__' + HATCH_INDEX_AUTH: 'op://my/private/test.pypi.org/api-token' diff --git a/mise.toml b/mise.toml index 530c63f..b542262 100644 --- a/mise.toml +++ b/mise.toml @@ -42,3 +42,11 @@ description = 'Check the mssql service from our host' run = ''' /opt/mssql-tools18/bin/sqlcmd -C -S 127.0.0.1 -U sa -P Docker-sa-password -Q "select 'connected' as status" ''' + + +[tasks.publish-test] +description = 'Publish to test.pypi.org' +run = [ + 'hatch build --clean', + 'hatch publish -r test tmp/dist/', +]