From c9d032c9b0f8ece605d4036c40cbef5057b61604 Mon Sep 17 00:00:00 2001 From: PabloLec Date: Fri, 4 Jun 2021 17:05:27 +0200 Subject: [PATCH 01/13] Debug repo selection --- entrypoint.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index e1a28e8..3378f2a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,13 +2,13 @@ set -o errexit -o pipefail -o nounset -GITHUB_REPO=$INPUT_GITHUB_REPO -UPLOAD_REPO=$INPUT_UPLOAD_REPO -TWINE_USERNAME=$INPUT_TWINE_USERNAME -TWINE_PASSWORD=$INPUT_TWINE_PASSWORD -VERIFY_METADATA=$INPUT_VERIFY_METADATA -SKIP_EXISTING=$INPUT_SKIP_EXISTING -VERBOSE=$INPUT_VERBOSE +GITHUB_REPO=${INPUT_GITHUB_REPO} +UPLOAD_REPO=${INPUT_UPLOAD_REPO:-} +TWINE_USERNAME=${INPUT_TWINE_USERNAME} +TWINE_PASSWORD=${INPUT_TWINE_PASSWORD} +VERIFY_METADATA=${INPUT_VERIFY_METADATA} +SKIP_EXISTING=${INPUT_SKIP_EXISTING} +VERBOSE=${INPUT_VERBOSE} REPO_NAME=$(cut -d "/" -f2 <<< ${GITHUB_REPO}) From 4da86aa06986075c488a4685e4fa0c8d10774bce Mon Sep 17 00:00:00 2001 From: PabloLec Date: Fri, 4 Jun 2021 17:10:42 +0200 Subject: [PATCH 02/13] Debug repo selection --- entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 3378f2a..112deea 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -42,6 +42,8 @@ python setup.py sdist bdist_wheel echo "---------------- PUBLISH PACKAGE ----------------" +EXTRA_ARGS= + if [[ -z "${UPLOAD_REPO}" ]]; then EXTRA_ARGS="--repository-url ${UPLOAD_REPO} ${EXTRA_ARGS}" echo "-------- Using repository: ${UPLOAD_REPO}" @@ -51,7 +53,6 @@ if [[ ${VERIFY_METADATA} != "false" ]] ; then twine check dist/* fi -EXTRA_ARGS= if [[ ${SKIP_EXISTING} != "false" ]] ; then EXTRA_ARGS=--skip-existing fi From 068c3b082462a069ffb23daf5a7f0161dcc8c36d Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:31:41 +0200 Subject: [PATCH 03/13] Add instructions to README and example. --- EXAMPLE.yml | 23 +++++++++++++++++ README.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 EXAMPLE.yml diff --git a/EXAMPLE.yml b/EXAMPLE.yml new file mode 100644 index 0000000..2889510 --- /dev/null +++ b/EXAMPLE.yml @@ -0,0 +1,23 @@ +# This file must be in your GitHub repository workflows dir. +# e.g. .github/workflows/release.yml + +name: Upload to PyPI + +# This action will be triggered when you create a new GitHub tag +on: + release: + types: [created] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: pypi-github-sync + uses: PabloLec/pypi-github-sync@v1.0.0 + with: + github_repo: PabloLec/recoverpy # Change these values + twine_username: ${{ secrets.TWINE_USERNAME }} + twine_password: ${{ secrets.TWINE_PASSWORD }} + verify_metadata: true + skip_existing: true + verbose: true diff --git a/README.md b/README.md index 45341ee..d7f6dd0 100644 --- a/README.md +++ b/README.md @@ -1 +1,73 @@ -# pypi-github-sync \ No newline at end of file +# pypi-github-sync [![GitHub release (latest by date)](https://img.shields.io/github/v/release/pablolec/pypi-github-sync)](https://github.com/PabloLec/pypi-github-sync/releases/) [![GitHub](https://img.shields.io/github/license/pablolec/pypi-github-sync)](https://github.com/PabloLec/pypi-github-sync/blob/main/LICENCE) + +This action allows you to upload your Python distribution package to PyPI automatically using latest GitHub version tag as release version. + +## How does it work? + +Running a Docker container, this action will clone your repo, fetch its latest release tag, modify `setup.py`, build and finally push to PyPI. + +It currently only support `setup.py`, see [Contributing](#Contributing) if you want other supported formats. + +Also, with current procedure your GitHub repo remains untouched. That means the version parameter in `setup.py` will not be modified and its value does not matter. +You can leave a dummy value, for example: +``` Python +setup( + version="0.0.0", + ... +) +``` + + +## Usage + +In your GitHub repo, create a workflow file or append to an existing one. (e.g. `.github/workflows/release.yml`) + +Mandatory parameters are: +``` yaml +- name: pypi-github-sync + uses: PabloLec/pypi-github-sync@v1.0.0 + with: + github_repo: YOUR_USERNAME/YOUR_REPO + twine_username: ${{ secrets.TWINE_USERNAME }} + twine_password: ${{ secrets.TWINE_PASSWORD }} +``` + +You will need to change `YOUR_USERNAME` and `YOUR_REPO` values and set your PyPI username and password in your repository secrets ([See the docs for reference](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository)). + +See [EXAMPLE.yml](EXAMPLE.yml) for a real world example. + +## Inputs + +#### `github_repo` *mandatory* + +Your github repository with format `USERNAME/REPO` as in URLs. For example this repo is `PabloLec/pypi-github-sync`. + +#### `twine_username` *mandatory* + +Your PyPI username, add it to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). + +#### `twine_password` *mandatory* + +Your PyPI password, add it to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). + +#### `upload_repo` *optional* + +The repository used for package uploading. Defaults to main PyPI repo, you can use others like PyPI test repo with `'https://test.pypi.org/legacy/'`. + +#### `verify_metadata` *optional* + +Verify build metadata before publication, defaults to false. + +#### `skip_existing` *optional* + +Do not raise an error if version already exists on repo, defaults to false. + +#### `verbose` *optional* + +Verbose output for twine upload, defaults to false. + +## Contributing + +Any contribution is welcome. +To report a bug or offer your help, simply open a new [issue](issues). +You can also open an issue if you want a new feature to be implemented. From b41ab4b2933e2dcd970c1d2207f2f200bf18ec4b Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:32:31 +0200 Subject: [PATCH 04/13] Bug fix --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 112deea..2bf451c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -44,7 +44,7 @@ echo "---------------- PUBLISH PACKAGE ----------------" EXTRA_ARGS= -if [[ -z "${UPLOAD_REPO}" ]]; then +if [[ -n "${UPLOAD_REPO}" ]]; then EXTRA_ARGS="--repository-url ${UPLOAD_REPO} ${EXTRA_ARGS}" echo "-------- Using repository: ${UPLOAD_REPO}" fi From 76f5d0125ccf16afa72aed5ee9c21945dbceb0c2 Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:38:00 +0200 Subject: [PATCH 05/13] README fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7f6dd0..aba670a 100644 --- a/README.md +++ b/README.md @@ -69,5 +69,5 @@ Verbose output for twine upload, defaults to false. ## Contributing Any contribution is welcome. -To report a bug or offer your help, simply open a new [issue](issues). +To report a bug or offer your help, simply open a new [issue](https://github.com/PabloLec/pypi-github-sync/issues). You can also open an issue if you want a new feature to be implemented. From 61bc3d7a8eb8f0566272c47bae16fd4f4878f740 Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:43:56 +0200 Subject: [PATCH 06/13] Bug fix --- README.md | 2 +- entrypoint.sh | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index aba670a..c94d912 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Your PyPI password, add it to your [repository secrets](https://docs.github.com/ #### `upload_repo` *optional* -The repository used for package uploading. Defaults to main PyPI repo, you can use others like PyPI test repo with `'https://test.pypi.org/legacy/'`. +The repository used for package uploading. Defaults to main PyPI repo, you can use others like PyPI test repo with `https://test.pypi.org/legacy/`. #### `verify_metadata` *optional* diff --git a/entrypoint.sh b/entrypoint.sh index 2bf451c..4e9f21d 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -40,6 +40,10 @@ echo "---------------- BUILD PACKAGE ----------------" python setup.py sdist bdist_wheel +if [[ ${VERIFY_METADATA} != "false" ]] ; then + twine check dist/* +fi + echo "---------------- PUBLISH PACKAGE ----------------" EXTRA_ARGS= @@ -49,12 +53,8 @@ if [[ -n "${UPLOAD_REPO}" ]]; then echo "-------- Using repository: ${UPLOAD_REPO}" fi -if [[ ${VERIFY_METADATA} != "false" ]] ; then - twine check dist/* -fi - if [[ ${SKIP_EXISTING} != "false" ]] ; then - EXTRA_ARGS=--skip-existing + EXTRA_ARGS="--skip-existing ${EXTRA_ARGS}" fi if [[ ${VERBOSE} != "false" ]] ; then From 86dd81b7d391fd8097dcd88112f28ea8f7c5c01e Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:46:11 +0200 Subject: [PATCH 07/13] README update --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c94d912..d2d6ec0 100644 --- a/README.md +++ b/README.md @@ -44,11 +44,11 @@ Your github repository with format `USERNAME/REPO` as in URLs. For example this #### `twine_username` *mandatory* -Your PyPI username, add it to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). +Your PyPI username, add `TWINE_USERNAME` to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). #### `twine_password` *mandatory* -Your PyPI password, add it to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). +Your PyPI password, add `TWINE_PASSWORD` to your [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). #### `upload_repo` *optional* From ff3396e6a93172ea6276c4d7fce58f04c07d43a9 Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:52:09 +0200 Subject: [PATCH 08/13] README update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d2d6ec0..941e52d 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Mandatory parameters are: You will need to change `YOUR_USERNAME` and `YOUR_REPO` values and set your PyPI username and password in your repository secrets ([See the docs for reference](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository)). -See [EXAMPLE.yml](EXAMPLE.yml) for a real world example. +:arrow_right_hook: See [EXAMPLE.yml](EXAMPLE.yml) for a real world example. ## Inputs From bbb4409d77c6b7a7775154c639aa83a45da31936 Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sat, 5 Jun 2021 10:55:18 +0200 Subject: [PATCH 09/13] README update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 941e52d..60d83be 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # pypi-github-sync [![GitHub release (latest by date)](https://img.shields.io/github/v/release/pablolec/pypi-github-sync)](https://github.com/PabloLec/pypi-github-sync/releases/) [![GitHub](https://img.shields.io/github/license/pablolec/pypi-github-sync)](https://github.com/PabloLec/pypi-github-sync/blob/main/LICENCE) -This action allows you to upload your Python distribution package to PyPI automatically using latest GitHub version tag as release version. +This action allows you to upload your Python package to PyPI automatically using latest GitHub version tag as release version. ## How does it work? From 444ab7207cb2f61c387c6a0a5dcfe7744888d0bb Mon Sep 17 00:00:00 2001 From: PabloLec Date: Sun, 6 Jun 2021 18:55:08 +0200 Subject: [PATCH 10/13] Added simple support for pyproject.toml --- EXAMPLE.yml | 2 +- README.md | 8 +++----- entrypoint.sh | 12 +++++++++++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/EXAMPLE.yml b/EXAMPLE.yml index 2889510..ff51a67 100644 --- a/EXAMPLE.yml +++ b/EXAMPLE.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: pypi-github-sync - uses: PabloLec/pypi-github-sync@v1.0.0 + uses: PabloLec/pypi-github-sync@v1.0.1 with: github_repo: PabloLec/recoverpy # Change these values twine_username: ${{ secrets.TWINE_USERNAME }} diff --git a/README.md b/README.md index 60d83be..bb32fad 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,9 @@ This action allows you to upload your Python package to PyPI automatically using ## How does it work? -Running a Docker container, this action will clone your repo, fetch its latest release tag, modify `setup.py`, build and finally push to PyPI. +Running a Docker container, this action will clone your repo, fetch its latest release tag, modify `setup.py` and/or `pyproject.toml`, build and finally push to PyPI. -It currently only support `setup.py`, see [Contributing](#Contributing) if you want other supported formats. - -Also, with current procedure your GitHub repo remains untouched. That means the version parameter in `setup.py` will not be modified and its value does not matter. +Also, with current procedure your GitHub repo remains untouched. That means the version parameter in your setup file will not be modified and its value does not matter. You can leave a dummy value, for example: ``` Python setup( @@ -25,7 +23,7 @@ In your GitHub repo, create a workflow file or append to an existing one. (e.g. Mandatory parameters are: ``` yaml - name: pypi-github-sync - uses: PabloLec/pypi-github-sync@v1.0.0 + uses: PabloLec/pypi-github-sync@v1.0.1 with: github_repo: YOUR_USERNAME/YOUR_REPO twine_username: ${{ secrets.TWINE_USERNAME }} diff --git a/entrypoint.sh b/entrypoint.sh index 4e9f21d..f990450 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -33,8 +33,18 @@ echo "Cleaned version name: ${CLEAN_VER}" VERSION_REGEX='version=\"[^"]\+\"' VERSION_REPLACE="version=\"${CLEAN_VER}\"" +VERSION_REGEX_WITH_SPACE='version\ =\ \"[^"]\+\"' +VERSION_REPLACE_WITH_SPACE="version\ =\ \"${CLEAN_VER}\"" -sed -i -e "s/${VERSION_REGEX}/${VERSION_REPLACE}/g" setup.py +if [[ -e setup.py ]]; then + sed -i -e "s/${VERSION_REGEX}/${VERSION_REPLACE}/g" setup.py + sed -i -e "s/${VERSION_REGEX_WITH_SPACE}/${VERSION_REPLACE_WITH_SPACE}/g" setup.py +fi + +if [[ -e pyproject.toml ]]; then + sed -i -e "s/${VERSION_REGEX}/${VERSION_REPLACE}/g" pyproject.toml + sed -i -e "s/${VERSION_REGEX_WITH_SPACE}/${VERSION_REPLACE_WITH_SPACE}/g" pyproject.toml +fi echo "---------------- BUILD PACKAGE ----------------" From ec43d42a08e0e316823aa65215e0ba1bb617eda8 Mon Sep 17 00:00:00 2001 From: Pablo Lecolinet Date: Tue, 8 Jun 2021 15:43:19 +0200 Subject: [PATCH 11/13] Build fix --- entrypoint.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index f990450..1c51456 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -48,7 +48,12 @@ fi echo "---------------- BUILD PACKAGE ----------------" -python setup.py sdist bdist_wheel +if [[ -e pyproject.toml ]]; then + pip install -q build + python -m build +elif [[ -e setup.py ]]; then + python setup.py sdist bdist_wheel +fi if [[ ${VERIFY_METADATA} != "false" ]] ; then twine check dist/* From 26e3b654d69a68bd1d0f882c070acdafa97743e0 Mon Sep 17 00:00:00 2001 From: Pablo Lecolinet Date: Sat, 10 Jul 2021 17:19:56 +0200 Subject: [PATCH 12/13] typo fix --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 951fff5..594a93e 100644 --- a/action.yml +++ b/action.yml @@ -21,15 +21,15 @@ inputs: verify_metadata: description: Verify build metadata before publication, defaults to false required: false - defaults: false + default: false skip_existing: description: Do not raise an error if version already exists on repo, defaults to false required: false - defaults: false + default: false verbose: description: Verbose output for twine upload, defaults to false required: false - defaults: false + default: false runs: using: "docker" From 3e664b72d6f5e1ccbd9b3a50d0104083ac9f658a Mon Sep 17 00:00:00 2001 From: "whitesource-bolt-for-github[bot]" <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 3 Mar 2022 15:23:25 +0000 Subject: [PATCH 13/13] Add .whitesource configuration file --- .whitesource | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..0d7ea09 --- /dev/null +++ b/.whitesource @@ -0,0 +1,13 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file