From ee502b58bb5226bcf387ee1b30d3483f255e4832 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 6 Oct 2023 16:17:44 -0500 Subject: [PATCH 1/6] DOC: Update action commit SHA to the 0.2.0 tag (#44) * For stability provide the commit SHA that corresponds to the 0.2.0 tag for users to pin to. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 68d9eaf..53606bb 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ jobs: steps: ... - name: Upload wheel - uses: scientific-python/upload-nightly-action@8f0394fd2aa0c85d7364a9958652e8994e06b23c # 0.1.0 + uses: scientific-python/upload-nightly-action@5fb764c5bce1ac2297084c0f7161b1919f17c74f # 0.2.0 with: artifacts_path: dist anaconda_nightly_upload_token: ${{secrets.UPLOAD_TOKEN}} From a3374035ab93895ad9e0ff415de705ad034cfd53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 00:54:24 +0100 Subject: [PATCH 2/6] CI: Bump actions/setup-python from 4 to 5 (#48) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ff853c..fe77ac7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.x' From f689fba3de4c1332033143747f69fb420df77e69 Mon Sep 17 00:00:00 2001 From: Serge Koudoro Date: Tue, 23 Jan 2024 19:14:01 -0500 Subject: [PATCH 3/6] ENH: Add optional `anaconda_nightly_upload_organization` argument (#47) * NF: Add anaconda_nightly_upload_url parameter NF: add anaconda_nightly_upload_token paremeter DOC: Add associated documentation * DOC: add labels documentation * Apply suggestions from code review Co-authored-by: Stefan van der Walt * - address stefanv comments. - rename anaconda_nightly_upload_url to anaconda_nightly_upload_organization * FIX: del list, docker handle only str/bool/number - parse string in case of multiple labels * Handle comma and new line seperated label lists Using space seperated lists is not standard across GitHub Actions, which in general assume that you're providing a newline seperatd or comma seperated list (c.f. https://github.com/docker/build-push-action?tab=readme-ov-file#inputs as an example). So if we agree that we should be expecting newline seperated or comma seperated inputs then we can just treat all input the same by: First, converting all input into a comma separated string Then, create an array of the comma seperated labels Finally, parse that array into a single string that represents all the label arguments to be included (you were already doing this part) --------- Co-authored-by: Stefan van der Walt Co-authored-by: Matthew Feickert --- README.md | 20 ++++++++++++++++++++ action.yml | 8 ++++++++ cmd.sh | 31 ++++++++++++++++++++++++++++++- 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 53606bb..f5e933d 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,26 @@ then generate a token at `https://anaconda.org/scientific-python-nightly-wheels/ with permissions to _Allow write access to the API site_ and _Allow uploads to Standard Python repositories_, and add the token as a secret to your GitHub repository. +## Using a different channel + +This Github Action can upload your nightly builds to a different channel. To do so, +define the `anaconda_nightly_upload_organization` variable. Furthermore, +you can add labels for organizing your artifacts using `anaconda_nightly_upload_labels` +optional parameter. See below: + +```yml +jobs: + steps: + ... + - name: Upload wheel + uses: scientific-python/upload-nightly-action@5fb764c5bce1ac2297084c0f7161b1919f17c74f # 0.2.0 + with: + artifacts_path: dist + anaconda_nightly_upload_organization: my-alternative-organization + anaconda_nightly_upload_token: ${{secrets.UPLOAD_TOKEN}} + anaconda_nightly_upload_labels: dev +``` + ## Artifact cleanup-policy at the ``scientific-python-nightly-wheels`` channel To avoid hosting outdated development versions, as well as to clean up space, we do have a diff --git a/action.yml b/action.yml index 6f84f14..2aefbb8 100644 --- a/action.yml +++ b/action.yml @@ -14,6 +14,14 @@ inputs: anaconda_nightly_upload_token: description: 'Token to upload to scientific python org' required: true + anaconda_nightly_upload_organization: + description: 'Organisation name to upload the wheels to' + required: false + default: scientific-python-nightly-wheels + anaconda_nightly_upload_labels: + description: 'List of labels assigned to the uploaded artifacts' + required: false + default: main runs: using: 'docker' diff --git a/cmd.sh b/cmd.sh index 8313e8e..1a89437 100644 --- a/cmd.sh +++ b/cmd.sh @@ -14,8 +14,17 @@ set -x # this is to prevent accidental uploads echo "Getting anaconda token from github secrets..." -ANACONDA_ORG="scientific-python-nightly-wheels" +ANACONDA_ORG="${INPUT_ANACONDA_NIGHTLY_UPLOAD_ORGANIZATION}" ANACONDA_TOKEN="${INPUT_ANACONDA_NIGHTLY_UPLOAD_TOKEN}" +ANACONDA_LABELS="${INPUT_ANACONDA_NIGHTLY_UPLOAD_LABELS}" + +# if the ANACONDA_ORG is empty, exit with status -1 +# this is to prevent attempt to upload to the wrong anaconda channel +if [ -z "${ANACONDA_ORG}" ]; then + echo "ANACONDA_ORG is empty, exiting..." + exit -1 +fi + # if the ANACONDA_TOKEN is empty, exit with status -1 # this is to prevent accidental uploads @@ -24,6 +33,25 @@ if [ -z "${ANACONDA_TOKEN}" ]; then exit -1 fi +# if the ANACONDA_LABELS is empty, exit with status -1 +# as this should be set in action.yml or by the user +# and it is better to fail on this to sigal a problem. +if [ -z "${ANACONDA_LABELS}" ]; then + echo "ANACONDA_LABELS is empty, exiting..." + exit -1 +fi + +# convert newlines to commas for parsing +# and ensure that there is no trailing comma +ANACONDA_LABELS="$(tr '\n' ',' <<< "${ANACONDA_LABELS}" | sed 's/,$//')" + +IFS=',' read -ra LABELS <<< "${ANACONDA_LABELS}" + +LABEL_ARGS="" +for label in "${LABELS[@]}"; do + LABEL_ARGS+="--label ${label} " +done + # Install anaconda-client from lock file echo "Installing anaconda-client from upload-nightly-action conda-lock lock file..." micromamba create \ @@ -48,5 +76,6 @@ echo "Uploading wheels to anaconda.org..." anaconda --token "${ANACONDA_TOKEN}" upload \ --force \ --user "${ANACONDA_ORG}" \ + $ANACONDA_LABELS \ "${INPUT_ARTIFACTS_PATH}"/*.whl echo "Index: https://pypi.anaconda.org/${ANACONDA_ORG}/simple" From 3eb3a42b50671237cace9be2d18a3e4b3845d3c4 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Tue, 23 Jan 2024 19:39:04 -0600 Subject: [PATCH 4/6] FIX: Use correct shell variable in upload (#53) * Use the correct shell variable "LABEL_ARGS" to pass the lable args to the `anaconda upload` command. - Amends PR https://github.com/scientific-python/upload-nightly-action/pull/47 * Note that it is important that ${LABEL_ARGS} is NOT quoted during shell parameter expansion, else it will be treated as a file path to anaconda upload and not an argument. - e.g. This will trigger `File "--label main " does not exist` errors. --- cmd.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd.sh b/cmd.sh index 1a89437..9fb7b44 100644 --- a/cmd.sh +++ b/cmd.sh @@ -73,9 +73,11 @@ env # upload wheels echo "Uploading wheels to anaconda.org..." +# Note: ${LABEL_ARGS} must not be quoted during shell parameter expansion, +# else it will be treated as a file and not additional command arguments. anaconda --token "${ANACONDA_TOKEN}" upload \ --force \ --user "${ANACONDA_ORG}" \ - $ANACONDA_LABELS \ + ${LABEL_ARGS} \ "${INPUT_ARTIFACTS_PATH}"/*.whl echo "Index: https://pypi.anaconda.org/${ANACONDA_ORG}/simple" From b579d79a3b3e5d92006b47420cad4e4c40c08d7b Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 24 Jan 2024 12:03:19 -0600 Subject: [PATCH 5/6] CI: Add test for uploads with multiple labels (#54) * Add test uploads for non-main label 'test' and for multiple labels in a comma seperated list. As attempting to apply multiple labels through repeated upload of the same package will fail as the package already exists, bump the version number of the test package to generate multiple packages that can be uploaded with different labels. --- .github/workflows/ci.yml | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe77ac7..dd0feec 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,9 +34,9 @@ jobs: python -m pip install build twine python -m pip list - - name: Build a wheel and a sdist + - name: Build v0.0.1 wheel and sdist run: | - PYTHONWARNINGS=error,default::DeprecationWarning python -m build --outdir ./dist tests/test_package + python -m build --outdir ./dist tests/test_package - name: Verify the distribution run: twine check --strict dist/* @@ -53,6 +53,34 @@ jobs: artifacts_path: dist anaconda_nightly_upload_token: ${{ secrets.UPLOAD_TOKEN }} + - name: Build v0.0.2 wheel and sdist + run: | + # Bump version to avoid wheel name conflicts + sed -i 's/0.0.1/0.0.2/g' tests/test_package/pyproject.toml + rm ./dist/* + python -m build --outdir ./dist tests/test_package + + - name: Test upload with non-main label + uses: ./ + with: + artifacts_path: dist + anaconda_nightly_upload_token: ${{ secrets.UPLOAD_TOKEN }} + anaconda_nightly_upload_labels: test + + - name: Build v0.0.3 wheel and sdist + run: | + # Bump version to avoid wheel name conflicts + sed -i 's/0.0.2/0.0.3/g' tests/test_package/pyproject.toml + rm ./dist/* + python -m build --outdir ./dist tests/test_package + + - name: Test upload with multiple labels + uses: ./ + with: + artifacts_path: dist + anaconda_nightly_upload_token: ${{ secrets.UPLOAD_TOKEN }} + anaconda_nightly_upload_labels: dev,test + cleanup: runs-on: ubuntu-latest needs: [test] From 6e9304f7a3a5501c6f98351537493ec898728299 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 24 Jan 2024 12:38:51 -0600 Subject: [PATCH 6/6] FIX: Remove environment print for security (#55) * As 'env' prints the entire environment this is a route to accidentally leak secrets into public logs. While GitHub properly screens secrets it would be better to not provide a chance for something to go wrong. --- cmd.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd.sh b/cmd.sh index 9fb7b44..430c8dd 100644 --- a/cmd.sh +++ b/cmd.sh @@ -67,9 +67,6 @@ micromamba activate upload-nightly-action # trim trailing slashes from $INPUT_ARTIFACTS_PATH INPUT_ARTIFACTS_PATH="${INPUT_ARTIFACTS_PATH%/}" -# debug, print env -env - # upload wheels echo "Uploading wheels to anaconda.org..."