diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml new file mode 100644 index 0000000..4ec4f36 --- /dev/null +++ b/.github/workflows/dist.yml @@ -0,0 +1,120 @@ +name: Python Dist + +on: + push: + tags: + - "[0-9]+.[0-9]+.[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+.post[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+[a-b][0-9]+" + - "[0-9]+.[0-9]+.[0-9]+rc[0-9]+" + workflow_dispatch: + pull_request: + workflow_call: + inputs: + ref: + required: true + type: string + +concurrency: + group: dist-${{ github.ref }} + cancel-in-progress: true + +defaults: + run: + shell: bash -eux {0} + +jobs: + build_wheels: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [macos-latest, windows-latest, ubuntu-latest] + name: Build CPython-${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + - uses: pypa/cibuildwheel@v2.23.2 + env: + CIBW_ARCHS_MACOS: x86_64 universal2 + CIBW_TEST_SKIP: '*universal2:arm64' + CIBW_BUILD: "cp39-macosx_universal2 cp39-win* cp39-manylinux_{x86_64,i686}" + - uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }}-wheel + path: ./wheelhouse/*.whl + if-no-files-found: error + test_non_linux_wheels: + needs: build_wheels + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [macos-latest, windows-latest] + python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] + name: Test CPython ${{ matrix.python-version }}-${{ matrix.os }} + steps: + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + allow-prereleases: true + - name: Download a previously created wheel + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.os }}-wheel + - name: Test wheel + shell: bash + run: | + python -m pip install -U pip + python -m pip install --no-index --find-links=./ python_bsonjs + python -m pip list | grep python-bsonjs + python -c "from bsonjs import dumps" + # Linux + test_manylinux_wheels: + runs-on: ${{ matrix.os }} + needs: build_wheels + strategy: + matrix: + os: [ubuntu-latest] + container: ['manylinux2014_i686', 'manylinux2014_x86_64'] + python-version: ['cp39-cp39', 'cp310-cp310', 'cp311-cp311', 'cp312-cp312', 'cp313-cp313'] + name: Test CPython ${{ matrix.python-version }}-${{ matrix.container }} + steps: + - name: Download a previously created wheel + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.os }}-wheel + - name: Test wheel + run: | + docker run --rm --volume `pwd`:/python quay.io/pypa/${{ matrix.container }} /bin/bash -c "/opt/python/${{ matrix.python-version }}/bin/python -m pip install -U pip && /opt/python/${{ matrix.python-version }}/bin/python -m pip install --find-links=/python/ --no-index python_bsonjs && /opt/python/${{ matrix.python-version }}/bin/python -m pip list | grep python-bsonjs && /opt/python/${{ matrix.python-version }}/bin/python -c 'from bsonjs import dumps'" + make_sdist: + name: Make SDist + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.9 + - name: Build SDist + run: | + python -m pip install build + python -m build --sdist + - uses: actions/upload-artifact@v4 + with: + name: "sdist" + path: dist/*.tar.gz + collect_dist: + runs-on: ubuntu-latest + needs: [build_wheels, make_sdist] + name: Download Wheels + steps: + - name: Download all workflow run artifacts + uses: actions/download-artifact@v4 + - name: Flatten directory + working-directory: . + run: | + find . -mindepth 2 -type f -exec mv {} . \; + find . -type d -empty -delete + - uses: actions/upload-artifact@v4 + with: + name: all-dist-${{ github.run_id }} + path: "./*" \ No newline at end of file diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 4e5f15b..de6fd72 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -1,118 +1,70 @@ -name: Python Wheels +name: Release on: - push: - tags: - - "[0-9]+.[0-9]+.[0-9]+" - - "[0-9]+.[0-9]+.[0-9]+.post[0-9]+" - - "[0-9]+.[0-9]+.[0-9]+[a-b][0-9]+" - - "[0-9]+.[0-9]+.[0-9]+rc[0-9]+" - pull_request: workflow_dispatch: + inputs: + following_version: + description: "The post (dev) version to set" + dry_run: + description: "Dry Run?" + default: false + type: boolean + schedule: + - cron: '30 5 * * *' + +env: + # Changes per repo + PRODUCT_NAME: python-bsonjs + # Constant + # inputs will be empty on a scheduled run. so, we only set dry_run + # to 'false' when the input is set to 'false'. + DRY_RUN: ${{ ! contains(inputs.dry_run, 'false') }} + FOLLOWING_VERSION: ${{ inputs.following_version || '' }} concurrency: group: wheels-${{ github.ref }} cancel-in-progress: true +defaults: + run: + shell: bash -eux {0} + jobs: - build_wheels: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [macos-latest, windows-latest, ubuntu-latest] - name: Build CPython ${{ matrix.python-version }}-${{ matrix.os }} - steps: - - uses: actions/checkout@v4 - - uses: pypa/cibuildwheel@v2.23.2 - env: - CIBW_ARCHS_MACOS: x86_64 universal2 - CIBW_TEST_SKIP: '*universal2:arm64' - CIBW_BUILD: "cp39-macosx_universal2 cp39-win* cp39-manylinux_{x86_64,i686}" - - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.os }}-wheel - path: ./wheelhouse/*.whl - if-no-files-found: error - test_non_linux_wheels: - needs: build_wheels - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [macos-latest, windows-latest] - python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] - name: Test CPython ${{ matrix.python-version }}-${{ matrix.os }} - steps: - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - allow-prereleases: true - - name: Download a previously created wheel - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.os }}-wheel - - name: Test wheel - shell: bash - run: | - python -m pip install -U pip - python -m pip install --no-index --find-links=./ python_bsonjs - python -m pip list | grep python-bsonjs - python -c "from bsonjs import dumps" - # Linux - test_manylinux_wheels: - runs-on: ${{ matrix.os }} - needs: build_wheels - strategy: - matrix: - os: [ubuntu-latest] - container: ['manylinux2014_i686', 'manylinux2014_x86_64'] - python-version: ['cp39-cp39', 'cp310-cp310', 'cp311-cp311', 'cp312-cp312', 'cp313-cp313'] - name: Test CPython ${{ matrix.python-version }}-${{ matrix.container }} - steps: - - name: Download a previously created wheel - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.os }}-wheel - - name: Test wheel - run: | - docker run --rm --volume `pwd`:/python quay.io/pypa/${{ matrix.container }} /bin/bash -c "/opt/python/${{ matrix.python-version }}/bin/python -m pip install -U pip && /opt/python/${{ matrix.python-version }}/bin/python -m pip install --find-links=/python/ --no-index python_bsonjs && /opt/python/${{ matrix.python-version }}/bin/python -m pip list | grep python-bsonjs && /opt/python/${{ matrix.python-version }}/bin/python -c 'from bsonjs import dumps'" - make_sdist: - name: Make SDist + pre-publish: + environment: release runs-on: ubuntu-latest + if: github.repository_owner == 'mongodb-labs' || github.event_name == 'workflow_dispatch' + permissions: + id-token: write + contents: write + outputs: + version: ${{ steps.pre-publish.outputs.version }} steps: - - uses: actions/checkout@v4 - - name: Setup Python - uses: actions/setup-python@v5 + - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 with: - python-version: 3.9 - - name: Build SDist - run: | - python -m pip install build - python -m build --sdist - - uses: actions/upload-artifact@v4 + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: mongodb-labs/drivers-github-tools/setup@v2 with: - name: "sdist" - path: dist/*.tar.gz - collect_dist: - runs-on: ubuntu-latest - needs: [build_wheels, make_sdist] - name: Download Wheels - steps: - - name: Download all workflow run artifacts - uses: actions/download-artifact@v4 - - name: Flatten directory - working-directory: . - run: | - find . -mindepth 2 -type f -exec mv {} . \; - find . -type d -empty -delete - - uses: actions/upload-artifact@v4 + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }} + - uses: mongodb-labs/drivers-github-tools/python-labs/pre-publish@v2 + id: pre-publish with: - name: all-dist-${{ github.run_id }} - path: "./*" + dry_run: ${{ env.DRY_RUN }} + + build-dist: + needs: [pre-publish] + uses: ./.github/workflows/dist.yml + with: + ref: ${{ needs.pre-publish.outputs.version }} + publish: # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#publishing-the-distribution-to-pypi - needs: [collect_dist] - if: startsWith(github.ref, 'refs/tags/') + needs: [build-dist] + if: (github.repository_owner == 'mongodb-labs' && github.event_name != 'pull_request') || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest environment: release permissions: @@ -123,5 +75,39 @@ jobs: with: name: all-dist-${{ github.run_id }} path: dist/ + - name: Publish package distributions to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ + skip-existing: true + attestations: ${{ !startsWith(github.ref, 'refs/tags/') }} - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file + if: startsWith(github.ref, 'refs/tags/') + uses: pypa/gh-action-pypi-publish@release/v1 + + post-publish: + needs: [publish] + runs-on: ubuntu-latest + environment: release + permissions: + id-token: write + contents: write + attestations: write + security-events: write + steps: + - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }} + - uses: mongodb-labs/drivers-github-tools/python-labs/post-publish@v2 + with: + following_version: ${{ env.FOLLOWING_VERSION }} + product_name: ${{ env.PRODUCT_NAME }} + token: ${{ github.token }} + dry_run: ${{ env.DRY_RUN }}