From c86c8259a5fad21abdfefc5bbbe18c8ff9f848ce Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 10:07:25 -0400 Subject: [PATCH 01/14] Update remaining workflows to work with new package structure/repo --- .github/workflows/build_assets.yml | 135 ++++++++++++++++++++++++ .github/workflows/build_for_pypi.yml | 67 ++++++++++++ .github/workflows/ci-job.yml | 3 - .github/workflows/create_release.yml | 36 +++++++ .github/workflows/create_release_pr.yml | 49 +++++++++ .github/workflows/release_flow.yml | 76 +++++++++++++ codecov-cli/scripts/build_alpine_arm.sh | 1 + codecov-cli/scripts/build_linux_arm.sh | 1 + 8 files changed, 365 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/build_assets.yml create mode 100644 .github/workflows/build_for_pypi.yml create mode 100644 .github/workflows/create_release.yml create mode 100644 .github/workflows/create_release_pr.yml create mode 100644 .github/workflows/release_flow.yml diff --git a/.github/workflows/build_assets.yml b/.github/workflows/build_assets.yml new file mode 100644 index 00000000..571e3537 --- /dev/null +++ b/.github/workflows/build_assets.yml @@ -0,0 +1,135 @@ +--- +name: Build Compiled Assets + +on: + workflow_call: + inputs: + release: + type: boolean + default: false + description: "Attach artifacts to a release" + +jobs: + build_assets: + name: Build packages - ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: true + matrix: + include: + - os: macos-latest + TARGET: macos + # currently, wrapt pulls the arm64 version instead of the universal one, so the below is a hack + CMD_REQS: > + mkdir -p pip-packages && cd pip-packages && pip wheel --no-cache-dir --no-binary tree_sitter,ijson,charset_normalizer,PyYAML .. && + rm $(ls | grep wrapt) && pip download wrapt --platform=universal2 --only-binary=:all: && pip install $(ls | grep wrapt) --force-reinstall && cd .. && + pip install --no-deps --no-index --find-links=pip-packages pip-packages/* + CMD_BUILD: > + STATICCODECOV_LIB_PATH=$(find build/ -maxdepth 1 -type d -name 'lib.*' -print -quit | xargs -I {} sh -c "find {} -type f -name 'staticcodecov*' -print -quit | sed 's|^./||'") && + pyinstaller --add-binary ${STATICCODECOV_LIB_PATH}:. --copy-metadata codecov-cli --hidden-import staticcodecov_languages --target-arch universal2 -F codecov_cli/main.py && + mv dist/main dist/codecovcli_macos && + lipo -archs dist/codecovcli_macos | grep 'x86_64 arm64' + OUT_FILE_NAME: codecovcli_macos + ASSET_MIME: application/octet-stream + - os: ubuntu-20.04 + TARGET: ubuntu + CMD_REQS: > + pip install -r requirements.txt && pip install . + CMD_BUILD: > + STATICCODECOV_LIB_PATH=$(find build/ -maxdepth 1 -type d -name 'lib.*' -print -quit | xargs -I {} sh -c "find {} -type f -name 'staticcodecov*' -print -quit | sed 's|^./||'") && + pyinstaller --add-binary ${STATICCODECOV_LIB_PATH}:. --copy-metadata codecov-cli --hidden-import staticcodecov_languages -F codecov_cli/main.py && + cp ./dist/main ./dist/codecovcli_linux + OUT_FILE_NAME: codecovcli_linux + ASSET_MIME: application/octet-stream + - os: windows-latest + TARGET: windows + CMD_REQS: > + pip install -r requirements.txt && pip install . + CMD_BUILD: > + pyinstaller --add-binary "build\lib.win-amd64-cpython-311\staticcodecov_languages.cp311-win_amd64.pyd;." --copy-metadata codecov-cli --hidden-import staticcodecov_languages -F codecov_cli\main.py && + Copy-Item -Path ".\dist\main.exe" -Destination ".\dist\codecovcli_windows.exe" + OUT_FILE_NAME: codecovcli_windows.exe + ASSET_MIME: application/vnd.microsoft.portable-executable + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - name: Set up Python 3.11 + uses: actions/setup-python@v3 + with: + python-version: "3.11" + - name: Install dependencies + run: | + cd codecov-cli + ${{matrix.CMD_REQS}} + python setup.py build + - name: Install pyinstaller + run: pip install pyinstaller + - name: Build with pyinstaller for ${{matrix.TARGET}} + run: cd codecov-cli && ${{matrix.CMD_BUILD}} + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + if: inputs.release == false + with: + name: ${{ matrix.OUT_FILE_NAME }} + path: ./codecov-cli/dist/${{ matrix.OUT_FILE_NAME }} + - name: Upload Release Asset + if: inputs.release == true + id: upload-release-asset + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: ./codecov-cli/dist/${{ matrix.OUT_FILE_NAME }} + asset_name: ${{ matrix.OUT_FILE_NAME }} + tag: ${{ github.ref }} + overwrite: true + + build_assets_alpine_arm: + name: Build assets - Alpine and ARM + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: "python:3.11-alpine3.18" + arch: arm64 + distro_name: alpine + - distro: "python:3.11-alpine3.18" + arch: x86_64 + distro_name: alpine + - distro: "python:3.11-bullseye" + arch: arm64 + distro_name: linux + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ matrix.arch }} + - name: Run in Docker + run: | + docker run \ + --rm \ + -v $(pwd):/${{ github.workspace }} \ + -w ${{ github.workspace }} \ + --platform linux/${{ matrix.arch }} \ + ${{ matrix.distro }} \ + ./codecov-cli/scripts/build_${{ matrix.distro_name }}_arm.sh ${{ matrix.distro_name }}_${{ matrix.arch }} + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + if: inputs.release == false + with: + name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + path: ./codecov-cli/dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + - name: Upload Release Asset + if: inputs.release == true + id: upload-release-asset + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: ./codecov-cli/dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + asset_name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + tag: ${{ github.ref }} + overwrite: true diff --git a/.github/workflows/build_for_pypi.yml b/.github/workflows/build_for_pypi.yml new file mode 100644 index 00000000..2197b700 --- /dev/null +++ b/.github/workflows/build_for_pypi.yml @@ -0,0 +1,67 @@ +--- +name: Build for PyPi + +on: + workflow_call: + inputs: + publish: + type: boolean + default: false + description: "Build for PyPi" + +jobs: + + build_src_for_pypi: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + submodules: true + - name: Install dependencies + run: | + cd codecov-cli + pip install build + - name: Build src dist + run: | + cd codecov-cli + python -m build --sdist + env: + PIP_CONSTRAINT: requirements.txt + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: cibw-sdist + path: ./**/*.tar.gz + + build_dist_for_pypi: + needs: + - build_src_for_pypi + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: + - macos-13 + - macos-latest + - ubuntu-24.04-arm + - ubuntu-latest + - windows-latest + steps: + - name: Download the sdist + uses: actions/download-artifact@v4 + with: + name: cibw-sdist + - name: Get sdist filename + id: get-sdist + run: | + echo "sdist_filename=$(ls codecov-cli/dist/)" >> "${GITHUB_OUTPUT}" + shell: bash + - name: Build wheels + uses: pypa/cibuildwheel@v2.22.0 + with: + package-dir: codecov-cli/dist/${{ steps.get-sdist.outputs.sdist_filename }} + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: cibw-wheels-${{ matrix.os }} + path: ./codecov-cli/wheelhouse/*.whl diff --git a/.github/workflows/ci-job.yml b/.github/workflows/ci-job.yml index 1fdf120b..73c00b72 100644 --- a/.github/workflows/ci-job.yml +++ b/.github/workflows/ci-job.yml @@ -1,6 +1,3 @@ -# This workflow will install Python dependencies, run tests and lint with a variety of Python versions -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions - name: CLI CI Job on: diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml new file mode 100644 index 00000000..827d24ad --- /dev/null +++ b/.github/workflows/create_release.yml @@ -0,0 +1,36 @@ +name: Create CLI Release + +on: + pull_request: + branches: + - main + types: [closed] + +jobs: + create-release: + if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') && github.repository_owner == 'getsentry' }} + name: Create Github Release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - id: get-release-vars + name: Configure Release Vars + run: | + release_version=v$(grep -E "version = \"[0-9]+\.[0-9]+\.[0-9]+\"" pyproject.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + previous_version=$(git tag --sort=-creatordate | head -n 2 | tail -n 1) + echo "release_version=$release_version" + echo "previous_version=$previous_version" + + echo "release_version=$release_version" >> "$GITHUB_OUTPUT" + echo "previous_version=$previous_version" >> "$GITHUB_OUTPUT" + + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ secrets.CODECOV_RELEASE_PAT }} + run: | + gh release create ${{ steps.get-release-vars.outputs.release_version }} --title "Release ${{ steps.get-release-vars.outputs.release_version }}" --notes "Autogenerated for ${{ steps.get-release-vars.outputs.release_version }}. Created for ${{ github.event.pull_request.html_url }}" --generate-notes --notes-start-tag ${{steps.get-release-vars.outputs.previous_version}} --target ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml new file mode 100644 index 00000000..c486b15e --- /dev/null +++ b/.github/workflows/create_release_pr.yml @@ -0,0 +1,49 @@ +name: Create CLI Release PR + +on: + workflow_dispatch: + inputs: + versionName: + description: 'Name of version (ie 23.9.5)' + required: true + +jobs: + create-release-pr: + name: Create PR + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Import GPG key + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.RELEASER_GPG_PRIVATE_KEY }} + git_user_signingkey: true + git_commit_gpgsign: true + git_config_global: true + + - name: Create release branch + run: git checkout -b release/${{ github.event.inputs.versionName }} + + - name: Update version and push + id: make-commit + run: | + sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml + git add pyproject.toml + git commit -S --message "Prepare release ${{ github.event.inputs.versionName }}" + echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" + git push origin release/${{ github.event.inputs.versionName }} + + - name: Create pull request into main + uses: thomaseizinger/create-pull-request@1.3.1 + with: + github_token: ${{ secrets.GH_RELEASE_TOKEN }} + head: release/${{ github.event.inputs.versionName }} + base: main + title: Release ${{ github.event.inputs.versionName }} + reviewers: ${{ github.event.issue.user.login }} + body: | + Release PR for ${{ github.event.inputs.versionName }} + I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. diff --git a/.github/workflows/release_flow.yml b/.github/workflows/release_flow.yml new file mode 100644 index 00000000..fa0baabf --- /dev/null +++ b/.github/workflows/release_flow.yml @@ -0,0 +1,76 @@ +name: Build and Publish CLI Release + +on: + release: + types: + - created + +jobs: + build_for_pypi: + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + uses: ./.github/workflows/build_for_pypi.yml + with: + publish: true + secrets: inherit + + buildassets: + name: Build packages + uses: ./.github/workflows/build_assets.yml + with: + release: true + secrets: inherit + + publish_to_pypi: + needs: + - build_for_pypi + permissions: + id-token: write # This is required for OIDC + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/codecov-cli + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: dist/ + pattern: cibw-* + - name: Display and move artifacts + run: | + ls -alrt */*/* + mv */*/*/* dist/ + mv */*/* dist/ + echo "Moved files" + ls -alrt */* + echo "Deleting empty directories" + find . -empty -type d -delete + ls -alrt */* + - name: Publish package to PyPi + uses: pypa/gh-action-pypi-publish@release/v1 + with: + verbose: true + + publish_release: + name: Publish release + needs: [buildassets, publish_to_pypi] + runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + steps: + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v1.0.0' + with: + create_credentials_file: 'true' + workload_identity_provider: ${{ secrets.CODECOV_GCP_WIDP }} + service_account: ${{ secrets.CODECOV_GCP_WIDSA }} + + # Publish the release tag to a Pub/Sub topic + - name: Publish a message to a Pub/Sub topic + env: + CLOUDSDK_CORE_PROJECT: ${{ secrets.GCLOUD_UPLOADER_PROJECT_ID }} + run: | + gcloud pubsub topics publish ${{ secrets.GCLOUD_UPLOADER_PUBSUB_TOPIC }} --message '{"release":"'"${{ github.ref_name }}"'", "latest":true}' diff --git a/codecov-cli/scripts/build_alpine_arm.sh b/codecov-cli/scripts/build_alpine_arm.sh index 688c3ab0..20f72770 100755 --- a/codecov-cli/scripts/build_alpine_arm.sh +++ b/codecov-cli/scripts/build_alpine_arm.sh @@ -1,4 +1,5 @@ #!/bin/sh +cd codecov-cli apk add musl-dev build-base pip install -r requirements.txt pip install . diff --git a/codecov-cli/scripts/build_linux_arm.sh b/codecov-cli/scripts/build_linux_arm.sh index 58b4625f..3dab760b 100755 --- a/codecov-cli/scripts/build_linux_arm.sh +++ b/codecov-cli/scripts/build_linux_arm.sh @@ -1,4 +1,5 @@ #!/bin/sh +cd codecov-cli apt install build-essential pip install -r requirements.txt pip install . From b6df7c7a90da614fa1de4388cd022bddc6663c1d Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 11:21:03 -0400 Subject: [PATCH 02/14] Try using Sentry release bot for create_release_pr.yml --- .github/workflows/create_release_pr.yml | 26 ++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index c486b15e..458f614c 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -15,14 +15,15 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Import GPG key - id: import-gpg - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.RELEASER_GPG_PRIVATE_KEY }} - git_user_signingkey: true - git_commit_gpgsign: true - git_config_global: true + # todo: add this back? or not? + # - name: Import GPG key + # id: import-gpg + # uses: crazy-max/ghaction-import-gpg@v6 + # with: + # gpg_private_key: ${{ secrets.RELEASER_GPG_PRIVATE_KEY }} + # git_user_signingkey: true + # git_commit_gpgsign: true + # git_config_global: true - name: Create release branch run: git checkout -b release/${{ github.event.inputs.versionName }} @@ -36,10 +37,17 @@ jobs: echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" git push origin release/${{ github.event.inputs.versionName }} + - name: Get auth token + id: token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - name: Create pull request into main uses: thomaseizinger/create-pull-request@1.3.1 with: - github_token: ${{ secrets.GH_RELEASE_TOKEN }} + github_token: ${{ steps.token.outputs.token }} head: release/${{ github.event.inputs.versionName }} base: main title: Release ${{ github.event.inputs.versionName }} From ded77d9d24227b2ffc20bba975dcfd8280588cb3 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 11:31:11 -0400 Subject: [PATCH 03/14] Use sentry bot auth token for create_release.yml --- .github/workflows/create_release.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml index 827d24ad..715c131d 100644 --- a/.github/workflows/create_release.yml +++ b/.github/workflows/create_release.yml @@ -29,8 +29,16 @@ jobs: echo "release_version=$release_version" >> "$GITHUB_OUTPUT" echo "previous_version=$previous_version" >> "$GITHUB_OUTPUT" + - name: Get auth token + id: token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + + # todo: potentially switch to https://github.com/getsentry/action-prepare-release once set up with craft - name: Create GitHub Release env: - GITHUB_TOKEN: ${{ secrets.CODECOV_RELEASE_PAT }} + GITHUB_TOKEN: ${{ steps.token.outputs.token }} run: | gh release create ${{ steps.get-release-vars.outputs.release_version }} --title "Release ${{ steps.get-release-vars.outputs.release_version }}" --notes "Autogenerated for ${{ steps.get-release-vars.outputs.release_version }}. Created for ${{ github.event.pull_request.html_url }}" --generate-notes --notes-start-tag ${{steps.get-release-vars.outputs.previous_version}} --target ${{ github.event.pull_request.head.sha }} From a53bd9fc3b8576f4208c28bfeb9c5646676cfe87 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 12:08:07 -0400 Subject: [PATCH 04/14] Set release: false in release_flow while testing things --- .github/workflows/release_flow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release_flow.yml b/.github/workflows/release_flow.yml index fa0baabf..daef81ad 100644 --- a/.github/workflows/release_flow.yml +++ b/.github/workflows/release_flow.yml @@ -12,14 +12,14 @@ jobs: contents: read # This is required for actions/checkout uses: ./.github/workflows/build_for_pypi.yml with: - publish: true + publish: false # todo: back to true when tested secrets: inherit buildassets: name: Build packages uses: ./.github/workflows/build_assets.yml with: - release: true + release: false # todo: back to true when tested secrets: inherit publish_to_pypi: From 14eb56e896e8bdaa3132b3ae7e935317a18108b6 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 12:09:23 -0400 Subject: [PATCH 05/14] Add temp test workflow --- .github/workflows/test.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..412a576e --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,21 @@ +name: Test workflow + +on: + push + +jobs: + build_for_pypi: + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + uses: ./.github/workflows/build_for_pypi.yml + with: + publish: false # todo: back to true when tested + secrets: inherit + + buildassets: + name: Build packages + uses: ./.github/workflows/build_assets.yml + with: + release: false # todo: back to true when tested + secrets: inherit From e5180c9a8e9bb0ae623222ec7c85b6fcc5237207 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 12:28:29 -0400 Subject: [PATCH 06/14] ubuntu-20.04 -> ubuntu-22.04 --- .github/workflows/build_assets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_assets.yml b/.github/workflows/build_assets.yml index 571e3537..ae26f26f 100644 --- a/.github/workflows/build_assets.yml +++ b/.github/workflows/build_assets.yml @@ -31,7 +31,7 @@ jobs: lipo -archs dist/codecovcli_macos | grep 'x86_64 arm64' OUT_FILE_NAME: codecovcli_macos ASSET_MIME: application/octet-stream - - os: ubuntu-20.04 + - os: ubuntu-22.04 TARGET: ubuntu CMD_REQS: > pip install -r requirements.txt && pip install . From ad3d7df4498aa9efcd9ee3e43771349d12107064 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 12:39:13 -0400 Subject: [PATCH 07/14] Update wheelhouse path --- .github/workflows/build_for_pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_for_pypi.yml b/.github/workflows/build_for_pypi.yml index 2197b700..8f802133 100644 --- a/.github/workflows/build_for_pypi.yml +++ b/.github/workflows/build_for_pypi.yml @@ -64,4 +64,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: cibw-wheels-${{ matrix.os }} - path: ./codecov-cli/wheelhouse/*.whl + path: ./wheelhouse/*.whl From d013c37843c2cd577d26c14f3b67c1ce1563cc97 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 12:52:59 -0400 Subject: [PATCH 08/14] Remove test workflow --- .github/workflows/build_for_pypi.yml | 1 - .github/workflows/test.yml | 21 --------------------- 2 files changed, 22 deletions(-) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/build_for_pypi.yml b/.github/workflows/build_for_pypi.yml index 8f802133..f055da0a 100644 --- a/.github/workflows/build_for_pypi.yml +++ b/.github/workflows/build_for_pypi.yml @@ -20,7 +20,6 @@ jobs: submodules: true - name: Install dependencies run: | - cd codecov-cli pip install build - name: Build src dist run: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 412a576e..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Test workflow - -on: - push - -jobs: - build_for_pypi: - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - uses: ./.github/workflows/build_for_pypi.yml - with: - publish: false # todo: back to true when tested - secrets: inherit - - buildassets: - name: Build packages - uses: ./.github/workflows/build_assets.yml - with: - release: false # todo: back to true when tested - secrets: inherit From 02bc9a4479fa7b9ecb2b1aa3db905fbb116542f5 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:20:34 -0400 Subject: [PATCH 09/14] Test the bot user auth flow --- .github/workflows/create_release_pr.yml | 33 +++++++++++++++---------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index 458f614c..4a941211 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -1,11 +1,12 @@ name: Create CLI Release PR on: - workflow_dispatch: - inputs: - versionName: - description: 'Name of version (ie 23.9.5)' - required: true + # workflow_dispatch: + # inputs: + # versionName: + # description: 'Name of version (ie 23.9.5)' + # required: true + push jobs: create-release-pr: @@ -26,16 +27,19 @@ jobs: # git_config_global: true - name: Create release branch - run: git checkout -b release/${{ github.event.inputs.versionName }} + #run: git checkout -b release/${{ github.event.inputs.versionName }} + run: git checkout -b test-sentry-release-bot - name: Update version and push id: make-commit run: | sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml git add pyproject.toml - git commit -S --message "Prepare release ${{ github.event.inputs.versionName }}" + #git commit --message "Prepare release ${{ github.event.inputs.versionName }}" + git commit --message "test" echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" - git push origin release/${{ github.event.inputs.versionName }} + #git push origin release/${{ github.event.inputs.versionName }} + git push origin test-sentry-release-bot - name: Get auth token id: token @@ -48,10 +52,13 @@ jobs: uses: thomaseizinger/create-pull-request@1.3.1 with: github_token: ${{ steps.token.outputs.token }} - head: release/${{ github.event.inputs.versionName }} + # head: release/${{ github.event.inputs.versionName }} + head: test-sentry-release-bot base: main - title: Release ${{ github.event.inputs.versionName }} + # title: Release ${{ github.event.inputs.versionName }} + title: Test pr reviewers: ${{ github.event.issue.user.login }} - body: | - Release PR for ${{ github.event.inputs.versionName }} - I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. + # body: | + # Release PR for ${{ github.event.inputs.versionName }} + # I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. + body: test body From 23db0d22f7efa3799df33047bc35407c67cead9c Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:21:54 -0400 Subject: [PATCH 10/14] Oops --- .github/workflows/create_release_pr.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index 4a941211..15de7ae9 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -33,7 +33,9 @@ jobs: - name: Update version and push id: make-commit run: | - sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml + cd codecov-cli + # sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml + sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "test"/g' pyproject.toml git add pyproject.toml #git commit --message "Prepare release ${{ github.event.inputs.versionName }}" git commit --message "test" From 3b8bcc925f5d7bf1f7c9a731793a472644625641 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:29:52 -0400 Subject: [PATCH 11/14] Add bot's git info --- .github/workflows/create_release_pr.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index 15de7ae9..7c47b7df 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -30,6 +30,11 @@ jobs: #run: git checkout -b release/${{ github.event.inputs.versionName }} run: git checkout -b test-sentry-release-bot + - name: Set bot's Git info + run: | + git config --global user.email "10587625+getsentry-bot@users.noreply.github.com" + git config --global user.name "getsentry-bot" + - name: Update version and push id: make-commit run: | From 8bd68e790950a6b8a063bdb67037589c708239e9 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:36:43 -0400 Subject: [PATCH 12/14] Update committer info to be the gh app not the bot account --- .github/workflows/create_release_pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index 7c47b7df..463387f5 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -32,8 +32,8 @@ jobs: - name: Set bot's Git info run: | - git config --global user.email "10587625+getsentry-bot@users.noreply.github.com" - git config --global user.name "getsentry-bot" + git config --global user.email "180476844+sentry-release-bot[bot]@users.noreply.github.com" + git config --global user.name "sentry-release-bot[bot]" - name: Update version and push id: make-commit From b0e29653b4b0481cb9df857c825af6076746d8bb Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:47:34 -0400 Subject: [PATCH 13/14] Remove testing stuff, finalize create_release_pr.yml details --- .github/workflows/create_release_pr.yml | 52 ++++++++----------------- 1 file changed, 17 insertions(+), 35 deletions(-) diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml index 463387f5..33267a42 100644 --- a/.github/workflows/create_release_pr.yml +++ b/.github/workflows/create_release_pr.yml @@ -1,12 +1,11 @@ name: Create CLI Release PR on: - # workflow_dispatch: - # inputs: - # versionName: - # description: 'Name of version (ie 23.9.5)' - # required: true - push + workflow_dispatch: + inputs: + versionName: + description: 'Name of version (ie 23.9.5)' + required: true jobs: create-release-pr: @@ -16,37 +15,23 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # todo: add this back? or not? - # - name: Import GPG key - # id: import-gpg - # uses: crazy-max/ghaction-import-gpg@v6 - # with: - # gpg_private_key: ${{ secrets.RELEASER_GPG_PRIVATE_KEY }} - # git_user_signingkey: true - # git_commit_gpgsign: true - # git_config_global: true - - - name: Create release branch - #run: git checkout -b release/${{ github.event.inputs.versionName }} - run: git checkout -b test-sentry-release-bot - - - name: Set bot's Git info + - name: Set sentry-release-bot's Git info run: | git config --global user.email "180476844+sentry-release-bot[bot]@users.noreply.github.com" git config --global user.name "sentry-release-bot[bot]" + - name: Create release branch + run: git checkout -b release/${{ github.event.inputs.versionName }} + - name: Update version and push id: make-commit run: | cd codecov-cli - # sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml - sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "test"/g' pyproject.toml + sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml git add pyproject.toml - #git commit --message "Prepare release ${{ github.event.inputs.versionName }}" - git commit --message "test" + git commit --message "Prepare release ${{ github.event.inputs.versionName }}" echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" - #git push origin release/${{ github.event.inputs.versionName }} - git push origin test-sentry-release-bot + git push origin release/${{ github.event.inputs.versionName }} - name: Get auth token id: token @@ -59,13 +44,10 @@ jobs: uses: thomaseizinger/create-pull-request@1.3.1 with: github_token: ${{ steps.token.outputs.token }} - # head: release/${{ github.event.inputs.versionName }} - head: test-sentry-release-bot + head: release/${{ github.event.inputs.versionName }} base: main - # title: Release ${{ github.event.inputs.versionName }} - title: Test pr + title: Release ${{ github.event.inputs.versionName }} reviewers: ${{ github.event.issue.user.login }} - # body: | - # Release PR for ${{ github.event.inputs.versionName }} - # I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. - body: test body + body: | + Release PR for ${{ github.event.inputs.versionName }} + I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. From 456a3df6a3e7509fbebc7c92995e43e2f00dc899 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Mon, 5 May 2025 14:58:18 -0400 Subject: [PATCH 14/14] Update build_assets to use release bot auth --- .github/workflows/build_assets.yml | 33 ++++++++++++++++++++++++++-- .github/workflows/build_for_pypi.yml | 7 +++++- .github/workflows/ci-job.yml | 3 +++ .github/workflows/ci.yml | 14 ++++++++++++ .github/workflows/release_flow.yml | 2 ++ 5 files changed, 56 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_assets.yml b/.github/workflows/build_assets.yml index ae26f26f..b6629bd9 100644 --- a/.github/workflows/build_assets.yml +++ b/.github/workflows/build_assets.yml @@ -31,6 +31,7 @@ jobs: lipo -archs dist/codecovcli_macos | grep 'x86_64 arm64' OUT_FILE_NAME: codecovcli_macos ASSET_MIME: application/octet-stream + - os: ubuntu-22.04 TARGET: ubuntu CMD_REQS: > @@ -41,6 +42,7 @@ jobs: cp ./dist/main ./dist/codecovcli_linux OUT_FILE_NAME: codecovcli_linux ASSET_MIME: application/octet-stream + - os: windows-latest TARGET: windows CMD_REQS: > @@ -50,35 +52,50 @@ jobs: Copy-Item -Path ".\dist\main.exe" -Destination ".\dist\codecovcli_windows.exe" OUT_FILE_NAME: codecovcli_windows.exe ASSET_MIME: application/vnd.microsoft.portable-executable + steps: - uses: actions/checkout@v4 with: submodules: true + - name: Set up Python 3.11 uses: actions/setup-python@v3 with: python-version: "3.11" + - name: Install dependencies run: | cd codecov-cli ${{matrix.CMD_REQS}} python setup.py build + - name: Install pyinstaller run: pip install pyinstaller + - name: Build with pyinstaller for ${{matrix.TARGET}} run: cd codecov-cli && ${{matrix.CMD_BUILD}} + - name: Upload a Build Artifact uses: actions/upload-artifact@v4 if: inputs.release == false with: name: ${{ matrix.OUT_FILE_NAME }} path: ./codecov-cli/dist/${{ matrix.OUT_FILE_NAME }} + + - name: Get auth token + if: inputs.release == true + id: token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - name: Upload Release Asset if: inputs.release == true id: upload-release-asset uses: svenstaro/upload-release-action@v2 with: - repo_token: ${{ secrets.GITHUB_TOKEN }} + repo_token: ${{ steps.token.outputs.token }} file: ./codecov-cli/dist/${{ matrix.OUT_FILE_NAME }} asset_name: ${{ matrix.OUT_FILE_NAME }} tag: ${{ github.ref }} @@ -104,10 +121,12 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + - name: Set up QEMU uses: docker/setup-qemu-action@v1 with: platforms: ${{ matrix.arch }} + - name: Run in Docker run: | docker run \ @@ -117,18 +136,28 @@ jobs: --platform linux/${{ matrix.arch }} \ ${{ matrix.distro }} \ ./codecov-cli/scripts/build_${{ matrix.distro_name }}_arm.sh ${{ matrix.distro_name }}_${{ matrix.arch }} + - name: Upload a Build Artifact uses: actions/upload-artifact@v4 if: inputs.release == false with: name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} path: ./codecov-cli/dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + + - name: Get auth token + if: inputs.release == true + id: token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - name: Upload Release Asset if: inputs.release == true id: upload-release-asset uses: svenstaro/upload-release-action@v2 with: - repo_token: ${{ secrets.GITHUB_TOKEN }} + repo_token: ${{ steps.token.outputs.token }} file: ./codecov-cli/dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} asset_name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} tag: ${{ github.ref }} diff --git a/.github/workflows/build_for_pypi.yml b/.github/workflows/build_for_pypi.yml index f055da0a..3d82e104 100644 --- a/.github/workflows/build_for_pypi.yml +++ b/.github/workflows/build_for_pypi.yml @@ -10,7 +10,6 @@ on: description: "Build for PyPi" jobs: - build_src_for_pypi: runs-on: ubuntu-latest steps: @@ -18,15 +17,18 @@ jobs: with: persist-credentials: false submodules: true + - name: Install dependencies run: | pip install build + - name: Build src dist run: | cd codecov-cli python -m build --sdist env: PIP_CONSTRAINT: requirements.txt + - name: Store the distribution packages uses: actions/upload-artifact@v4 with: @@ -50,15 +52,18 @@ jobs: uses: actions/download-artifact@v4 with: name: cibw-sdist + - name: Get sdist filename id: get-sdist run: | echo "sdist_filename=$(ls codecov-cli/dist/)" >> "${GITHUB_OUTPUT}" shell: bash + - name: Build wheels uses: pypa/cibuildwheel@v2.22.0 with: package-dir: codecov-cli/dist/${{ steps.get-sdist.outputs.sdist_filename }} + - name: Store the distribution packages uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/ci-job.yml b/.github/workflows/ci-job.yml index 73c00b72..496676b7 100644 --- a/.github/workflows/ci-job.yml +++ b/.github/workflows/ci-job.yml @@ -14,10 +14,12 @@ jobs: with: submodules: true fetch-depth: 2 + - name: Set up Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" + - name: Install dependencies run: | cd codecov-cli @@ -25,6 +27,7 @@ jobs: pip install -r requirements.txt python -m pip install -e . pip install -r tests/requirements.txt + - name: Test with pytest run: | cd codecov-cli diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 820f23b7..477afaf1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + - name: Check linting with ruff run: | make lint @@ -28,18 +29,22 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + - name: Set up Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" + - name: Install dependencies run: | python -m pip install --upgrade pip python -m pip install -e codecov-cli python -m pip install -e prevent-cli + - name: Run command_dump run: | ./command_dump.py + - name: Detect changes on commit run: | if [ -n "$(git diff codecov-cli/codecovcli_commands prevent-cli/preventcli_commands)" ]; then @@ -56,16 +61,20 @@ jobs: with: submodules: true fetch-depth: 2 + - uses: actions/setup-python@v5 with: python-version: "3.12" + - name: Install CLI # todo: update this to dogfood prevent cli, maybe try both? run: | pip install codecov-cli + - name: Create commit in codecov run: | codecovcli create-commit -t ${{ secrets.CODECOV_TOKEN }} --git-service github + - name: Create commit report in codecov run: | codecovcli create-report -t ${{ secrets.CODECOV_TOKEN }} --git-service github @@ -82,27 +91,32 @@ jobs: with: submodules: true fetch-depth: 2 + - name: Set up Python ${{matrix.python-version}} uses: actions/setup-python@v5 with: python-version: "${{matrix.python-version}}" + - name: Install dependencies run: | python -m pip install --upgrade pip python -m pip install -e codecov-cli python -m pip install -e prevent-cli pip install -r codecov-cli/tests/requirements.txt + - name: Test with pytest run: | cd codecov-cli pytest --cov --junitxml=${{matrix.os}}-${{matrix.python-version}}junit.xml env: CODECOV_ENV: test + - name: Dogfooding codecov-cli if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'getsentry' }} run: | codecovcli -v do-upload --fail-on-error -t ${{ secrets.CODECOV_TOKEN }} --plugin pycoverage --flag python${{matrix.python-version}} --flag codecovcli codecovcli do-upload --report-type test_results --fail-on-error -t ${{ secrets.CODECOV_TOKEN }} --plugin pycoverage --flag python${{matrix.python-version}} --flag codecovcli + - name: Dogfooding sentry-prevent-cli if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'getsentry' }} run: | diff --git a/.github/workflows/release_flow.yml b/.github/workflows/release_flow.yml index daef81ad..ce811ac5 100644 --- a/.github/workflows/release_flow.yml +++ b/.github/workflows/release_flow.yml @@ -37,6 +37,7 @@ jobs: with: path: dist/ pattern: cibw-* + - name: Display and move artifacts run: | ls -alrt */*/* @@ -47,6 +48,7 @@ jobs: echo "Deleting empty directories" find . -empty -type d -delete ls -alrt */* + - name: Publish package to PyPi uses: pypa/gh-action-pypi-publish@release/v1 with: