Add infra for deploying to pip on release

And deploy to test on every commit with a successful CI
JasonGross · Oct 19, 2023 · a29fedc · a29fedc
1 parent 7bb8490
commit a29fedc
Show file tree

Hide file tree

Showing 4 changed files with 226 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -134,3 +134,54 @@ jobs:
       if: ${{ needs.docker-build.result == 'success' }}
     - run: echo 'The triggering workflow failed (docker)' && false
       if: ${{ needs.docker-build.result != 'success' }}
+
+  build-package:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.x"
+    - name: Install pypa/build
+      run: >-
+        python3 -m
+        pip install
+        build
+        setuptools
+        wheel
+        twine
+        --user
+    - name: Build a binary wheel and a source tarball
+      run: make dist PYTHON=python3
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+
+  publish-to-testpypi:
+    name: Publish Python 🐍 distribution 📦 to TestPyPI
+    needs:
+    - build-package
+    runs-on: ubuntu-latest
+
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/coq-tools
+
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to TestPyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        repository-url: https://test.pypi.org/legacy/
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,131 @@
+name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI
+
+on:
+  release:
+    types: [published] # Only publish to pip when we formally publish a release
+  # For more on how to formally release on Github, read https://help.github.com/en/articles/creating-releases
+
+jobs:
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.x"
+    - name: Install pypa/build
+      run: >-
+        python3 -m
+        pip install
+        build
+        setuptools
+        wheel
+        twine
+        --user
+    - name: Build a binary wheel and a source tarball
+      run: make dist PYTHON=python3
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+
+  publish-to-pypi:
+    name: >-
+      Publish Python 🐍 distribution 📦 to PyPI
+    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/coq-tools
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: >-
+      Sign the Python 🐍 distribution 📦 with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/[email protected]
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        '${{ github.ref_name }}' dist/**
+        --repo '${{ github.repository }}'
+
+  bump-package-version:
+    name: Bump package version
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Bump Package crate version
+      id: bumpPackageViaPush
+      run: |
+        etc/ci/bump-package-version.sh
+        remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
+        git config http.sslVerify false
+        git config user.name "Automated Publisher"
+        git config user.email "[email protected]"
+        git remote add publisher "${remote_repo}"
+        git remote update
+        git show-ref # useful for debugging
+        git branch --verbose
+
+        git checkout -b temp
+        git branch -D master || true
+        git checkout -b master publisher/master
+        git add pyproject.toml
+        timestamp=$(date -u)
+        git commit -m "Automated Package Version Bump: ${timestamp} ${GITHUB_SHA}"
+        git push publisher master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      if: always()
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        title: 'Package Version Bump'
+        body: >
+          This PR is auto-generated by
+          [create-pull-request](https://github.com/peter-evans/create-pull-request).
+        labels: automated pr
+      if: failure() && steps.bumpPackageViaPush.outcome == 'failure'
diff --git a/etc/ci/bump-package-version.sh b/etc/ci/bump-package-version.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -e
+
+TOML_PATH="pyproject.toml"
+
+VERSION_LINE="$(grep 'version\s*=\s*' "${TOML_PATH}")"
+VERSION_NUMBER="$(echo "${VERSION_LINE}" | sed 's/version\s*=\s*//g; s/"//g; s/\s//g')"
+# https://stackoverflow.com/a/4486087/377022
+NEW_VERSION_NUMBER="$(awk -F. '/[0-9]+\./{$NF++;print}' OFS=. <<< "${VERSION_NUMBER}")"
+NEW_VERSION_LINE="$(echo "${VERSION_LINE}" | sed "s/${VERSION_NUMBER}/${NEW_VERSION_NUMBER}/g")"
+echo "Updating ${TOML_PATH} from version ${VERSION_NUMBER} to ${NEW_VERSION_NUMBER}"
+sed "s/${VERSION_LINE}/${NEW_VERSION_LINE}/g" -i "${TOML_PATH}"
+
+# sanity check
+AGAIN_VERSION_LINE="$(grep 'version\s*=\s*' "${TOML_PATH}")"
+AGAIN_VERSION_NUMBER="$(echo "${AGAIN_VERSION_LINE}" | sed 's/version\s*=\s*//g; s/"//g; s/\s//g')"
+if [ "${NEW_VERSION_NUMBER}" != "${AGAIN_VERSION_NUMBER}" ]; then
+    echo "ERROR: Tried to change '${VERSION_NUMBER}' to '${NEW_VERSION_NUMBER}' in ${TOML_PATH},"
+    echo "  but somehow ended up with '${AGAIN_VERSION_NUMBER}'."
+    exit 1
+fi
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,22 @@
+[project]
+name = "coq-tools"
+version = "0.0.1"
+authors = [
+  { name="Jason Gross", email="[email protected]" },
+]
+description = "Some scripts to help manipulate Coq developments and minimize error-producing Coq code"
+readme = "README.md"
+requires-python = ">=3.5"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+]
+
+[project.urls]
+"Homepage" = "https://github.com/JasonGross/coq-tools"
+"Bug Tracker" = "https://github.com/JasonGross/coq-tools/issues"
+
+[build-system]
+requires = ["setuptools", "wheel"]
+build-backend = "setuptools.build_meta"