diff --git a/.github/dpkg-versions.yaml b/.github/dpkg-versions.yaml index 0967ef4..f3d8868 100644 --- a/.github/dpkg-versions.yaml +++ b/.github/dpkg-versions.yaml @@ -1 +1,90 @@ -{} +camptocamp/tag-publish:latest: + ubuntu_24_04/apt: 2.7.14build2 + ubuntu_24_04/base-passwd: 3.6.3build1 + ubuntu_24_04/bash: 5.2.21-2ubuntu4 + ubuntu_24_04/bsdutils: 1:2.39.3-9ubuntu6.1 + ubuntu_24_04/coreutils: 9.4-3ubuntu6 + ubuntu_24_04/dash: 0.5.12-6ubuntu5 + ubuntu_24_04/debconf: 1.5.86ubuntu1 + ubuntu_24_04/debianutils: 5.17build1 + ubuntu_24_04/diffutils: 1:3.10-1build1 + ubuntu_24_04/dpkg: 1.22.6ubuntu6.1 + ubuntu_24_04/e2fsprogs: 1.47.0-2.4~exp1ubuntu4.1 + ubuntu_24_04/findutils: 4.9.0-5build1 + ubuntu_24_04/gcc-14-base: 14-20240412-0ubuntu1 + ubuntu_24_04/gpgv: 2.4.4-2ubuntu17 + ubuntu_24_04/grep: 3.11-4build1 + ubuntu_24_04/gzip: 1.12-1ubuntu3 + ubuntu_24_04/hostname: 3.23+nmu2ubuntu2 + ubuntu_24_04/init-system-helpers: 1.66ubuntu1 + ubuntu_24_04/libacl1: 2.3.2-1build1 + ubuntu_24_04/libapt-pkg6.0t64: 2.7.14build2 + ubuntu_24_04/libassuan0: 2.5.6-1build1 + ubuntu_24_04/libattr1: 1:2.5.2-1build1 + ubuntu_24_04/libaudit-common: 1:3.1.2-2.1build1 + ubuntu_24_04/libaudit1: 1:3.1.2-2.1build1 + ubuntu_24_04/libblkid1: 2.39.3-9ubuntu6.1 + ubuntu_24_04/libbz2-1.0: 1.0.8-5.1build0.1 + ubuntu_24_04/libc-bin: 2.39-0ubuntu8.3 + ubuntu_24_04/libc6: 2.39-0ubuntu8.3 + ubuntu_24_04/libcap-ng0: 0.8.4-2build2 + ubuntu_24_04/libcap2: 1:2.66-5ubuntu2 + ubuntu_24_04/libcom-err2: 1.47.0-2.4~exp1ubuntu4.1 + ubuntu_24_04/libcrypt1: 1:4.4.36-4build1 + ubuntu_24_04/libdb5.3t64: 5.3.28+dfsg2-7 + ubuntu_24_04/libdebconfclient0: 0.271ubuntu3 + ubuntu_24_04/libext2fs2t64: 1.47.0-2.4~exp1ubuntu4.1 + ubuntu_24_04/libffi8: 3.4.6-1build1 + ubuntu_24_04/libgcc-s1: 14-20240412-0ubuntu1 + ubuntu_24_04/libgcrypt20: 1.10.3-2build1 + ubuntu_24_04/libgmp10: 2:6.3.0+dfsg-2ubuntu6 + ubuntu_24_04/libgnutls30t64: 3.8.3-1.1ubuntu3.2 + ubuntu_24_04/libgpg-error0: 1.47-3build2 + ubuntu_24_04/libhogweed6t64: 3.9.1-2.2build1.1 + ubuntu_24_04/libidn2-0: 2.3.7-2build1 + ubuntu_24_04/liblz4-1: 1.9.4-1build1.1 + ubuntu_24_04/liblzma5: 5.6.1+really5.4.5-1build0.1 + ubuntu_24_04/libmd0: 1.1.0-2build1 + ubuntu_24_04/libmount1: 2.39.3-9ubuntu6.1 + ubuntu_24_04/libncursesw6: 6.4+20240113-1ubuntu2 + ubuntu_24_04/libnettle8t64: 3.9.1-2.2build1.1 + ubuntu_24_04/libnpth0t64: 1.6-3.1build1 + ubuntu_24_04/libp11-kit0: 0.25.3-4ubuntu2.1 + ubuntu_24_04/libpam-modules: 1.5.3-5ubuntu5.1 + ubuntu_24_04/libpam-modules-bin: 1.5.3-5ubuntu5.1 + ubuntu_24_04/libpam-runtime: 1.5.3-5ubuntu5.1 + ubuntu_24_04/libpam0g: 1.5.3-5ubuntu5.1 + ubuntu_24_04/libpcre2-8-0: 10.42-4ubuntu2 + ubuntu_24_04/libproc2-0: 2:4.0.4-4ubuntu3.2 + ubuntu_24_04/libseccomp2: 2.5.5-1ubuntu3.1 + ubuntu_24_04/libselinux1: 3.5-2ubuntu2 + ubuntu_24_04/libsemanage-common: 3.5-1build5 + ubuntu_24_04/libsemanage2: 3.5-1build5 + ubuntu_24_04/libsepol2: 3.5-2build1 + ubuntu_24_04/libsmartcols1: 2.39.3-9ubuntu6.1 + ubuntu_24_04/libss2: 1.47.0-2.4~exp1ubuntu4.1 + ubuntu_24_04/libssl3t64: 3.0.13-0ubuntu3.4 + ubuntu_24_04/libstdc++6: 14-20240412-0ubuntu1 + ubuntu_24_04/libsystemd0: 255.4-1ubuntu8.4 + ubuntu_24_04/libtasn1-6: 4.19.0-3build1 + ubuntu_24_04/libtinfo6: 6.4+20240113-1ubuntu2 + ubuntu_24_04/libudev1: 255.4-1ubuntu8.4 + ubuntu_24_04/libunistring5: 1.1-2build1 + ubuntu_24_04/libuuid1: 2.39.3-9ubuntu6.1 + ubuntu_24_04/libxxhash0: 0.8.2-2build1 + ubuntu_24_04/libzstd1: 1.5.5+dfsg2-2build1.1 + ubuntu_24_04/login: 1:4.13+dfsg1-4ubuntu3.2 + ubuntu_24_04/logsave: 1.47.0-2.4~exp1ubuntu4.1 + ubuntu_24_04/mawk: 1.3.4.20240123-1build1 + ubuntu_24_04/mount: 2.39.3-9ubuntu6.1 + ubuntu_24_04/ncurses-base: 6.4+20240113-1ubuntu2 + ubuntu_24_04/ncurses-bin: 6.4+20240113-1ubuntu2 + ubuntu_24_04/passwd: 1:4.13+dfsg1-4ubuntu3.2 + ubuntu_24_04/perl-base: 5.38.2-3.2build2 + ubuntu_24_04/procps: 2:4.0.4-4ubuntu3.2 + ubuntu_24_04/sed: 4.9-2build1 + ubuntu_24_04/sensible-utils: 0.0.22 + ubuntu_24_04/sysvinit-utils: 3.08-6ubuntu3 + ubuntu_24_04/tar: 1.35+dfsg-3build1 + ubuntu_24_04/ubuntu-keyring: 2023.11.28.1 + ubuntu_24_04/util-linux: 2.39.3-9ubuntu6.1 diff --git a/.github/publish.yaml b/.github/publish.yaml index af610f0..b239843 100644 --- a/.github/publish.yaml +++ b/.github/publish.yaml @@ -5,7 +5,15 @@ pypi: - version_tag - version_branch packages: - - path: . + - {} docker: + auto_login: true images: - name: camptocamp/tag-publish + repository: + github: + server: ghcr.io + versions: + - version_tag + - version_branch + - rebuild diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index e8492c3..dd39e08 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -11,6 +11,7 @@ on: permissions: packages: write + id-token: write env: HAS_SECRETS: ${{ secrets.HAS_SECRETS }} diff --git a/.github/workflows/repository-dispatch.yaml b/.github/workflows/repository-dispatch.yaml index 4faeec4..f6a0dc6 100644 --- a/.github/workflows/repository-dispatch.yaml +++ b/.github/workflows/repository-dispatch.yaml @@ -10,8 +10,8 @@ on: required: true name: description: The package name - path: - description: The package path + folder: + description: The package folder version: description: The package version tag: @@ -33,7 +33,7 @@ jobs: run: | echo "Event type: ${{ github.event.client_payload.type }}" echo "Package name: ${{ github.event.client_payload.name }}" - echo "Package path: ${{ github.event.client_payload.path }}" + echo "Package folder: ${{ github.event.client_payload.folder }}" echo "Package version: ${{ github.event.client_payload.version }}" echo "Package tag: ${{ github.event.client_payload.tag }}" echo "Repository: ${{ github.event.client_payload.repository }}" diff --git a/config.md b/config.md index 7826ef9..dccd6bb 100644 --- a/config.md +++ b/config.md @@ -30,6 +30,7 @@ _Tag Publish configuration file_ - **`server`** _(string)_: The server URL. - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag", "version_branch", "rebuild", "feature_branch"]`. - **Items** _(string)_ + - **`auto_login`** _(boolean)_: Auto login to the GitHub Docker registry. Default: `false`. - **`snyk`** _(object)_: Checks the published images with Snyk. - **`monitor_args`**: The arguments to pass to the Snyk container monitor command. Default: `["--app-vulns"]`. - **One of** @@ -45,19 +46,16 @@ _Tag Publish configuration file_ - **`packages`** _(array)_: The configuration of packages that will be published. - **Items** _(object)_: The configuration of package that will be published. - **`group`** _(string)_: The image is in the group, should be used with the --group option of tag-publish script. Default: `"default"`. - - **`path`** _(string)_: The path of the pypi package. Default: `"."`. + - **`folder`** _(string)_: The folder of the pypi package. Default: `"."`. - **`build_command`** _(array)_: The command used to do the build. - **Items** _(string)_ - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag"]`. - **Items** _(string)_ -- **`helm`**: Configuration to publish Helm charts on GitHub release. - - **One of** - - _object_: Configuration to publish on Helm charts on GitHub release. - - **`folders`** _(array)_: The folders that will be published. - - **Items** _(string)_ - - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag"]`. - - **Items** _(string)_ - - : Must be: `false`. +- **`helm`** _(object)_: Configuration to publish Helm charts on GitHub release. + - **`folders`** _(array)_: The folders that will be published. + - **Items** _(string)_ + - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag"]`. + - **Items** _(string)_ - **`version_transform`** _(array)_: A version transformer definition. - **Items** _(object)_ - **`from`** _(string)_: The from regular expression. diff --git a/tag_publish/__init__.py b/tag_publish/__init__.py index 631a86c..b087b57 100644 --- a/tag_publish/__init__.py +++ b/tag_publish/__init__.py @@ -8,6 +8,7 @@ from re import Match, Pattern from typing import Any, Optional, TypedDict, cast +import application_download.cli import github import requests import ruamel.yaml @@ -32,10 +33,25 @@ class GH: def __init__(self) -> None: """Initialize the GitHub helper class.""" - token = os.environ["GITHUB_TOKEN"] + token = ( + os.environ["GITHUB_TOKEN"] + if "GITHUB_TOKEN" in os.environ + else subprocess.run( + ["gh", "auth", "token"], check=True, stdout=subprocess.PIPE, encoding="utf-8" + ).stdout.strip() + ) self.auth = github.Auth.Token(token) self.github = github.Github(auth=self.auth) - self.repo = self.github.get_repo(os.environ["GITHUB_REPOSITORY"]) + self.repo = self.github.get_repo( + os.environ["GITHUB_REPOSITORY"] + if "GITHUB_REPOSITORY" in os.environ + else subprocess.run( + ["gh", "repo", "view", "--json", "name,owner", "--jq", '(.owner.login + "/" + .name)'], + check=True, + stdout=subprocess.PIPE, + encoding="utf-8", + ).stdout.strip() + ) self.default_branch = self.repo.default_branch @@ -77,8 +93,8 @@ def get_config(gh: GH) -> tag_publish.configuration.Configuration: Get the configuration, with project and auto detections. """ config: tag_publish.configuration.Configuration = {} - if os.path.exists("ci/config.yaml"): - with open("ci/config.yaml", encoding="utf-8") as open_file: + if os.path.exists(".github/publish.yaml"): + with open(".github/publish.yaml", encoding="utf-8") as open_file: yaml_ = ruamel.yaml.YAML() config = yaml_.load(open_file) @@ -224,6 +240,17 @@ def snyk_exec() -> tuple[str, dict[str, str]]: env = {**os.environ} env["FORCE_COLOR"] = "true" snyk_bin = os.path.expanduser(os.path.join("~", ".local", "bin", "snyk")) + + if not os.path.exists(snyk_bin): + folder = os.path.expanduser(os.path.join("~", ".config", "application_download")) + if not os.path.exists(folder): + os.makedirs(folder) + application_download.cli.download_application("snyk/cli") + + if "SNYK_TOKEN" not in env: + env["SNYK_TOKEN"] = subprocess.run( + ["gopass", "show", "gs/ci/snyk/token"], check=True, stdout=subprocess.PIPE, encoding="utf-8" + ).stdout.strip() if "SNYK_ORG" in env: subprocess.run([snyk_bin, "config", "set", f"org={env['SNYK_ORG']}"], check=True, env=env) @@ -237,7 +264,7 @@ class PublishedPayload(TypedDict, total=False): type: str name: str - path: str + folder: str version: str tag: str repository: str diff --git a/tag_publish/applications-versions.yaml b/tag_publish/applications-versions.yaml index 1ee744e..307a97f 100644 --- a/tag_publish/applications-versions.yaml +++ b/tag_publish/applications-versions.yaml @@ -1,2 +1,3 @@ # https://docs.renovatebot.com/modules/datasource/#github-releases-datasource helm/chart-releaser: v1.6.1 # github-releases +snyk/cli: v1.1293.1 # github-releases diff --git a/tag_publish/cli.py b/tag_publish/cli.py index bfde520..7fc8bf5 100644 --- a/tag_publish/cli.py +++ b/tag_publish/cli.py @@ -79,6 +79,8 @@ def main() -> None: parser.add_argument("--branch", help="The branch from which to compute the version") parser.add_argument("--tag", help="The tag from which to compute the version") parser.add_argument("--dry-run", action="store_true", help="Don't do the publish") + parser.add_argument("--dry-run-tag", help="Don't do the publish, on a tag") + parser.add_argument("--dry-run-branch", help="Don't do the publish, on a branch") parser.add_argument( "--type", help="The type of version, if no argument provided auto-determinate, can be: " @@ -87,6 +89,13 @@ def main() -> None: ) args = parser.parse_args() + if args.dry_run_tag is not None: + args.dry_run = True + os.environ["GITHUB_REF"] = f"refs/tags/{args.dry_run_tag}" + if args.dry_run_branch is not None: + args.dry_run = True + os.environ["GITHUB_REF"] = f"refs/heads/{args.dry_run_branch}" + github = tag_publish.GH() config = tag_publish.get_config(github) @@ -173,38 +182,90 @@ def main() -> None: success = True published_payload: list[tag_publish.PublishedPayload] = [] - pypi_config = cast( - tag_publish.configuration.Pypi, - config.get("pypi", {}) if config.get("pypi", False) else {}, + success &= _handle_pypi_publish( + args.group, args.dry_run, config, version, version_type, github, published_payload + ) + success &= _handle_docker_publish( + args.group, + args.dry_run, + args.docker_versions, + args.snyk_version, + config, + version, + version_type, + github, + published_payload, + local, ) + success &= _handle_helm_publish(args.dry_run, config, version, version_type, github, published_payload) + _trigger_dispatch_events(config, published_payload, github) + + if not success: + sys.exit(1) + + +def _handle_pypi_publish( + group: str, + dry_run: bool, + config: tag_publish.configuration.Configuration, + version: str, + version_type: str, + github: tag_publish.GH, + published_payload: list[tag_publish.PublishedPayload], +) -> bool: + success = True + pypi_config = config.get("pypi", {}) if pypi_config: - if pypi_config["packages"]: + if "packages" in pypi_config: tag_publish.lib.oidc.pypi_login() for package in pypi_config["packages"]: - if package.get("group", tag_publish.configuration.PIP_PACKAGE_GROUP_DEFAULT) == args.group: + if package.get("group", tag_publish.configuration.PIP_PACKAGE_GROUP_DEFAULT) == group: publish = version_type in pypi_config.get( "versions", tag_publish.configuration.PYPI_VERSIONS_DEFAULT ) - path = package.get("path", tag_publish.configuration.PYPI_PACKAGE_PATH_DEFAULT) - if args.dry_run: - print(f"{'Publishing' if publish else 'Checking'} '{path}' to pypi, skipping (dry run)") + folder = package.get("folder", tag_publish.configuration.PYPI_PACKAGE_FOLDER_DEFAULT) + if dry_run: + print(f"{'Publishing' if publish else 'Checking'} '{folder}' to pypi, skipping (dry run)") else: success &= tag_publish.publish.pip(package, version, version_type, publish, github) published_payload.append( { "type": "pypi", - "path": "path", + "folder": folder, "version": version, "version_type": version_type, } ) - - docker_config = cast( - tag_publish.configuration.Docker, - config.get("docker", {}) if config.get("docker", False) else {}, - ) + return success + + +def _handle_docker_publish( + group: str, + dry_run: bool, + docker_versions: str, + snyk_version: str, + config: tag_publish.configuration.Configuration, + version: str, + version_type: str, + github: tag_publish.GH, + published_payload: list[tag_publish.PublishedPayload], + local: bool, +) -> bool: + success = True + docker_config = config.get("docker", {}) if docker_config: + if docker_config.get("auto_login", tag_publish.configuration.DOCKER_AUTO_LOGIN_DEFAULT): + subprocess.run( + [ + "docker", + "login", + "ghcr.io", + "--username=github", + f"--password={os.environ['GITHUB_TOKEN']}", + ], + check=True, + ) security_text = "" if local: with open("SECURITY.md", encoding="utf-8") as security_file: @@ -232,7 +293,6 @@ def main() -> None: add_latest = True for data in security.data: row_tags = {t.strip() for t in data[alternate_tag_index].split(",") if t.strip()} - print(row_tags) if "latest" in row_tags: print("latest found in ", row_tags) add_latest = False @@ -243,23 +303,23 @@ def main() -> None: images_src: set[str] = set() images_full: list[str] = [] images_snyk: set[str] = set() - versions = args.docker_versions.split(",") if args.docker_versions else [version] + versions = docker_versions.split(",") if docker_versions else [version] for image_conf in docker_config.get("images", []): - if image_conf.get("group", tag_publish.configuration.DOCKER_IMAGE_GROUP_DEFAULT) == args.group: + if image_conf.get("group", tag_publish.configuration.DOCKER_IMAGE_GROUP_DEFAULT) == group: for tag_config in image_conf.get("tags", tag_publish.configuration.DOCKER_IMAGE_TAGS_DEFAULT): tag_src = tag_config.format(version="latest") image_source = f"{image_conf['name']}:{tag_src}" images_src.add(image_source) - tag_snyk = tag_config.format(version=args.snyk_version or version).lower() + tag_snyk = tag_config.format(version=snyk_version or version).lower() image_snyk = f"{image_conf['name']}:{tag_snyk}" # Workaround sine we have the business plan image_snyk = f"{image_conf['name']}_{tag_snyk}" - if not args.dry_run: + if not dry_run: subprocess.run(["docker", "tag", image_source, image_snyk], check=True) images_snyk.add(image_snyk) - if tag_snyk != tag_src and not args.dry_run: + if tag_snyk != tag_src and not dry_run: subprocess.run( [ "docker", @@ -270,13 +330,13 @@ def main() -> None: check=True, ) - for name, conf in { - **cast( + for name, conf in docker_config.get( + "repository", + cast( dict[str, tag_publish.configuration.DockerRepository], tag_publish.configuration.DOCKER_REPOSITORY_DEFAULT, ), - **docker_config.get("repository", {}), - }.items(): + ).items(): for docker_version in versions: if version_type in conf.get( "versions", @@ -287,7 +347,7 @@ def main() -> None: for alt_tag in [docker_version, *alt_tags] ] - if args.dry_run: + if dry_run: for tag in tags: print( f"Publishing {image_conf['name']}:{tag} to {name}, skipping " @@ -305,52 +365,54 @@ def main() -> None: published_payload, ) - if args.dry_run: + if dry_run: sys.exit(0) - snyk_exec, env = tag_publish.snyk_exec() - for image in images_snyk: - print(f"::group::Snyk check {image}") - sys.stdout.flush() - sys.stderr.flush() - try: - if version_type in ("version_branch", "version_tag"): - monitor_args = docker_config.get("snyk", {}).get( - "monitor_args", - tag_publish.configuration.DOCKER_SNYK_MONITOR_ARGS_DEFAULT, + has_gopass = subprocess.run(["gopass", "--version"]).returncode == 0 # nosec # pylint: disable=subprocess-run-check + if "SNYK_TOKEN" in os.environ or has_gopass: + snyk_exec, env = tag_publish.snyk_exec() + for image in images_snyk: + print(f"::group::Snyk check {image}") + sys.stdout.flush() + sys.stderr.flush() + try: + if version_type in ("version_branch", "version_tag"): + monitor_args = docker_config.get("snyk", {}).get( + "monitor_args", + tag_publish.configuration.DOCKER_SNYK_MONITOR_ARGS_DEFAULT, + ) + if monitor_args is not False: + subprocess.run( # pylint: disable=subprocess-run-check + [ + snyk_exec, + "container", + "monitor", + *monitor_args, + # Available only on the business plan + # f"--project-tags=tag={image.split(':')[-1]}", + image, + ], + env=env, + ) + test_args = docker_config.get("snyk", {}).get( + "test_args", tag_publish.configuration.DOCKER_SNYK_TEST_ARGS_DEFAULT ) - if monitor_args is not False: - subprocess.run( # pylint: disable=subprocess-run-check - [ - snyk_exec, - "container", - "monitor", - *monitor_args, - # Available only on the business plan - # f"--project-tags=tag={image.split(':')[-1]}", - image, - ], + snyk_error = False + if test_args is not False: + proc = subprocess.run( + [snyk_exec, "container", "test", *test_args, image], + check=False, env=env, ) - test_args = docker_config.get("snyk", {}).get( - "test_args", tag_publish.configuration.DOCKER_SNYK_TEST_ARGS_DEFAULT - ) - snyk_error = False - if test_args is not False: - proc = subprocess.run( - [snyk_exec, "container", "test", *test_args, image], - check=False, - env=env, - ) - if proc.returncode != 0: - snyk_error = True - print("::endgroup::") - if snyk_error: - print("::error::Critical vulnerability found by Snyk in the published image.") - except subprocess.CalledProcessError as exception: - print(f"Error: {exception}") - print("::endgroup::") - print("::error::With error") + if proc.returncode != 0: + snyk_error = True + print("::endgroup::") + if snyk_error: + print("::error::Critical vulnerability found by Snyk in the published image.") + except subprocess.CalledProcessError as exception: + print(f"Error: {exception}") + print("::endgroup::") + print("::error::With error") versions_config, dpkg_config_found = tag_publish.lib.docker.get_versions_config() dpkg_success = True @@ -360,7 +422,7 @@ def main() -> None: if not dpkg_success: current_versions_in_images: dict[str, dict[str, str]] = {} if dpkg_config_found: - with open("ci/dpkg-versions.yaml", encoding="utf-8") as dpkg_versions_file: + with open(".github/dpkg-versions.yaml", encoding="utf-8") as dpkg_versions_file: current_versions_in_images = yaml.load(dpkg_versions_file, Loader=yaml.SafeLoader) for image in images_src: _, versions_image = tag_publish.lib.docker.get_dpkg_packages_versions(image) @@ -378,7 +440,7 @@ def main() -> None: print("Current versions of the Debian packages in Docker images:") print(yaml.dump(current_versions_in_images, Dumper=yaml.SafeDumper, default_flow_style=False)) if dpkg_config_found: - with open("ci/dpkg-versions.yaml", "w", encoding="utf-8") as dpkg_versions_file: + with open(".github/dpkg-versions.yaml", "w", encoding="utf-8") as dpkg_versions_file: yaml.dump( current_versions_in_images, dpkg_versions_file, @@ -388,15 +450,21 @@ def main() -> None: if dpkg_config_found: success = False + return success - helm_config = cast( - tag_publish.configuration.HelmConfig, - config.get("helm", {}) if config.get("helm", False) else {}, - ) - if ( - helm_config - and helm_config["folders"] - and version_type in helm_config.get("versions", tag_publish.configuration.HELM_VERSIONS_DEFAULT) + +def _handle_helm_publish( + dry_run: bool, + config: tag_publish.configuration.Configuration, + version: str, + version_type: str, + github: tag_publish.GH, + published_payload: list[tag_publish.PublishedPayload], +) -> bool: + success = True + helm_config = config.get("helm", {}) + if helm_config.get("folders") and version_type in helm_config.get( + "versions", tag_publish.configuration.HELM_VERSIONS_DEFAULT ): application_download.cli.download_application("helm/chart-releaser") @@ -432,19 +500,27 @@ def main() -> None: version = ".".join(versions) for folder in helm_config["folders"]: - token = os.environ["GITHUB_TOKEN"] - success &= tag_publish.publish.helm(folder, version, owner, repo, commit_sha, token) - published_payload.append( - { - "type": "helm", - "path": folder, - "version": version, - "version_type": version_type, - } - ) + if dry_run: + print(f"Publishing '{folder}' to helm, skipping (dry run)") + else: + token = os.environ["GITHUB_TOKEN"] + success &= tag_publish.publish.helm(folder, version, owner, repo, commit_sha, token) + published_payload.append( + { + "type": "helm", + "folder": folder, + "version": version, + "version_type": version_type, + } + ) + return success - config = tag_publish.get_config(tag_publish.GH()) +def _trigger_dispatch_events( + config: tag_publish.configuration.Configuration, + published_payload: list[tag_publish.PublishedPayload], + github: tag_publish.GH, +) -> None: for published in published_payload: for dispatch_config in config.get("dispatch", []): repository = dispatch_config.get("repository") @@ -463,9 +539,6 @@ def main() -> None: github_repo = github.repo github_repo.create_repository_dispatch(event_type, published) # type: ignore[arg-type] - if not success: - sys.exit(1) - if __name__ == "__main__": main() diff --git a/tag_publish/configuration.py b/tag_publish/configuration.py index 899b75f..0891cc7 100644 --- a/tag_publish/configuration.py +++ b/tag_publish/configuration.py @@ -38,9 +38,6 @@ class Configuration(TypedDict, total=False): helm. Configuration to publish Helm charts on GitHub release - - Aggregation type: oneOf - Subtype: "HelmConfig" """ dispatch: List["DispatchConfig"] @@ -68,6 +65,10 @@ class Configuration(TypedDict, total=False): """ Default value of the field path 'dispatch config repository' """ +DOCKER_AUTO_LOGIN_DEFAULT = False +""" Default value of the field path 'Docker auto_login' """ + + DOCKER_IMAGE_GROUP_DEFAULT = "default" """ Default value of the field path 'Docker image group' """ @@ -160,6 +161,15 @@ class Docker(TypedDict, total=False): - rebuild """ + auto_login: bool + """ + Docker auto login. + + Auto login to the GitHub Docker registry + + default: False + """ + snyk: "_DockerSnyk" """ Checks the published images with Snyk """ @@ -211,25 +221,14 @@ class DockerRepository(TypedDict, total=False): HELM_VERSIONS_DEFAULT = ["version_tag"] -""" Default value of the field path 'helm config versions' """ +""" Default value of the field path 'helm versions' """ -Helm = Union["HelmConfig", Literal[False]] -""" -helm. - -Configuration to publish Helm charts on GitHub release - -Aggregation type: oneOf -Subtype: "HelmConfig" -""" - - -class HelmConfig(TypedDict, total=False): +class Helm(TypedDict, total=False): """ - helm config. + helm. - Configuration to publish on Helm charts on GitHub release + Configuration to publish Helm charts on GitHub release """ folders: List[str] @@ -250,8 +249,8 @@ class HelmConfig(TypedDict, total=False): """ Default value of the field path 'pypi package group' """ -PYPI_PACKAGE_PATH_DEFAULT = "." -""" Default value of the field path 'pypi package path' """ +PYPI_PACKAGE_FOLDER_DEFAULT = "." +""" Default value of the field path 'pypi package folder' """ PYPI_VERSIONS_DEFAULT = ["version_tag"] @@ -295,11 +294,11 @@ class PypiPackage(TypedDict, total=False): default: default """ - path: str + folder: str """ - pypi package path. + pypi package folder. - The path of the pypi package + The folder of the pypi package default: . """ diff --git a/tag_publish/lib/docker.py b/tag_publish/lib/docker.py index 51255b6..a576113 100644 --- a/tag_publish/lib/docker.py +++ b/tag_publish/lib/docker.py @@ -100,8 +100,8 @@ def get_versions_config() -> tuple[dict[str, dict[str, str]], bool]: """ Get the versions from the config file. """ - if os.path.exists("ci/dpkg-versions.yaml"): - with open("ci/dpkg-versions.yaml", encoding="utf-8") as versions_file: + if os.path.exists(".github/dpkg-versions.yaml"): + with open(".github/dpkg-versions.yaml", encoding="utf-8") as versions_file: return ( cast(dict[str, dict[str, str]], yaml.load(versions_file.read(), Loader=yaml.SafeLoader)), True, diff --git a/tag_publish/publish.py b/tag_publish/publish.py index 9a9aa1d..c5e434f 100644 --- a/tag_publish/publish.py +++ b/tag_publish/publish.py @@ -35,7 +35,8 @@ def pip( github: The GitHub helper """ - print(f"::group::{'Publishing' if publish else 'Checking'} '{package.get('path')}' to pypi") + folder = package.get("folder", tag_publish.configuration.PYPI_PACKAGE_FOLDER_DEFAULT) + print(f"::group::{'Publishing' if publish else 'Checking'} '{folder}' to pypi") sys.stdout.flush() sys.stderr.flush() @@ -47,7 +48,7 @@ def pip( is_master = default_branch == version env["IS_MASTER"] = "TRUE" if is_master else "FALSE" - cwd = os.path.abspath(package.get("path", ".")) + cwd = os.path.abspath(folder) dist = os.path.join(cwd, "dist") if not os.path.exists(dist): @@ -79,10 +80,6 @@ def pip( ["pip", "install", *pyproject.get("build-system", {}).get("requires", [])], check=True ) if use_poetry: - freeze = subprocess.run(["pip", "freeze"], check=True, stdout=subprocess.PIPE) - for freeze_line in freeze.stdout.decode("utf-8").split("\n"): - if freeze_line.startswith("poetry-") or freeze_line.startswith("poetry="): - print(freeze_line) env_bash = " ".join([f"{key}={value}" for key, value in env.items()]) print(f"Run in {cwd}: {env_bash} poetry build") sys.stdout.flush() diff --git a/tag_publish/schema.json b/tag_publish/schema.json index 1cf3309..52cbad7 100644 --- a/tag_publish/schema.json +++ b/tag_publish/schema.json @@ -77,6 +77,12 @@ } } }, + "auto_login": { + "title": "Docker auto login", + "description": "Auto login to the GitHub Docker registry", + "type": "boolean", + "default": false + }, "snyk": { "description": "Checks the published images with Snyk", "type": "object", @@ -132,9 +138,9 @@ "default": "default", "type": "string" }, - "path": { - "title": "pypi package path", - "description": "The path of the pypi package", + "folder": { + "title": "pypi package folder", + "description": "The folder of the pypi package", "type": "string", "default": "." }, @@ -162,34 +168,25 @@ "helm": { "title": "helm", "description": "Configuration to publish Helm charts on GitHub release", - "oneOf": [ - { - "title": "helm config", - "description": "Configuration to publish on Helm charts on GitHub release", - "type": "object", - "properties": { - "folders": { - "description": "The folders that will be published", - "type": "array", - "items": { - "type": "string" - } - }, - "versions": { - "title": "helm versions", - "description": "The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script", - "type": "array", - "default": ["version_tag"], - "items": { - "type": "string" - } - } + "type": "object", + "properties": { + "folders": { + "description": "The folders that will be published", + "type": "array", + "items": { + "type": "string" } }, - { - "const": false + "versions": { + "title": "helm versions", + "description": "The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script", + "type": "array", + "default": ["version_tag"], + "items": { + "type": "string" + } } - ] + } }, "version_transform": { "title": "Version transform",