From 25d67dc29880c27f76b67eda7296231916ae4eaf Mon Sep 17 00:00:00 2001 From: Mathias Fussenegger Date: Tue, 20 Aug 2019 22:48:52 +0200 Subject: [PATCH 1/9] Adapt to new yml based github actions Co-Authored-By: Sviatoslav Sydorenko Co-Authored-By: Pradyun Gedam --- Dockerfile | 15 ++++++------- README.md | 57 ++++++++++++++++++++++++++++++++----------------- action.yml | 24 +++++++++++++++++++++ twine-upload.sh | 7 ++++++ 4 files changed, 74 insertions(+), 29 deletions(-) create mode 100644 action.yml create mode 100755 twine-upload.sh diff --git a/Dockerfile b/Dockerfile index 1683b39..cf4140d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,17 +4,14 @@ LABEL "maintainer"="Sviatoslav Sydorenko " LABEL "repository"="https://github.com/re-actors/gh-action-pypi-publish" LABEL "homepage"="https://github.com/re-actors/gh-action-pypi-publish" -LABEL "com.github.actions.name"="pypi-publish" -LABEL "com.github.actions.description"="Upload Python distribution packages to PyPI" -LABEL "com.github.actions.icon"="upload-cloud" -LABEL "com.github.actions.color"="yellow" - ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 -ADD LICENSE.md /LICENSE.md - RUN pip install --upgrade --no-cache-dir twine -ENTRYPOINT ["twine"] -CMD ["upload", "dist/*"] +WORKDIR /app +COPY ./LICENSE.md /app/ +COPY ./twine-upload.sh /app/ + +RUN chmod +x /app/twine-upload.sh +ENTRYPOINT ["/app/twine-upload.sh"] diff --git a/README.md b/README.md index dce5e86..9d16240 100644 --- a/README.md +++ b/README.md @@ -5,33 +5,50 @@ PyPI. ## Usage -To use the action simply add the following lines in the end of your -`.github/main.workflow`. -```hcl -action "Upload Python dist to PyPI" { - uses = "re-actors/pypi-action@master" - env = { - TWINE_USERNAME = "f'{your_project}-bot'" - } - secrets = ["TWINE_PASSWORD"] -} +To use the action add the following step to your workflow file (e.g.: +`.github/workflows/main.yml`) + + +```yml +- name: Publish a Python distribution to PyPI + uses: pypi/gh-action-pypi-publish@master + with: + user: __token__ + password: ${{ secrets.pypi_password }} ``` -N.B. Use a valid tag, or branch, or commit SHA instead -of `master` to pin the action to use a specific version of it. +A common use case is to upload packages only on a tagged commit, to do so add a +filter to the step: -### Environment Variables and Secrets -- **`TWINE_USERNAME`**: set this one to the username used to authenticate -against PyPI. _It is recommended to have a separate user account like -`f'{your_project}-bot'` having the lowest privileges possible on your -target dist page._ -- **`TWINE_PASSWORD`**: it's a password for the account used in -`TWINE_USERNAME` env var. **ATTENTION! WARNING! When adding this value -to the Action node in your workflow, use SECRETS, not normal env vars.** +```yml + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') +``` + +So the full step would look like: + + +```yml +- name: Publish package + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') + uses: pypi/gh-action-pypi-publish@master + with: + user: __token__ + password: ${{ secrets.pypi }} +``` + +The example above uses the new [API token](https://pypi.org/help/#apitoken) +feature of PyPI, which is recommended to restrict the access the action has. + +The secret used in `${{ secrets.pypi_password }}` needs to be created on the settings +page of your project on GitHub. See [Creating & using secrets]. ## License + The Dockerfile and associated scripts and documentation in this project are released under the [BSD 3-clause license](LICENSE.md). + + +[Creating & using secrets]: https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..c1406ab --- /dev/null +++ b/action.yml @@ -0,0 +1,24 @@ +--- +name: pypi-publish +description: Upload Python distribution packages to PyPI +inputs: + user: + description: PyPI user + required: false + default: __token__ + password: + description: Password for your PyPI user or an access token + required: true + repository_url: + description: The repository URL to use + required: false +branding: + color: yellow + icon: upload-cloud +runs: + using: docker + image: Dockerfile + args: + - ${{ inputs.user }} + - ${{ inputs.password }} + - ${{ inputs.repository_url }} diff --git a/twine-upload.sh b/twine-upload.sh new file mode 100755 index 0000000..9b5dd53 --- /dev/null +++ b/twine-upload.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +TWINE_USERNAME=$INPUT_USER \ + TWINE_PASSWORD=$INPUT_PASSWORD \ + TWINE_REPOSITORY_URL=$INPUT_REPOSITORY_URL \ + exec twine upload dist/* From f36788ee4417c88c83d817be632da5b18e6860c0 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:10:51 +0200 Subject: [PATCH 2/9] Add a YAMLlint config --- .yamllint | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .yamllint diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..97c08cf --- /dev/null +++ b/.yamllint @@ -0,0 +1,2 @@ +indentation: + indent-sequences: false From 2e00539ed7b5896d0df0aef3cf6c0fb806b1e70f Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:11:24 +0200 Subject: [PATCH 3/9] Dedent sequence items in YAML --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index c1406ab..e4f2802 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,6 @@ runs: using: docker image: Dockerfile args: - - ${{ inputs.user }} - - ${{ inputs.password }} - - ${{ inputs.repository_url }} + - ${{ inputs.user }} + - ${{ inputs.password }} + - ${{ inputs.repository_url }} From 2c1fc8ad24349ff640f345094a3cc55c00c8dfb0 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:12:47 +0200 Subject: [PATCH 4/9] Add a space after shebang marker --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 9b5dd53..3b242a8 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +# !/usr/bin/env bash set -Eeuo pipefail TWINE_USERNAME=$INPUT_USER \ From 4820c8c9b02a227ba082b613dd1badc4b5f043e7 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:13:19 +0200 Subject: [PATCH 5/9] Fix a space position in shabang --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 3b242a8..8cd15c0 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -1,4 +1,4 @@ -# !/usr/bin/env bash +#! /usr/bin/env bash set -Eeuo pipefail TWINE_USERNAME=$INPUT_USER \ From 8e9ff975ca7b73effd53a086da71c8c638d0e1e5 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:17:10 +0200 Subject: [PATCH 6/9] Protect env vars in Twine invocation --- twine-upload.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index 8cd15c0..e34928e 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -1,7 +1,7 @@ #! /usr/bin/env bash set -Eeuo pipefail -TWINE_USERNAME=$INPUT_USER \ - TWINE_PASSWORD=$INPUT_PASSWORD \ - TWINE_REPOSITORY_URL=$INPUT_REPOSITORY_URL \ +TWINE_USERNAME="$INPUT_USER" \ +TWINE_PASSWORD="$INPUT_PASSWORD" \ +TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \ exec twine upload dist/* From f9c30e0c30a7fb546ef5e92a50b038f7c2eca302 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:19:24 +0200 Subject: [PATCH 7/9] Fix PyPI pwd secret ref inconsistency in REDAME --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d16240..babea15 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ So the full step would look like: uses: pypi/gh-action-pypi-publish@master with: user: __token__ - password: ${{ secrets.pypi }} + password: ${{ secrets.pypi_password }} ``` The example above uses the new [API token](https://pypi.org/help/#apitoken) From bfe363c91d1e53f3d5d351b22b2bce0f7e5b666b Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:20:45 +0200 Subject: [PATCH 8/9] Fix pypa org refs in README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index babea15..05c81cd 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ To use the action add the following step to your workflow file (e.g.: ```yml - name: Publish a Python distribution to PyPI - uses: pypi/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@master with: user: __token__ password: ${{ secrets.pypi_password }} @@ -32,7 +32,7 @@ So the full step would look like: ```yml - name: Publish package if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') - uses: pypi/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@master with: user: __token__ password: ${{ secrets.pypi_password }} From 8225ac386cea417a606013615c10e1c006075698 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Fri, 23 Aug 2019 13:30:16 +0200 Subject: [PATCH 9/9] Use relative paths in Dockerfile --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index cf4140d..88c9e13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,8 +10,8 @@ ENV PYTHONUNBUFFERED 1 RUN pip install --upgrade --no-cache-dir twine WORKDIR /app -COPY ./LICENSE.md /app/ -COPY ./twine-upload.sh /app/ +COPY LICENSE.md . +COPY twine-upload.sh . -RUN chmod +x /app/twine-upload.sh +RUN chmod +x twine-upload.sh ENTRYPOINT ["/app/twine-upload.sh"]