build-and-inspect-python-package icon indicating copy to clipboard operation
build-and-inspect-python-package copied to clipboard
verified publisher icon hynek

add a resuable workflow that caches/builds + another one that downloads artifacts + does pypi uploads

Open RonnyPfannschmidt opened this issue 3 years ago • 4 comments

with https://docs.github.com/en/actions/using-workflows/reusing-workflows the action can be argument to enable just listing it with a basic setup

aka instead of copy&pasting

jobs:
  check-package:
    name: Build & inspect our package.
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: hynek/build-and-inspect-python-package@v1

and then adding loads of extra stuff,

one would have

jobs:
  check-package:
    uses: hynek/build-and-inspect-python-package/.github/workflow/build-and-inspectyamö
    with:
       fetch-depth: 0
       hide-local-version: true
  test:
      strategy:
        matrix:
           $python-version/runs-on-from-inspection # needs investigation
      needs:  check-package
      steps: ...
      
      
pypi-uploads:
   uses:  hynek/build-and-inspect-python-package/.github/workflow/upload-pypi-or-testpypi.yaml

RonnyPfannschmidt avatar Feb 13 '23 09:02 RonnyPfannschmidt

Just talked to William who's doing the OIDC stuff for PyPI and currently re-usable workflows aren't supported so this has to wait until then.

hynek avatar Apr 26 '23 18:04 hynek

given the security concepts i suppose its fair to say/decide that the upload part wont happen

however all the other prepwork can

RonnyPfannschmidt avatar Apr 26 '23 18:04 RonnyPfannschmidt

given the security concepts i suppose its fair to say/decide that the upload part wont happen

It's actually on the list. Just needs someone to work on it on the Warehouse side. William was going to get to it at some point in the future.

@RonnyPfannschmidt in general, what you're asking is something I've been exploring years ago but never got to completing to an advertisable state: https://github.com/webknjaz/tox-gha-test/actions/runs/3611555729 / https://github.com/tox-dev/workflow / https://github.com/tox-dev/gh-action-tox/tree/experiments/composite-action. I still want to finish that effort, though. One of the actions components that grew out of that effort that I actually ended up tagging with a stable version is https://github.com/re-actors/checkout-python-sdist.

webknjaz avatar Dec 21 '23 15:12 webknjaz

I got a collection of reuseable workflows that does just that: https://github.com/kdeldycke/workflows

Also takes care of bumping version, autofix formatting, linting, Sphinx doc building, .mailmap cleaning, .gitignore sync, label management, Markdown fixing, binary compilation for Linux/Windows/macOS, changelog updates, version increments, typo fixing, image optimization, etc.

Thanks to that I can release multiple Python packages everyday with only 2 clicks. These reuseable workflows always keep an open PR that triggers the release and upload to PyPi: https://github.com/kdeldycke/click-extra/pull/975

kdeldycke avatar Jul 25 '24 09:07 kdeldycke