Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: automate release #683

Merged
merged 3 commits into from
Nov 30, 2023
Merged

build: automate release #683

merged 3 commits into from
Nov 30, 2023

Conversation

lukpueh
Copy link
Member

@lukpueh lukpueh commented Nov 30, 2023
edited
Loading

Adopt python-tuf's CI/CD GHA workflow to automatically release on GitHub and PyPI.

Along with this PR, I configured:

  • a GitHub "release" environment for this repo with protection rule (required review by 1 of: @jku, @adityasaky, @lukpueh)
  • a PyPI publisher trusted to release from cd.yml in this repo
  • GitHub branch protection rules, to use the new job names for "required checks"

@lukpueh
build: move ci tests to reusable partial
91a1141 
Moves all jobs from ci.yml to _test.yml and from where they are included
in ci.yml via the `uses` directive.

You can check that the jobs itself did not change by diffing the old
ci.yml with the new _test.yml:

```
diff \
 <(curl -s https://raw.githubusercontent.com/secure-systems-lab/securesystemslib/a3651a1b321b8ad05ddb6e85aaceb402acec9671/.github/workflows/ci.yml) \
 .github/workflows/_test.yml
```

Move jobs from ci.yml to _test.yml, so we can reuse them in different
workflows.

Signed-off-by: Lukas Puehringer <[email protected]>
@lukpueh
build: pin build dependencies
3e9de2f 
- add build requirements file with pinned build dependency
- pin build backend in pyproject.yml (needs manual updating)

Signed-off-by: Lukas Puehringer <[email protected]>
@lukpueh
build: add cd GitHub workflow
2c5a170 
Add GitHub workflow to build securesystemslib and release on GitHub and
PyPI. The workflow is copied from python-tuf with minimal changes, see:

```
diff \
  <(curl -s https://raw.githubusercontent.com/theupdateframework/python-tuf/c92cd28b38d3af5ee24411a3c2082fc2d6c37f4b/.github/workflows/cd.yml) \
  .github/workflows/cd.yml
```

Prerequisites and usage details are described at
https://github.com/theupdateframework/python-tuf/blob/v3.1.0/docs/RELEASE.md.
(a verify_release script does not exist for securesystemslib)

Signed-off-by: Lukas Puehringer <[email protected]>
@lukpueh lukpueh requested review from adityasaky and jku November 30, 2023 11:41
adityasaky
adityasaky approved these changes Nov 30, 2023
View reviewed changes
Copy link
Member

@adityasaky adityasaky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@lukpueh lukpueh merged commit f62f588 into secure-systems-lab:main Nov 30, 2023
16 checks passed
@lukpueh
Copy link
Member Author

lukpueh commented Nov 30, 2023

Cheers! Let's try this out. 🚀

@lukpueh lukpueh mentioned this pull request Nov 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adityasaky adityasaky adityasaky approved these changes

@jku jku Awaiting requested review from jku

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lukpueh @adityasaky