From 55b7683ee97d968402c3767b546d38bd8de914d3 Mon Sep 17 00:00:00 2001 From: jpl-jengelke Date: Thu, 17 Oct 2024 11:30:44 -0700 Subject: [PATCH 1/3] NASA-AMMOS/slim#167: Implement trusted publishing. ... --- .github/workflows/python-publish.yml | 62 +++++++++++++++++----------- 1 file changed, 37 insertions(+), 25 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index be37d8e..abce443 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -1,30 +1,19 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# For more information see: -# https://nasa-ammos.github.io/slim/docs/guides/software-lifecycle/application-starter-kits/python-starter-kit/ -# -# ******** NOTE ******** -# This file publishes to TestPyPi. To enable public PyPi the repository flag -# must be removed from the Twine upload call in the "Publish package" block. -# -name: "Upload Python Package" +# This workflows will upload a Python Package when a release is created +# For more information see: +# https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries + +name: Upload Python Package on: release: - branches: [main] - types: [published] + types: [ published ] jobs: - deploy: - name: Deploy + + build: runs-on: ubuntu-latest - permissions: - actions: write - contents: read - security-events: write steps: - - name: Checkout repository + - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 @@ -40,10 +29,33 @@ jobs: run: | python3 -m build --wheel python3 setup.py sdist --format=zip - - name: Publish package - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + - name: Verify package run: | twine check dist/* - twine upload --repository testpypi --verbose dist/*.whl dist/*.zip + - name: Store package + uses: actions/upload-artifact@v4 + with: + name: python-package-distribution + path: | + dist/*.whl + dist/*.zip + if-no-files-found: error + + release: + runs-on: ubuntu-latest + needs: build + environment: + name: release + permissions: + id-token: write # mandatory for trusted publishing + steps: + - name: Retrieve package + uses: actions/download-artifact@v4 + with: + name: python-package-distribution + path: dist/ + - name: Publish package (PyPi) + uses: pypa/gh-action-pypi-publish@release/v1 + with: + print-hash: true + repository-url: https://upload.pypi.org/legacy/ # for testing sub https://test.pypi.org/legacy/ From 60ed3373498b55bd614f3de404ae36bd912a3ce1 Mon Sep 17 00:00:00 2001 From: jpl-jengelke Date: Thu, 17 Oct 2024 11:49:14 -0700 Subject: [PATCH 2/3] NASA-AMMOS/slim#167: Rev version for latest release. ... --- slim_sample_project/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slim_sample_project/version.py b/slim_sample_project/version.py index cd7ca49..1a72d32 100644 --- a/slim_sample_project/version.py +++ b/slim_sample_project/version.py @@ -1 +1 @@ -__version__ = '1.0.1' +__version__ = '1.1.0' From 69fa7972c2574ae4f4b98bba44bd4a231be9b89c Mon Sep 17 00:00:00 2001 From: jpl-jengelke Date: Thu, 31 Oct 2024 10:30:42 -0700 Subject: [PATCH 3/3] NASA-AMMOS/slim#167: Update documentation links in comments, CHANGELOG and version for release. ... --- .github/workflows/python-publish.yml | 5 +++-- CHANGELOG.md | 20 ++++++++++++++++---- slim_sample_project/version.py | 2 +- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index abce443..929160b 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -1,6 +1,7 @@ -# This workflows will upload a Python Package when a release is created +# This workflows will upload a package when a release is created # For more information see: -# https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries +# https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/about-packaging-with-github-actions +# https://docs.pypi.org/trusted-publishers/ name: Upload Python Package diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b4dc1b..f660017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,10 +5,22 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.0] - 2023-01-31 +### Templatized Python Starter Kit +- Support of [SLIM project](https://nasa-ammos.github.io/slim/) instructional writeups +- Templatized implementation of best practice documentation +- Automatic publishing to the [PyPi Python Package Index](https://pypi.org/) + ## [1.0.1] - 2024-03-15 +### Scanning operations +- GitHub Actions-based secrets detection +- GitHub Actions-based SCRUB (CodeQL) analysis +- GitHub Actions-based Pylint static code analysis +- Add updated SLIM Governance documentation -### Added +## [1.0.2] - 2024-10-31 +### Trusted Publishing +- Updates to GitHub Actions Workflow file to support Trusted Publishing for PyPi as an OpenID Connect trusted identity provider + - Separate Build and Release into separate segments to support independent management of publishing permissions and allow multiple publishing endpoints + - Utilize `upload-artifact` action to store and retrieve packaged builds during the workflow process -- -- -- diff --git a/slim_sample_project/version.py b/slim_sample_project/version.py index 1a72d32..a6221b3 100644 --- a/slim_sample_project/version.py +++ b/slim_sample_project/version.py @@ -1 +1 @@ -__version__ = '1.1.0' +__version__ = '1.0.2'