FileAutomation/.github/workflows/ci-stable.yml at d49d18a93cef8aec133fbfadb4130d53c29d2c88 · Integration-Automation/FileAutomation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
name: CI (stable)

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
    - cron: "0 3 * * *"

permissions:
  contents: read

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip
      - name: Install tooling
        run: |
          python -m pip install --upgrade pip
          pip install ruff mypy
      - name: Ruff check
        run: ruff check automation_file tests
      - name: Ruff format check
        run: ruff format --check automation_file tests
      - name: Mypy
        run: mypy automation_file

  pytest:
    needs: lint
    runs-on: windows-latest
    strategy:
      fail-fast: false
      matrix:
        python-version: [ "3.10", "3.11", "3.12" ]
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: pip
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip wheel
          pip install -r requirements.txt
          pip install pytest pytest-cov
      - name: Run pytest with coverage
        run: python -m pytest tests/ -v --tb=short --cov=automation_file --cov-report=term-missing --cov-report=xml
      - name: Upload coverage artifact
        if: matrix.python-version == '3.12'
        uses: actions/upload-artifact@v4
        with:
          name: coverage-xml
          path: coverage.xml

  publish:
    needs: pytest
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip
      - name: Install build tools
        run: |
          python -m pip install --upgrade pip
          pip install build twine
      - name: Bump patch version in stable.toml and dev.toml
        id: version
        run: |
          python - <<'PY'
          import os
          import pathlib
          import re

          def bump(path: pathlib.Path) -> str:
              text = path.read_text(encoding="utf-8")
              match = re.search(r'^version = "(\d+)\.(\d+)\.(\d+)"', text, re.MULTILINE)
              if match is None:
                  raise SystemExit(f"no version line found in {path}")
              major, minor, patch = (int(g) for g in match.groups())
              new = f"{major}.{minor}.{patch + 1}"
              path.write_text(text.replace(match.group(0), f'version = "{new}"', 1), encoding="utf-8")
              return new

          stable_version = bump(pathlib.Path("stable.toml"))
          dev_version = bump(pathlib.Path("dev.toml"))
          with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as fp:
              fp.write(f"version={stable_version}\n")
              fp.write(f"dev_version={dev_version}\n")
          print(f"stable.toml -> {stable_version}")
          print(f"dev.toml    -> {dev_version}")
          PY
      - name: Push signed bump commit to a release branch
        id: bump_commit
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          python - <<'PY'
          import base64
          import json
          import os
          import subprocess
          import urllib.error
          import urllib.request

          head_oid = subprocess.check_output(["git", "rev-parse", "HEAD"], text=True).strip()
          repo = os.environ["GITHUB_REPOSITORY"]
          token = os.environ["GH_TOKEN"]
          version = os.environ["VERSION"]
          branch = f"release/bump-v{version}"

          def api(path, method="GET", body=None):
              req = urllib.request.Request(
                  f"https://api.github.com/{path}",
                  data=(json.dumps(body).encode("utf-8") if body is not None else None),
                  headers={
                      "Authorization": f"Bearer {token}",
                      "Accept": "application/vnd.github+json",
                      "Content-Type": "application/json",
                  },
                  method=method,
              )
              with urllib.request.urlopen(req) as resp:
                  raw = resp.read()
                  return json.loads(raw) if raw else None

          try:
              api(
                  f"repos/{repo}/git/refs",
                  method="POST",
                  body={"ref": f"refs/heads/{branch}", "sha": head_oid},
              )
          except urllib.error.HTTPError as error:
              if error.code != 422:  # 422 = ref already exists; OK to reuse
                  raise

          def b64(path: str) -> str:
              with open(path, "rb") as fp:
                  return base64.b64encode(fp.read()).decode("ascii")

          mutation = """
          mutation($input: CreateCommitOnBranchInput!) {
            createCommitOnBranch(input: $input) {
              commit { oid url }
            }
          }
          """

          payload = {
              "query": mutation,
              "variables": {
                  "input": {
                      "branch": {
                          "repositoryNameWithOwner": repo,
                          "branchName": branch,
                      },
                      "message": {
                          "headline": f"Bump version to v{version} [skip ci]",
                      },
                      "expectedHeadOid": head_oid,
                      "fileChanges": {
                          "additions": [
                              {"path": "stable.toml", "contents": b64("stable.toml")},
                              {"path": "dev.toml", "contents": b64("dev.toml")},
                          ]
                      },
                  }
              },
          }

          request = urllib.request.Request(
              "https://api.github.com/graphql",
              data=json.dumps(payload).encode("utf-8"),
              headers={
                  "Authorization": f"Bearer {token}",
                  "Accept": "application/vnd.github+json",
                  "Content-Type": "application/json",
              },
              method="POST",
          )
          with urllib.request.urlopen(request) as resp:
              body = json.loads(resp.read())
          if body.get("errors"):
              raise SystemExit(f"GraphQL error: {body['errors']}")
          commit = body["data"]["createCommitOnBranch"]["commit"]
          print(f"bump commit: {commit['oid']} -> {commit['url']}")

          with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as fp:
              fp.write(f"branch={branch}\n")
              fp.write(f"oid={commit['oid']}\n")
          PY
      - name: Open PR for the version bump
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          VERSION: ${{ steps.version.outputs.version }}
          BRANCH: ${{ steps.bump_commit.outputs.branch }}
        run: |
          gh pr create \
            --base main \
            --head "$BRANCH" \
            --title "Bump version to v${VERSION} [skip ci]" \
            --body "Automated patch bump emitted by the stable publish workflow. [skip ci]"
      - name: Try to auto-merge the bump PR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          BRANCH: ${{ steps.bump_commit.outputs.branch }}
        run: |
          gh pr merge "$BRANCH" --squash --auto --delete-branch \
            || echo "auto-merge unavailable; PR left open for manual merge"
      - name: Use stable.toml as pyproject.toml
        run: cp stable.toml pyproject.toml
      - name: Build sdist and wheel
        run: python -m build
      - name: Twine check
        run: twine check dist/*
      - name: Twine upload to PyPI
        env:
          TWINE_USERNAME: __token__
          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
        run: twine upload --non-interactive dist/*
      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          BUMP_OID: ${{ steps.bump_commit.outputs.oid }}
        run: |
          gh release create "v${{ steps.version.outputs.version }}" dist/* \
            --title "v${{ steps.version.outputs.version }}" \
            --generate-notes \
            --target "$BUMP_OID"