-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathreusable-check-python-package-versions.yaml
More file actions
153 lines (136 loc) · 5.93 KB
/
reusable-check-python-package-versions.yaml
File metadata and controls
153 lines (136 loc) · 5.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: "[REUSABLE] Check Python package versions"
on:
workflow_call:
inputs:
before_commit:
description: >-
The base Git commit to compare against, i.e., the base of the PR or the previous commit
in a push.
type: string
required: true
after_commit:
description: >-
The Git commit representing the head of the change to be checked, i.e. the head of the
PR or the latest commit in a push.
type: string
required: true
aws_account_id:
description: The AWS account ID that owns the CodeArtifact domain
type: string
required: false
default: 505071440022
aws_region:
description: The AWS region where the CodeArtifact repository is hosted
type: string
required: false
default: us-west-2
aws_iam_role_name:
description: The name of the IAM role to assume for accessing CodeArtifact
type: string
required: false
default: GithubActions_Schema_CodeArtifact_ReadOnly
domain:
description: The CodeArtifact domain name
type: string
required: false
default: overture-pypi
repository:
description: The CodeArtifact repository name
type: string
required: false
default: overture
outputs:
changed_packages:
description: >-
A JSON array of packages with changed versions, including package name, old version, and
new version, in the format: `[ {"package": "p1", "before": "v1", "after": "v2"}, ... ]`
value: ${{ jobs.check-python-package-versions.outputs.changed_packages }}
num_changed_packages:
description: The number of packages with changed versions
value: ${{ jobs.check-python-package-versions.outputs.num_changed_packages }}
jobs:
check-python-package-versions:
runs-on: ubuntu-latest
outputs:
changed_packages: ${{ steps.save-changes.outputs.changed_packages }}
num_changed_packages: ${{ steps.save-changes.outputs.num_changed_packages }}
steps:
- name: Install jq
run: sudo apt-get update && sudo apt-get install -y jq
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
version: latest
- name: Check out code before change
uses: actions/checkout@v6
with:
ref: ${{ inputs.before_commit }}
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version-file: .python-version
- name: Sync code before change to make packages visible to Python
run: uv sync --all-packages
- name: Capture package versions before change
run: uv run python ./.github/workflows/scripts/package-versions.py collect > /tmp/package-versions-before.json
- name: Check out code after change
uses: actions/checkout@v6
with:
ref: ${{ inputs.after_commit }}
- name: Sync code after change to make packages visible to Python
run: uv sync --all-packages --refresh
- name: Capture package versions after change
run: uv run python ./.github/workflows/scripts/package-versions.py collect > /tmp/package-versions-after.json
- name: Compare package versions before and after change
run: |
uv run python ./.github/workflows/scripts/package-versions.py compare \
/tmp/package-versions-before.json \
/tmp/package-versions-after.json \
>/tmp/package-version-diff.json
- name: Print changed versions
run: cat /tmp/package-version-diff.json
- name: Save changed versions as output
id: save-changes
run: |
echo 'changed_packages<<EOF' >> $GITHUB_OUTPUT
cat /tmp/package-version-diff.json >> $GITHUB_OUTPUT
echo EOF >> $GITHUB_OUTPUT
printf 'num_changed_packages=%s\n' "$(jq -c '. | length' /tmp/package-version-diff.json)" >> $GITHUB_OUTPUT
- name: Configure AWS credentials
if: steps.save-changes.outputs.num_changed_packages > 0
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ inputs.aws_region }}
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_iam_role_name }}
role-session-name: GitHubActions_${{github.job}}_${{github.run_id}}
- name: Get CodeArtifact index URL
id: get-code-artifact-index-url
if: steps.save-changes.outputs.num_changed_packages > 0
run: |
index_url=$(./.github/workflows/scripts/code-artifact.sh index-url \
"${{ inputs.aws_account_id }}" "${{ inputs.aws_region }}" \
"${{ inputs.domain }}" "${{ inputs.repository }}")
echo "::add-mask::${index_url}"
echo "index_url=${index_url}" >> $GITHUB_OUTPUT
- name: Fail if any of the new versions already exist in the repo
if: steps.save-changes.outputs.num_changed_packages > 0
env:
INDEX_URL: ${{ steps.get-code-artifact-index-url.outputs.index_url }}
run: |
jq -c '.[]' /tmp/package-version-diff.json | while read -r entry; do
package=$(echo "$entry" | jq -r '.package')
after=$(echo "$entry" | jq -r '.after')
exit_code=0
output=$(uv run pip download "${package}==${after}" --index-url "${INDEX_URL}" --no-deps -d /tmp --quiet 2>&1) || exit_code=$?
if [[ $exit_code -eq 0 || (
"${output,,}" != *"could not find a version"* &&
"${output,,}" != *"no matching distributions"*
) ]]; then
echo "Package ${package} version ${after} already exists in the repository. Failing the workflow."
echo " pip exit code: ${exit_code}."
echo " pip stderr: ${output}."
exit 1
else
echo "Package ${package} version ${after} is new, as expected. Continuing."
fi
done