Add packse fetch
#1602
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| env: | |
| # Enable colored output | |
| # https://github.com/actions/runner/issues/241 | |
| PY_COLORS: 1 | |
| POETRY_VERSION: "1.6.1" | |
| permissions: | |
| id-token: write # Needed for AWS CodeArtifact OIDC | |
| contents: read | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| # Run every 90 minutes; will only do work if the last job succeeded. | |
| # This ensures that after rate limits are encountered, we attempt to publish again. | |
| # PyPI has a 60 minute rate limit for project creation. | |
| - cron: "*/90 * * * *" | |
| jobs: | |
| publish-packages: | |
| name: python-${{ matrix.python-version }}, ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| python-version: | |
| - "3.12" | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Only runs during the scheduled job | |
| # The rest of the workflow will be skipped during scheduled runs unless the last run failed | |
| - name: Check status of last workflow run | |
| id: check_last_run | |
| if: github.event.schedule | |
| run: | | |
| WORKFLOW_ID=$( \ | |
| curl \ | |
| --silent \ | |
| --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
| --header 'content-type: application/json' \ | |
| ${{ github.api_url }}/repos/${{ github.repository }}/actions/runs/${{ github.run_id }} \ | |
| | jq -r .workflow_id \ | |
| ) | |
| CONCLUSION=$( \ | |
| curl \ | |
| --silent \ | |
| --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
| --header 'content-type: application/json' \ | |
| "${{ github.api_url }}/repos/${{ github.repository }}/actions/workflows/$WORKFLOW_ID/runs?per_page=1&status=completed&branch=main" \ | |
| | jq -r .workflow_runs[0].conclusion \ | |
| ) | |
| echo "conclusion=$CONCLUSION" | |
| echo "conclusion=$CONCLUSION" >> $GITHUB_OUTPUT | |
| # Implementation based on https://github.com/MercymeIlya/last-workflow-status | |
| - name: Set up Poetry | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| pipx install poetry==${{ env.POETRY_VERSION }} | |
| - name: Set up Python ${{ matrix.python-version }} | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: poetry | |
| - name: Install zsh | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install zsh | |
| - name: Install packages | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| poetry install --extras index | |
| - name: Collect scenarios | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| scenarios=(scenarios/**/*.json) | |
| # Display for debug | |
| for scenario in $scenarios | |
| do | |
| echo "$scenario" | |
| done | |
| echo "SCENARIOS=$scenarios" >> "$GITHUB_ENV" | |
| # Assigning a glob to a variable in `bash` is such a pain I don't want to talk about it | |
| # instead we just use zsh | |
| shell: zsh {0} | |
| - name: View scenarios | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| poetry run packse view $SCENARIOS | |
| - name: Build scenarios | |
| if: steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure' | |
| run: | | |
| poetry run packse build --skip-root --short-names $SCENARIOS | |
| - name: Publish scenarios [local] | |
| if: github.ref != 'refs/heads/main' | |
| run: | | |
| # Start the local index server, do not allow packages from PyPI | |
| index_url=$(poetry run packse index up --bg --offline --dist-dir "./published") | |
| # Publish the packages | |
| poetry run packse publish --anonymous --index-url "$index_url" dist/* | |
| # Shutdown the index server | |
| poetry run packse index down | |
| - name: Configure AWS credentials | |
| if: github.ref == 'refs/heads/main' && (steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure') | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: us-east-2 | |
| role-to-assume: arn:aws:iam::590183856360:role/PublishGitHubPackseIsolated | |
| role-session-name: PacksePublishPackage | |
| role-duration-seconds: 900 | |
| - name: Publish scenarios [aws] | |
| if: github.ref == 'refs/heads/main' && (steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure') | |
| env: | |
| PACKSE_PUBLISH_USERNAME: "aws" | |
| run: | | |
| export PACKSE_PUBLISH_PASSWORD=$(aws codeartifact get-authorization-token --domain astral --domain-owner 590183856360 --region us-east-2 --query authorizationToken --output text) | |
| export INDEX_URL=$(aws codeartifact get-repository-endpoint --domain astral --domain-owner 590183856360 --repository astral-isolated --region us-east-2 --format pypi --query repositoryEndpoint --output text) | |
| poetry run packse publish --index-url "$INDEX_URL" --skip-existing dist/* vendor/build | |
| - name: Publish scenarios [test pypi] | |
| if: github.ref == 'refs/heads/main' && (steps.check_last_run.outcome == 'skipped' || steps.check_last_run.outputs.conclusion == 'failure') | |
| env: | |
| PACKSE_PUBLISH_PASSWORD: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
| run: | | |
| poetry run packse publish --skip-existing dist/* |