diff --git a/.craft.yml b/.craft.yml deleted file mode 100644 index 9025f453a..000000000 --- a/.craft.yml +++ /dev/null @@ -1,15 +0,0 @@ -github: - owner: codecov - repo: codecov-cli - -changelogPolicy: auto - -targets: - - name: github - tagPrefix: v - checksums: - - algorithm: sha256 - includeNames: /^(codecov|codecov_)cli.*/i - - - name: pypi - includeNames: /codecov_cli-*/i diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 2e3c43fa2..000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,140 +0,0 @@ -# This workflow builds codecov-cli on push to a release/* branch. The artifacts -# are later picked up and released by Craft. -name: Build release - -on: - push: - branches: - - "release/**" - -permissions: - contents: read - -jobs: - build_for_pypi: - permissions: - contents: read - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: Install dependencies - run: pip install uv - - - name: Build codecov-cli sdist and bdist - run: uv build - - - name: Upload codecov-cli artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: codecov-cli_wheel - path: ./dist/* - - build_assets: - name: Build ${{ matrix.os }} binaries - runs-on: ${{ matrix.os }} - strategy: - fail-fast: true - matrix: - include: - - os: macos-14 - TARGET: macos - CMD_BUILD: > - uv run pyinstaller --target-arch universal2 -F ./codecov_cli/main.py && - mv ./dist/main ./dist/codecovcli_macos - OUT_FILE_SUFFIX: _macos - ASSET_MIME: application/octet-stream - - - os: windows-2022 - TARGET: windows - CMD_BUILD: > - uv run pyinstaller -F .\codecov_cli\main.py && - Move-Item -Path ".\dist\main.exe" -Destination ".\dist\codecovcli_windows.exe" - OUT_FILE_SUFFIX: _windows.exe - ASSET_MIME: application/vnd.microsoft.portable-executable - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Python 3.9 - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: "3.9" - - - name: Install dependencies - run: | - pip install uv - # Need to build pyyaml and ijson from sdists to get universal2 macos build to work - uv sync --no-binary-package pyyaml --no-binary-package ijson - - - name: Build with pyinstaller for ${{matrix.TARGET}} - run: ${{matrix.CMD_BUILD}} - - - name: Upload codecovcli binary for ${{matrix.TARGET}} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: codecovcli${{matrix.OUT_FILE_SUFFIX}} - path: ./dist/codecovcli${{matrix.OUT_FILE_SUFFIX}} - - build_linux_assets: - name: Build ${{ matrix.distro_name }}_${{ matrix.arch }} binary - runs-on: ${{ matrix.runs-on }} - strategy: - matrix: - include: - - distro: "alpine:3.14" # alpine 3.14 needed for musl 1.2.2/python 3.9 compatibility - arch: arm64 - distro_name: alpine - runs-on: ubuntu-24.04-arm - - distro: "alpine:3.14" - arch: x86_64 - distro_name: alpine - runs-on: ubuntu-24.04 - - distro: "ubuntu:20.04" # ubuntu 20.04 needed for glibc 2.31/python 3.9 compatibility - arch: arm64 - distro_name: linux - runs-on: ubuntu-24.04-arm - - distro: "ubuntu:20.04" - distro_name: linux - arch: x86_64 - runs-on: ubuntu-24.04 - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Run in Docker - run: | - docker run \ - --rm \ - -v $(pwd):/${{ github.workspace }} \ - -w ${{ github.workspace }} \ - --platform linux/${{ matrix.arch }} \ - ${{ matrix.distro }} \ - ./scripts/build_${{ matrix.distro_name }}.sh ${{ matrix.distro_name }}_${{ matrix.arch }} - - - name: Upload codecovcli binary for ${{matrix.distro_name}}_${{ matrix.arch}} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} - path: ./dist/codecovcli_* - - package_artifacts: - # Craft requires one artifact named after the long commit sha of the release. - name: Package assets for Craft - runs-on: ubuntu-latest - needs: [build_for_pypi, build_assets, build_linux_assets] - steps: - - name: Download artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - pattern: "{codecov-,codecov}cli*" - - - name: Upload release artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ github.sha }} - path: | - codecovcli* - codecov-cli_wheel/* diff --git a/.github/workflows/build_assets.yml b/.github/workflows/build_assets.yml new file mode 100644 index 000000000..a405b31e2 --- /dev/null +++ b/.github/workflows/build_assets.yml @@ -0,0 +1,131 @@ +name: Build Compiled Assets + +on: + workflow_call: + inputs: + release: + type: boolean + default: false + description: "Attach artifacts to a release" + +permissions: + contents: read + +jobs: + build_assets: + name: Build packages - ${{ matrix.os }} + runs-on: ${{ matrix.os }} + permissions: + contents: write # needed for svenstaro/upload-release-action when inputs.release == true + strategy: + fail-fast: true + matrix: + include: + - os: macos-latest + TARGET: macos + CMD_BUILD: > + uv run pyinstaller --target-arch universal2 -F codecov_cli/main.py && + mv dist/main dist/codecovcli_macos && + lipo -archs dist/codecovcli_macos | grep 'x86_64 arm64' + OUT_FILE_NAME: codecovcli_macos + ASSET_MIME: application/octet-stream + - os: ubuntu-22.04 + TARGET: ubuntu + CMD_BUILD: > + uv run pyinstaller -F codecov_cli/main.py && + cp ./dist/main ./dist/codecovcli_linux + OUT_FILE_NAME: codecovcli_linux + ASSET_MIME: application/octet-stream + - os: windows-latest + TARGET: windows + CMD_BUILD: > + uv run pyinstaller -F .\codecov_cli\main.py && + Copy-Item -Path ".\dist\main.exe" -Destination ".\dist\codecovcli_windows.exe" + OUT_FILE_NAME: codecovcli_windows.exe + ASSET_MIME: application/vnd.microsoft.portable-executable + steps: + - uses: actions/checkout@v4 + + - name: Set up Python 3.11 + uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - name: Install uv and dependencies + run: | + pip install uv + # Need to build pyyaml and ijson from sdists to get universal2 macos build to work + uv sync --no-binary-package pyyaml --no-binary-package ijson + + - name: Build with pyinstaller for ${{matrix.TARGET}} + run: ${{matrix.CMD_BUILD}} + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + if: inputs.release == false + with: + name: ${{ matrix.OUT_FILE_NAME }} + path: ./dist/${{ matrix.OUT_FILE_NAME }} + + - name: Upload Release Asset + if: inputs.release == true + id: upload-release-asset + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: ./dist/${{ matrix.OUT_FILE_NAME }} + asset_name: ${{ matrix.OUT_FILE_NAME }} + tag: ${{ github.ref }} + overwrite: true + + build_assets_alpine_arm: + name: Build assets - Alpine and ARM + runs-on: ${{ matrix.runs-on }} + permissions: + contents: write # needed for svenstaro/upload-release-action when inputs.release == true + strategy: + matrix: + include: + - distro: "alpine:3.14" + arch: arm64 + distro_name: alpine + runs-on: ubuntu-24.04-arm + - distro: "alpine:3.14" + arch: x86_64 + distro_name: alpine + runs-on: ubuntu-24.04 + - distro: "ubuntu:20.04" + arch: arm64 + distro_name: linux + runs-on: ubuntu-24.04-arm + + steps: + - uses: actions/checkout@v4 + + - name: Run in Docker + run: | + docker run \ + --rm \ + -v $(pwd):/${{ github.workspace }} \ + -w ${{ github.workspace }} \ + --platform linux/${{ matrix.arch }} \ + ${{ matrix.distro }} \ + ./scripts/build_${{ matrix.distro_name }}_arm.sh ${{ matrix.distro_name }}_${{ matrix.arch }} + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + if: inputs.release == false + with: + name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + path: ./dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + + - name: Upload Release Asset + if: inputs.release == true + id: upload-release-asset + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: ./dist/codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + asset_name: codecovcli_${{ matrix.distro_name }}_${{ matrix.arch }} + tag: ${{ github.ref }} + overwrite: true diff --git a/.github/workflows/build_for_pypi.yml b/.github/workflows/build_for_pypi.yml new file mode 100644 index 000000000..23d66864f --- /dev/null +++ b/.github/workflows/build_for_pypi.yml @@ -0,0 +1,33 @@ +--- +name: Build for PyPi + +on: + workflow_call: + inputs: + publish: + type: boolean + default: false + description: "Build for PyPi" + +permissions: + contents: read + +jobs: + build_for_pypi: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install uv + run: pip install uv + + - name: Build sdist and wheel + run: uv build + + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: cibw-codecov-cli + path: ./dist/* diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml deleted file mode 100644 index a9f4bcff2..000000000 --- a/.github/workflows/create-release.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Create release - -permissions: - contents: read - pull-requests: write - -on: - workflow_dispatch: - inputs: - version: - description: Version to release - required: true - - force: - description: Force a release even when there are release-blockers (optional) - required: false - - merge_target: - description: Target branch to merge into. Uses the default branch as a fallback (optional) - required: false - -jobs: - release: - runs-on: ubuntu-24.04 - name: "Release a new version" - steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - - name: Prepare release - uses: getsentry/action-prepare-release@3cea80dc3938c0baf5ec4ce752ecb311f8780cdc # v1.6.4 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ github.event.inputs.version }} - force: ${{ github.event.inputs.force }} - merge_target: ${{ github.event.inputs.merge_target }} diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml new file mode 100644 index 000000000..176d6fe60 --- /dev/null +++ b/.github/workflows/create_release.yml @@ -0,0 +1,39 @@ +name: Create CLI Release + +on: + pull_request: + branches: + - main + types: [closed] + +permissions: + contents: read + +jobs: + create-release: + if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') && github.repository_owner == 'codecov' }} + name: Create Github Release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - id: get-release-vars + name: Configure Release Vars + run: | + release_version=v$(grep -E "version = \"[0-9]+\.[0-9]+\.[0-9]+\"" pyproject.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + previous_version=$(git tag --sort=-creatordate | head -n 2 | tail -n 1) + echo "release_version=$release_version" + echo "previous_version=$previous_version" + + echo "release_version=$release_version" >> "$GITHUB_OUTPUT" + echo "previous_version=$previous_version" >> "$GITHUB_OUTPUT" + + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ secrets.CODECOV_RELEASE_PAT }} + run: | + gh release create ${{ steps.get-release-vars.outputs.release_version }} --title "Release ${{ steps.get-release-vars.outputs.release_version }}" --notes "Autogenerated for ${{ steps.get-release-vars.outputs.release_version }}. Created for ${{ github.event.pull_request.html_url }}" --generate-notes --notes-start-tag ${{steps.get-release-vars.outputs.previous_version}} --target ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/create_release_pr.yml b/.github/workflows/create_release_pr.yml new file mode 100644 index 000000000..a6902fdf3 --- /dev/null +++ b/.github/workflows/create_release_pr.yml @@ -0,0 +1,54 @@ +name: Create CLI Release PR + +on: + workflow_dispatch: + inputs: + versionName: + description: 'Name of version (ie 23.9.5)' + required: true + +permissions: + contents: read + +jobs: + create-release-pr: + name: Create PR + runs-on: ubuntu-latest + permissions: + contents: write # needed to push the release/ branch + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Import GPG key + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.RELEASER_GPG_PRIVATE_KEY }} + git_user_signingkey: true + git_commit_gpgsign: true + git_config_global: true + + - name: Create release branch + run: git checkout -b release/${{ github.event.inputs.versionName }} + + - name: Update version and push + id: make-commit + run: | + sed -i 's/version\ =\ "[0-9]\+\.[0-9]\+\.[0-9]\+"/version\ =\ "${{ github.event.inputs.versionName }}"/g' pyproject.toml + git add pyproject.toml + git commit -S --message "Prepare release ${{ github.event.inputs.versionName }}" + echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" + git push origin release/${{ github.event.inputs.versionName }} + + - name: Create pull request into main + uses: thomaseizinger/create-pull-request@1.3.1 + with: + github_token: ${{ secrets.GH_RELEASE_TOKEN }} + head: release/${{ github.event.inputs.versionName }} + base: main + title: Release ${{ github.event.inputs.versionName }} + reviewers: ${{ github.event.issue.user.login }} + body: | + Release PR for ${{ github.event.inputs.versionName }} + I've updated the version name and committed: ${{ steps.make-commit.outputs.commit }}. diff --git a/.github/workflows/release-codecov-cli.yml b/.github/workflows/release-codecov-cli.yml deleted file mode 100644 index b89e7729e..000000000 --- a/.github/workflows/release-codecov-cli.yml +++ /dev/null @@ -1,51 +0,0 @@ -# This workflow publishes the codecov-cli assets to PyPI and our GCS bucket -# when a release is created. -name: Build and publish codecov-cli - -on: - release: - types: [published] - -permissions: - contents: read - -jobs: - publish_to_pypi: - permissions: - id-token: write # This is required for OIDC - runs-on: ubuntu-latest - steps: - - name: Download pypi release assets - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12 - with: - tag: ${{ github.ref_name }} - fileName: codecov_cli-* - out-file-path: dist - - - name: Publish package to PyPi - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 - with: - verbose: true - packages-dir: dist - - publish_release: - name: Publish release - runs-on: ubuntu-latest - permissions: - contents: "read" - id-token: "write" - steps: - - id: "auth" - name: "Authenticate to Google Cloud" - uses: "google-github-actions/auth@v1.0.0" - with: - create_credentials_file: "true" - workload_identity_provider: ${{ secrets.CODECOV_GCP_WIDP }} - service_account: ${{ secrets.CODECOV_GCP_WIDSA }} - - # Publish the release tag to a Pub/Sub topic - - name: Publish a message to a Pub/Sub topic - env: - CLOUDSDK_CORE_PROJECT: ${{ secrets.GCLOUD_UPLOADER_PROJECT_ID }} - run: | - gcloud pubsub topics publish ${{ secrets.GCLOUD_UPLOADER_PUBSUB_TOPIC }} --message '{"release":"'"${{ github.ref_name }}"'", "latest":true}' diff --git a/.github/workflows/release_flow.yml b/.github/workflows/release_flow.yml new file mode 100644 index 000000000..8051237c9 --- /dev/null +++ b/.github/workflows/release_flow.yml @@ -0,0 +1,76 @@ +# This workflow will install Python dependencies, run tests and lint with a variety of Python versions +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions + +name: Build and Publish CLI Release + +on: + release: + types: + - created + +permissions: + contents: read + +jobs: + build_for_pypi: + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + uses: ./.github/workflows/build_for_pypi.yml + with: + publish: true + secrets: inherit + + buildassets: + name: Build packages + uses: ./.github/workflows/build_assets.yml + with: + release: true + secrets: inherit + + publish_to_pypi: + needs: + - build_for_pypi + permissions: + id-token: write # This is required for OIDC + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/codecov-cli + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: dist/ + pattern: cibw-* + merge-multiple: true + - name: List artifacts + run: ls -alR dist/ + - name: Publish package to PyPi + uses: pypa/gh-action-pypi-publish@release/v1 + with: + verbose: true + packages-dir: dist/ + + publish_release: + name: Publish release + needs: [buildassets, publish_to_pypi] + runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + steps: + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v1.0.0' + with: + create_credentials_file: 'true' + workload_identity_provider: ${{ secrets.CODECOV_GCP_WIDP }} + service_account: ${{ secrets.CODECOV_GCP_WIDSA }} + + # Publish the release tag to a Pub/Sub topic + - name: Publish a message to a Pub/Sub topic + env: + CLOUDSDK_CORE_PROJECT: ${{ secrets.GCLOUD_UPLOADER_PROJECT_ID }} + run: | + gcloud pubsub topics publish ${{ secrets.GCLOUD_UPLOADER_PUBSUB_TOPIC }} --message '{"release":"'"${{ github.ref_name }}"'", "latest":true}' diff --git a/scripts/build_alpine.sh b/scripts/build_alpine_arm.sh similarity index 100% rename from scripts/build_alpine.sh rename to scripts/build_alpine_arm.sh diff --git a/scripts/build_linux.sh b/scripts/build_linux_arm.sh similarity index 73% rename from scripts/build_linux.sh rename to scripts/build_linux_arm.sh index 84923aeca..ffa92a192 100755 --- a/scripts/build_linux.sh +++ b/scripts/build_linux_arm.sh @@ -9,8 +9,3 @@ uv python pin 3.9 uv sync --no-binary-package pyyaml --no-binary-package ijson uv run pyinstaller -F codecov_cli/main.py mv ./dist/main ./dist/codecovcli_$1 - -# codecov linux binary should be just codecovcli_linux -if [ "$1" = "linux_x86_64" ]; then - mv ./dist/codecovcli_$1 ./dist/codecovcli_linux -fi