Skip to content

Commit

Permalink
feat!: public release (#83)
Browse files Browse the repository at this point in the history
Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com>
  • Loading branch information
moorec-aws authored Apr 1, 2024
1 parent 5916a46 commit e114779
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 37 deletions.
21 changes: 2 additions & 19 deletions .github/workflows/release_publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,6 @@ jobs:
permissions:
id-token: write
contents: write
env:
CODEARTIFACT_REGION: "us-west-2"
CODEARTIFACT_DOMAIN: ${{ secrets.CODEARTIFACT_DOMAIN }}
CODEARTIFACT_ACCOUNT_ID: ${{ secrets.CODEARTIFACT_ACCOUNT_ID }}
CODEARTIFACT_REPOSITORY: ${{ secrets.CODEARTIFACT_REPOSITORY }}
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down Expand Up @@ -88,17 +83,9 @@ jobs:
echo EOF
} >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_CODEARTIFACT_ROLE }}
aws-region: us-west-2
mask-aws-account-id: true

# Tag must be made before building so the generated _version.py files have the correct version
- name: Build
run: |
export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain ${{ secrets.CODEARTIFACT_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --query authorizationToken --output text --region us-west-2)
pip install --upgrade hatch
hatch -v build
Expand Down Expand Up @@ -187,9 +174,6 @@ jobs:

- name: Install dependencies
run: |
CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain ${{ secrets.CODEARTIFACT_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --query authorizationToken --output text --region us-west-2)
echo "::add-mask::$CODEARTIFACT_AUTH_TOKEN"
echo CODEARTIFACT_AUTH_TOKEN=$CODEARTIFACT_AUTH_TOKEN >> $GITHUB_ENV
pip install --upgrade hatch
pip install --upgrade twine
Expand All @@ -210,7 +194,6 @@ jobs:
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain ${{ secrets.CUSTOMER_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --repository ${{ secrets.CUSTOMER_REPOSITORY }} --format pypi --query repositoryEndpoint --output text`
twine upload dist/*
# TODO: Uncomment this block to publish to PyPI once this package is public
# # See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
# - name: Publish to PyPI
# uses: pypa/gh-action-pypi-publish@release/v1
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
14 changes: 0 additions & 14 deletions .github/workflows/reuse_python_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ jobs:
os: [ubuntu-latest, windows-latest, macOS-latest]
env:
PYTHON: ${{ matrix.python-version }}
CODEARTIFACT_REGION: "us-west-2"
CODEARTIFACT_DOMAIN: ${{ secrets.CODEARTIFACT_DOMAIN }}
CODEARTIFACT_ACCOUNT_ID: ${{ secrets.CODEARTIFACT_ACCOUNT_ID }}
CODEARTIFACT_REPOSITORY: ${{ secrets.CODEARTIFACT_REPOSITORY }}
steps:
- uses: actions/checkout@v4
if: ${{ !inputs.branch }}
Expand All @@ -38,19 +34,9 @@ jobs:
with:
python-version: ${{ matrix.python-version }}

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_CODEARTIFACT_ROLE }}
aws-region: us-west-2
mask-aws-account-id: true

- name: Install Hatch
shell: bash
run: |
CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain ${{ secrets.CODEARTIFACT_DOMAIN }} --domain-owner ${{ secrets.CODEARTIFACT_ACCOUNT_ID }} --query authorizationToken --output text --region us-west-2)
echo "::add-mask::$CODEARTIFACT_AUTH_TOKEN"
echo CODEARTIFACT_AUTH_TOKEN=$CODEARTIFACT_AUTH_TOKEN >> $GITHUB_ENV
pip install --upgrade hatch
- name: Run Linting
Expand Down
2 changes: 0 additions & 2 deletions hatch.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,12 @@ lint = [
python = ["3.9", "3.10", "3.11"]

[envs.default.env-vars]
PIP_INDEX_URL="https://aws:{env:CODEARTIFACT_AUTH_TOKEN}@{env:CODEARTIFACT_DOMAIN}-{env:CODEARTIFACT_ACCOUNT_ID}.d.codeartifact.{env:CODEARTIFACT_REGION}.amazonaws.com/pypi/{env:CODEARTIFACT_REPOSITORY}/simple/"
SKIP_BOOTSTRAP_TEST_RESOURCES="True"

[envs.codebuild.scripts]
build = "hatch build"

[envs.codebuild.env-vars]
PIP_INDEX_URL=""
SKIP_BOOTSTRAP_TEST_RESOURCES="True"

[envs.release]
Expand Down
4 changes: 2 additions & 2 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@ classifiers = [
# consume this library should be the ones that are more strictly limiting dependencies
# if they want/need to.
dependencies = [
"boto3 >= 1.28.78,<2.0",
"boto3 >= 1.34.75,<2.0",
# boto3 depends on botocore, but we're finding that if we leave botocore to be resolved
# transitively then resolving the dependency closure of this package in conjunction with
# other test dependencies in other packages can result in it taking 20+ minutes to resolve
# dependencies in Python3.9. So, we explicitly include the botocore dependency here.
"botocore >= 1.31.78"
"botocore >= 1.34.75"
]

[project.urls]
Expand Down

0 comments on commit e114779

Please sign in to comment.