[core] Release workflow and Updater cleanup (#8640)
- Only use trusted publishing with PyPI and remove support for PyPI tokens from release workflow - Clean up improper actions syntax in the build workflow inputs - Refactor Updater to allow for consistent unit testing with `UPDATE_SOURCES` Authored by: bashonly
This commit is contained in:
parent
c919b68f7e
commit
632b8ee54e
4 changed files with 18 additions and 30 deletions
8
.github/workflows/build.yml
vendored
8
.github/workflows/build.yml
vendored
|
@ -80,12 +80,12 @@ on:
|
|||
default: true
|
||||
type: boolean
|
||||
origin:
|
||||
description: .
|
||||
description: Origin
|
||||
required: false
|
||||
default: ''
|
||||
default: 'current repo'
|
||||
type: choice
|
||||
options:
|
||||
- ''
|
||||
- 'current repo'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
@ -99,7 +99,7 @@ jobs:
|
|||
- name: Process origin
|
||||
id: process_origin
|
||||
run: |
|
||||
echo "origin=${{ inputs.origin || github.repository }}" >> "$GITHUB_OUTPUT"
|
||||
echo "origin=${{ inputs.origin == 'current repo' && github.repository || inputs.origin }}" | tee "$GITHUB_OUTPUT"
|
||||
|
||||
unix:
|
||||
needs: process
|
||||
|
|
24
.github/workflows/release.yml
vendored
24
.github/workflows/release.yml
vendored
|
@ -64,7 +64,6 @@ jobs:
|
|||
target_tag: ${{ steps.setup_variables.outputs.target_tag }}
|
||||
pypi_project: ${{ steps.setup_variables.outputs.pypi_project }}
|
||||
pypi_suffix: ${{ steps.setup_variables.outputs.pypi_suffix }}
|
||||
pypi_token: ${{ steps.setup_variables.outputs.pypi_token }}
|
||||
head_sha: ${{ steps.get_target.outputs.head_sha }}
|
||||
|
||||
steps:
|
||||
|
@ -153,7 +152,6 @@ jobs:
|
|||
${{ !!secrets[format('{0}_archive_repo_token', env.target_repo)] }} || fallback_token
|
||||
pypi_project='${{ vars[format('{0}_pypi_project', env.target_repo)] }}'
|
||||
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.target_repo)] }}'
|
||||
${{ !secrets[format('{0}_pypi_token', env.target_repo)] }} || pypi_token='${{ env.target_repo }}_pypi_token'
|
||||
fi
|
||||
else
|
||||
target_tag="${source_tag:-${version}}"
|
||||
|
@ -163,7 +161,6 @@ jobs:
|
|||
${{ !!secrets[format('{0}_archive_repo_token', env.source_repo)] }} || fallback_token
|
||||
pypi_project='${{ vars[format('{0}_pypi_project', env.source_repo)] }}'
|
||||
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.source_repo)] }}'
|
||||
${{ !secrets[format('{0}_pypi_token', env.source_repo)] }} || pypi_token='${{ env.source_repo }}_pypi_token'
|
||||
else
|
||||
target_repo='${{ github.repository }}'
|
||||
fi
|
||||
|
@ -172,13 +169,6 @@ jobs:
|
|||
if [[ "${target_repo}" == '${{ github.repository }}' ]] && ${{ !inputs.prerelease }}; then
|
||||
pypi_project='${{ vars.PYPI_PROJECT }}'
|
||||
fi
|
||||
if [[ -z "${pypi_token}" && "${pypi_project}" ]]; then
|
||||
if ${{ !secrets.PYPI_TOKEN }}; then
|
||||
pypi_token=OIDC
|
||||
else
|
||||
pypi_token=PYPI_TOKEN
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "::group::Output variables"
|
||||
cat << EOF | tee -a "$GITHUB_OUTPUT"
|
||||
|
@ -189,7 +179,6 @@ jobs:
|
|||
target_tag=${target_tag}
|
||||
pypi_project=${pypi_project}
|
||||
pypi_suffix=${pypi_suffix}
|
||||
pypi_token=${pypi_token}
|
||||
EOF
|
||||
echo "::endgroup::"
|
||||
|
||||
|
@ -286,18 +275,7 @@ jobs:
|
|||
python devscripts/set-variant.py pip -M "You installed yt-dlp with pip or using the wheel from PyPi; Use that to update"
|
||||
python setup.py sdist bdist_wheel
|
||||
|
||||
- name: Publish to PyPI via token
|
||||
env:
|
||||
TWINE_USERNAME: __token__
|
||||
TWINE_PASSWORD: ${{ secrets[needs.prepare.outputs.pypi_token] }}
|
||||
if: |
|
||||
needs.prepare.outputs.pypi_token != 'OIDC' && env.TWINE_PASSWORD
|
||||
run: |
|
||||
twine upload dist/*
|
||||
|
||||
- name: Publish to PyPI via trusted publishing
|
||||
if: |
|
||||
needs.prepare.outputs.pypi_token == 'OIDC'
|
||||
- name: Publish to PyPI
|
||||
uses: pypa/gh-action-pypi-publish@release/v1
|
||||
with:
|
||||
verbose: true
|
||||
|
|
|
@ -11,6 +11,14 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
|||
from test.helper import FakeYDL, report_warning
|
||||
from yt_dlp.update import Updater, UpdateInfo
|
||||
|
||||
|
||||
# XXX: Keep in sync with yt_dlp.update.UPDATE_SOURCES
|
||||
TEST_UPDATE_SOURCES = {
|
||||
'stable': 'yt-dlp/yt-dlp',
|
||||
'nightly': 'yt-dlp/yt-dlp-nightly-builds',
|
||||
'master': 'yt-dlp/yt-dlp-master-builds',
|
||||
}
|
||||
|
||||
TEST_API_DATA = {
|
||||
'yt-dlp/yt-dlp/latest': {
|
||||
'tag_name': '2023.12.31',
|
||||
|
@ -104,6 +112,7 @@ class FakeUpdater(Updater):
|
|||
|
||||
_channel = 'stable'
|
||||
_origin = 'yt-dlp/yt-dlp'
|
||||
_update_sources = TEST_UPDATE_SOURCES
|
||||
|
||||
def _download_update_spec(self, *args, **kwargs):
|
||||
return TEST_LOCKFILE_ACTUAL
|
||||
|
|
|
@ -206,13 +206,14 @@ class Updater:
|
|||
# XXX: use class variables to simplify testing
|
||||
_channel = CHANNEL
|
||||
_origin = ORIGIN
|
||||
_update_sources = UPDATE_SOURCES
|
||||
|
||||
def __init__(self, ydl, target: str | None = None):
|
||||
self.ydl = ydl
|
||||
# For backwards compat, target needs to be treated as if it could be None
|
||||
self.requested_channel, sep, self.requested_tag = (target or self._channel).rpartition('@')
|
||||
# Check if requested_tag is actually the requested repo/channel
|
||||
if not sep and ('/' in self.requested_tag or self.requested_tag in UPDATE_SOURCES):
|
||||
if not sep and ('/' in self.requested_tag or self.requested_tag in self._update_sources):
|
||||
self.requested_channel = self.requested_tag
|
||||
self.requested_tag: str = None # type: ignore (we set it later)
|
||||
elif not self.requested_channel:
|
||||
|
@ -237,11 +238,11 @@ class Updater:
|
|||
self._block_restart('Automatically restarting into custom builds is disabled for security reasons')
|
||||
else:
|
||||
# Check if requested_channel resolves to a known repository or else raise
|
||||
self.requested_repo = UPDATE_SOURCES.get(self.requested_channel)
|
||||
self.requested_repo = self._update_sources.get(self.requested_channel)
|
||||
if not self.requested_repo:
|
||||
self._report_error(
|
||||
f'Invalid update channel {self.requested_channel!r} requested. '
|
||||
f'Valid channels are {", ".join(UPDATE_SOURCES)}', True)
|
||||
f'Valid channels are {", ".join(self._update_sources)}', True)
|
||||
|
||||
self._identifier = f'{detect_variant()} {system_identifier()}'
|
||||
|
||||
|
|
Loading…
Reference in a new issue