[core] Release workflow and Updater cleanup (#8640)
- Only use trusted publishing with PyPI and remove support for PyPI tokens from release workflow - Clean up improper actions syntax in the build workflow inputs - Refactor Updater to allow for consistent unit testing with `UPDATE_SOURCES` Authored by: bashonly
This commit is contained in:
parent
c919b68f7e
commit
632b8ee54e
4 changed files with 18 additions and 30 deletions
8
.github/workflows/build.yml
vendored
8
.github/workflows/build.yml
vendored
|
@ -80,12 +80,12 @@ on:
|
||||||
default: true
|
default: true
|
||||||
type: boolean
|
type: boolean
|
||||||
origin:
|
origin:
|
||||||
description: .
|
description: Origin
|
||||||
required: false
|
required: false
|
||||||
default: ''
|
default: 'current repo'
|
||||||
type: choice
|
type: choice
|
||||||
options:
|
options:
|
||||||
- ''
|
- 'current repo'
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
@ -99,7 +99,7 @@ jobs:
|
||||||
- name: Process origin
|
- name: Process origin
|
||||||
id: process_origin
|
id: process_origin
|
||||||
run: |
|
run: |
|
||||||
echo "origin=${{ inputs.origin || github.repository }}" >> "$GITHUB_OUTPUT"
|
echo "origin=${{ inputs.origin == 'current repo' && github.repository || inputs.origin }}" | tee "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
unix:
|
unix:
|
||||||
needs: process
|
needs: process
|
||||||
|
|
24
.github/workflows/release.yml
vendored
24
.github/workflows/release.yml
vendored
|
@ -64,7 +64,6 @@ jobs:
|
||||||
target_tag: ${{ steps.setup_variables.outputs.target_tag }}
|
target_tag: ${{ steps.setup_variables.outputs.target_tag }}
|
||||||
pypi_project: ${{ steps.setup_variables.outputs.pypi_project }}
|
pypi_project: ${{ steps.setup_variables.outputs.pypi_project }}
|
||||||
pypi_suffix: ${{ steps.setup_variables.outputs.pypi_suffix }}
|
pypi_suffix: ${{ steps.setup_variables.outputs.pypi_suffix }}
|
||||||
pypi_token: ${{ steps.setup_variables.outputs.pypi_token }}
|
|
||||||
head_sha: ${{ steps.get_target.outputs.head_sha }}
|
head_sha: ${{ steps.get_target.outputs.head_sha }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
@ -153,7 +152,6 @@ jobs:
|
||||||
${{ !!secrets[format('{0}_archive_repo_token', env.target_repo)] }} || fallback_token
|
${{ !!secrets[format('{0}_archive_repo_token', env.target_repo)] }} || fallback_token
|
||||||
pypi_project='${{ vars[format('{0}_pypi_project', env.target_repo)] }}'
|
pypi_project='${{ vars[format('{0}_pypi_project', env.target_repo)] }}'
|
||||||
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.target_repo)] }}'
|
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.target_repo)] }}'
|
||||||
${{ !secrets[format('{0}_pypi_token', env.target_repo)] }} || pypi_token='${{ env.target_repo }}_pypi_token'
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
target_tag="${source_tag:-${version}}"
|
target_tag="${source_tag:-${version}}"
|
||||||
|
@ -163,7 +161,6 @@ jobs:
|
||||||
${{ !!secrets[format('{0}_archive_repo_token', env.source_repo)] }} || fallback_token
|
${{ !!secrets[format('{0}_archive_repo_token', env.source_repo)] }} || fallback_token
|
||||||
pypi_project='${{ vars[format('{0}_pypi_project', env.source_repo)] }}'
|
pypi_project='${{ vars[format('{0}_pypi_project', env.source_repo)] }}'
|
||||||
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.source_repo)] }}'
|
pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.source_repo)] }}'
|
||||||
${{ !secrets[format('{0}_pypi_token', env.source_repo)] }} || pypi_token='${{ env.source_repo }}_pypi_token'
|
|
||||||
else
|
else
|
||||||
target_repo='${{ github.repository }}'
|
target_repo='${{ github.repository }}'
|
||||||
fi
|
fi
|
||||||
|
@ -172,13 +169,6 @@ jobs:
|
||||||
if [[ "${target_repo}" == '${{ github.repository }}' ]] && ${{ !inputs.prerelease }}; then
|
if [[ "${target_repo}" == '${{ github.repository }}' ]] && ${{ !inputs.prerelease }}; then
|
||||||
pypi_project='${{ vars.PYPI_PROJECT }}'
|
pypi_project='${{ vars.PYPI_PROJECT }}'
|
||||||
fi
|
fi
|
||||||
if [[ -z "${pypi_token}" && "${pypi_project}" ]]; then
|
|
||||||
if ${{ !secrets.PYPI_TOKEN }}; then
|
|
||||||
pypi_token=OIDC
|
|
||||||
else
|
|
||||||
pypi_token=PYPI_TOKEN
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "::group::Output variables"
|
echo "::group::Output variables"
|
||||||
cat << EOF | tee -a "$GITHUB_OUTPUT"
|
cat << EOF | tee -a "$GITHUB_OUTPUT"
|
||||||
|
@ -189,7 +179,6 @@ jobs:
|
||||||
target_tag=${target_tag}
|
target_tag=${target_tag}
|
||||||
pypi_project=${pypi_project}
|
pypi_project=${pypi_project}
|
||||||
pypi_suffix=${pypi_suffix}
|
pypi_suffix=${pypi_suffix}
|
||||||
pypi_token=${pypi_token}
|
|
||||||
EOF
|
EOF
|
||||||
echo "::endgroup::"
|
echo "::endgroup::"
|
||||||
|
|
||||||
|
@ -286,18 +275,7 @@ jobs:
|
||||||
python devscripts/set-variant.py pip -M "You installed yt-dlp with pip or using the wheel from PyPi; Use that to update"
|
python devscripts/set-variant.py pip -M "You installed yt-dlp with pip or using the wheel from PyPi; Use that to update"
|
||||||
python setup.py sdist bdist_wheel
|
python setup.py sdist bdist_wheel
|
||||||
|
|
||||||
- name: Publish to PyPI via token
|
- name: Publish to PyPI
|
||||||
env:
|
|
||||||
TWINE_USERNAME: __token__
|
|
||||||
TWINE_PASSWORD: ${{ secrets[needs.prepare.outputs.pypi_token] }}
|
|
||||||
if: |
|
|
||||||
needs.prepare.outputs.pypi_token != 'OIDC' && env.TWINE_PASSWORD
|
|
||||||
run: |
|
|
||||||
twine upload dist/*
|
|
||||||
|
|
||||||
- name: Publish to PyPI via trusted publishing
|
|
||||||
if: |
|
|
||||||
needs.prepare.outputs.pypi_token == 'OIDC'
|
|
||||||
uses: pypa/gh-action-pypi-publish@release/v1
|
uses: pypa/gh-action-pypi-publish@release/v1
|
||||||
with:
|
with:
|
||||||
verbose: true
|
verbose: true
|
||||||
|
|
|
@ -11,6 +11,14 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
||||||
from test.helper import FakeYDL, report_warning
|
from test.helper import FakeYDL, report_warning
|
||||||
from yt_dlp.update import Updater, UpdateInfo
|
from yt_dlp.update import Updater, UpdateInfo
|
||||||
|
|
||||||
|
|
||||||
|
# XXX: Keep in sync with yt_dlp.update.UPDATE_SOURCES
|
||||||
|
TEST_UPDATE_SOURCES = {
|
||||||
|
'stable': 'yt-dlp/yt-dlp',
|
||||||
|
'nightly': 'yt-dlp/yt-dlp-nightly-builds',
|
||||||
|
'master': 'yt-dlp/yt-dlp-master-builds',
|
||||||
|
}
|
||||||
|
|
||||||
TEST_API_DATA = {
|
TEST_API_DATA = {
|
||||||
'yt-dlp/yt-dlp/latest': {
|
'yt-dlp/yt-dlp/latest': {
|
||||||
'tag_name': '2023.12.31',
|
'tag_name': '2023.12.31',
|
||||||
|
@ -104,6 +112,7 @@ class FakeUpdater(Updater):
|
||||||
|
|
||||||
_channel = 'stable'
|
_channel = 'stable'
|
||||||
_origin = 'yt-dlp/yt-dlp'
|
_origin = 'yt-dlp/yt-dlp'
|
||||||
|
_update_sources = TEST_UPDATE_SOURCES
|
||||||
|
|
||||||
def _download_update_spec(self, *args, **kwargs):
|
def _download_update_spec(self, *args, **kwargs):
|
||||||
return TEST_LOCKFILE_ACTUAL
|
return TEST_LOCKFILE_ACTUAL
|
||||||
|
|
|
@ -206,13 +206,14 @@ class Updater:
|
||||||
# XXX: use class variables to simplify testing
|
# XXX: use class variables to simplify testing
|
||||||
_channel = CHANNEL
|
_channel = CHANNEL
|
||||||
_origin = ORIGIN
|
_origin = ORIGIN
|
||||||
|
_update_sources = UPDATE_SOURCES
|
||||||
|
|
||||||
def __init__(self, ydl, target: str | None = None):
|
def __init__(self, ydl, target: str | None = None):
|
||||||
self.ydl = ydl
|
self.ydl = ydl
|
||||||
# For backwards compat, target needs to be treated as if it could be None
|
# For backwards compat, target needs to be treated as if it could be None
|
||||||
self.requested_channel, sep, self.requested_tag = (target or self._channel).rpartition('@')
|
self.requested_channel, sep, self.requested_tag = (target or self._channel).rpartition('@')
|
||||||
# Check if requested_tag is actually the requested repo/channel
|
# Check if requested_tag is actually the requested repo/channel
|
||||||
if not sep and ('/' in self.requested_tag or self.requested_tag in UPDATE_SOURCES):
|
if not sep and ('/' in self.requested_tag or self.requested_tag in self._update_sources):
|
||||||
self.requested_channel = self.requested_tag
|
self.requested_channel = self.requested_tag
|
||||||
self.requested_tag: str = None # type: ignore (we set it later)
|
self.requested_tag: str = None # type: ignore (we set it later)
|
||||||
elif not self.requested_channel:
|
elif not self.requested_channel:
|
||||||
|
@ -237,11 +238,11 @@ class Updater:
|
||||||
self._block_restart('Automatically restarting into custom builds is disabled for security reasons')
|
self._block_restart('Automatically restarting into custom builds is disabled for security reasons')
|
||||||
else:
|
else:
|
||||||
# Check if requested_channel resolves to a known repository or else raise
|
# Check if requested_channel resolves to a known repository or else raise
|
||||||
self.requested_repo = UPDATE_SOURCES.get(self.requested_channel)
|
self.requested_repo = self._update_sources.get(self.requested_channel)
|
||||||
if not self.requested_repo:
|
if not self.requested_repo:
|
||||||
self._report_error(
|
self._report_error(
|
||||||
f'Invalid update channel {self.requested_channel!r} requested. '
|
f'Invalid update channel {self.requested_channel!r} requested. '
|
||||||
f'Valid channels are {", ".join(UPDATE_SOURCES)}', True)
|
f'Valid channels are {", ".join(self._update_sources)}', True)
|
||||||
|
|
||||||
self._identifier = f'{detect_variant()} {system_identifier()}'
|
self._identifier = f'{detect_variant()} {system_identifier()}'
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue