-
Notifications
You must be signed in to change notification settings - Fork 26
157 lines (122 loc) · 3.94 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Main CI
name: CI
on:
push:
branches:
- master
tags:
- '*'
pull_request:
jobs:
code_checks:
runs-on: ubuntu-latest
strategy:
matrix:
task: ["fmt", "lint"]
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/common-setup
- name: check code
run: poetry run poe ${{ matrix.task }}
build:
needs: code_checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/common-setup
- name: Build 🔨
run: poetry build
build_windows:
needs: code_checks
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/common-setup
with:
python_version: 3.11
- name: Add entrypoint to bypass issue with relative imports in PyInstaller
run: powershell -Command 'Invoke-WebRequest https://gist.githubusercontent.com/Wenzel/e38d227d94f16e026b3aed03ea6a6661/raw/383ec56d62c58e444f6c5962ee6940a5c583d341/stub.py -OutFile stub.py'
- name: Build Windows release
run: poetry run pyinstaller --onefile --name checksec stub.py
shell: bash
- name: Upload Windows release artefact
uses: actions/upload-artifact@v3
with:
name: checksec.exe
path: dist/checksec.exe
# TODO: can't test rich output: UnicodeEncodeError: 'charmap' codec can't encode characters in position 0-78: character maps to <undefined>
- name: Smoke test
run: ./dist/checksec.exe C:\Windows --json
shell: bash
test:
needs: build
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/common-setup
- name: Run tests
run: poetry run poe test_e2e
release:
needs: test
runs-on: ubuntu-latest
outputs:
upload_url: ${{ steps.step_upload_url.outputs.upload_url }}
version: ${{ steps.get_version.outputs.version }}
# push on master and tag is 'v*'
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v3
- name: Get the version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
- name: Create a Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.get_version.outputs.version }}
release_name: ${{ steps.get_version.outputs.version }}
- id: step_upload_url
run: echo "::set-output name=upload_url::${{ steps.create_release.outputs.upload_url }}"
release_windows:
needs: [build_windows, release]
runs-on: windows-latest
steps:
# the deploy action below depends on a checkout of the repo
# otherwise it fails trying to remote the 'origin' remote
# https://github.com/JamesIves/github-pages-deploy-action/issues/335
- uses: actions/checkout@v3
# download artifacts
- uses: actions/download-artifact@v3
with:
name: checksec.exe
- name: Upload a Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.release.outputs.upload_url }}
asset_path: checksec.exe
asset_name: checksec.exe
asset_content_type: vnd.microsoft.portable-executable
publish:
needs: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/common-setup
- name: Build package
run: poetry build
- name: Publish on PyPI 🚀
run: poetry publish
env:
POETRY_PYPI_TOKEN_PYPI: ${{ secrets.ACCESS_TOKEN }}