-
Notifications
You must be signed in to change notification settings - Fork 436
150 lines (138 loc) · 4.61 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: CI
on:
workflow_dispatch: {}
push:
branches:
- master
- beta
- sdk-release/**
- feature/**
tags:
- v[0-9]+.[0-9]+.[0-9]+*
pull_request:
branches:
- master
- beta
- sdk-release/**
- feature/**
jobs:
lint:
name: Static Checks
runs-on: "ubuntu-24.04"
steps:
- uses: extractions/setup-just@v2
- uses: actions/checkout@v3
- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: check examples w/ mypy (against [email protected])
run: just typecheck-examples
# skip deps on all these since mypy installed everything
- name: check linting
run: just --no-deps lint
- name: check formatting
run: just --no-deps format-check
# pyright depends on node, which it handles and installs for itself as needed
# we _could_ run setup-node to make it available for it if we're having reliability problems
- name: check types (all Python versions)
run: |
set -eox
for minor in {6..12}; do
just --no-deps typecheck $minor
done
build:
name: Build
runs-on: "ubuntu-24.04"
steps:
- uses: extractions/setup-just@v2
- uses: actions/checkout@v3
- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Build and check package
run: |
just build
- name: "Upload Artifact"
uses: actions/upload-artifact@v3
with:
name: dist
path: dist/
test:
# Specific ubuntu version to support python 3.6 testing
# see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877 for details
# move to ubuntu-latest when we drop 3.6
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
python_version:
- "3.6"
- "3.7"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
- "pypy-3.7"
- "pypy-3.8"
- "pypy-3.9"
- "pypy-3.10"
name: Test (${{ matrix.python_version }})
steps:
- uses: extractions/setup-just@v2
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python_version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python_version }}
- uses: stripe/openapi/actions/stripe-mock@master
- name: "run tests"
run: just test
publish:
name: Publish
if: >-
((github.event_name == 'workflow_dispatch') || (github.event_name == 'push')) &&
startsWith(github.ref, 'refs/tags/v') &&
endsWith(github.actor, '-stripe')
needs: [build, test, lint]
runs-on: "ubuntu-24.04"
steps:
- uses: actions/checkout@v3
- name: Download all workflow run artifacts
uses: actions/download-artifact@v3
with:
name: dist
path: dist
- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Configure GPG Key
run: |
set -ex
echo $GPG_SIGNING_PRIVKEY | base64 --decode | gpg --import --batch --yes --pinentry-mode loopback --passphrase "$GPG_SIGNING_PASSPHRASE"
env:
GPG_SIGNING_PRIVKEY: ${{ secrets.GPG_SIGNING_PRIVKEY }}
GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }}
- name: Install tools
run: just install-build-deps
- name: Publish packages to PyPI
# could probably move this into a just recipe too?
run: |
set -ex
source .venv/bin/activate
export VERSION=$(cat VERSION)
gpg --detach-sign --local-user $GPG_SIGNING_KEYID --pinentry-mode loopback --passphrase $GPG_SIGNING_PASSPHRASE -a dist/stripe-$VERSION.tar.gz
gpg --detach-sign --local-user $GPG_SIGNING_KEYID --pinentry-mode loopback --passphrase $GPG_SIGNING_PASSPHRASE -a dist/stripe-$VERSION-py2.py3-none-any.whl
python -m twine upload --verbose dist/stripe-$VERSION.tar.gz dist/stripe-$VERSION-py2.py3-none-any.whl dist/stripe-$VERSION.tar.gz.asc dist/stripe-$VERSION-py2.py3-none-any.whl.asc
env:
GPG_SIGNING_KEYID: ${{ secrets.GPG_SIGNING_KEYID }}
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }}
- uses: stripe/openapi/actions/notify-release@master
if: always()
with:
bot_token: ${{ secrets.SLACK_BOT_TOKEN }}