diff --git a/.github/workflows/appinspect.yml b/.github/workflows/appinspect.yml index f6088229..02832e93 100644 --- a/.github/workflows/appinspect.yml +++ b/.github/workflows/appinspect.yml @@ -9,6 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ env.PYTHON_VERSION }} diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..b431537c --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,90 @@ +name: Python CD +on: + push: + branches: [develop] + release: + types: [published] + workflow_dispatch: + +jobs: + build-distributables: + # Why building is separate from publishing: + # https://github.com/pypa/gh-action-pypi-publish/issues/217#issuecomment-1965727093 + runs-on: ubuntu-latest + outputs: + version: ${{ steps.get-version.outputs.version }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false + - uses: ./.github/actions/setup-sdk-environment + with: + python-version: 3.13 + deps-group: release + - name: Set pre-release version + id: set-version + if: startsWith(github.ref, 'refs/tags/') != true + run: | + VERSION_BASE="$(uv version --short)" + RUN_NUMBER="${{ github.run_number }}" + COMMIT_SHA="$(git rev-parse --short HEAD)" + uv version --frozen "${VERSION_BASE}.dev${RUN_NUMBER}+g${COMMIT_SHA}" + - name: Get current version + id: get-version + run: echo "version=$(uv version --short)" >> "$GITHUB_OUTPUT" + - name: Build packages for distribution + run: uv build + - name: Run AppInspect + uses: ./.github/actions/run-appinspect + - name: Upload distributables + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a + with: + name: splunk-sdk-${{ steps.get-version.outputs.version }} + path: dist/ + - name: Generate API reference + run: make -C ./docs html + - name: Upload docs artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a + with: + name: python-sdk-docs + path: docs/_build/html + + publish-pre-release: + if: startsWith(github.ref, 'refs/tags/') == false + needs: build-distributables + runs-on: ubuntu-latest + permissions: + id-token: write + environment: + name: splunk-test-pypi + url: https://test.pypi.org/project/splunk-sdk/ + steps: + - name: Download distributables + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c + with: + name: splunk-sdk-${{ needs.build-distributables.outputs.version }} + path: dist/ + - name: Publish packages to Test PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b + with: + repository-url: https://test.pypi.org/legacy/ + + publish-release: + if: startsWith(github.ref, 'refs/tags/') == true + needs: build-distributables + runs-on: ubuntu-latest + permissions: + id-token: write + environment: + name: splunk-pypi + url: https://pypi.org/project/splunk-sdk/ + steps: + - name: Download distributables + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c + with: + name: splunk-sdk-${{ needs.build-distributables.outputs.version }} + path: dist/ + - name: Publish packages to PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b + with: + repository-url: https://pypi.org/legacy/ diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1fa1dfa6..160dbaf6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,6 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ matrix.python-version }} @@ -13,4 +15,4 @@ jobs: - name: Verify uv.lock is up-to-date run: uv lock --check - name: Verify files are linted and formatted - run: make ci-lint \ No newline at end of file + run: make ci-lint diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml deleted file mode 100644 index 441e497d..00000000 --- a/.github/workflows/pre-release.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Publish pre-release to Test PyPI -on: - push: - branches: - - develop - - release/2.x - workflow_dispatch: - -env: - PYTHON_VERSION: 3.13 - -jobs: - publish-pre-release: - runs-on: ubuntu-latest - permissions: - id-token: write # Required for publishing - environment: - name: splunk-test-pypi - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup-sdk-environment - with: - python-version: ${{ env.PYTHON_VERSION }} - deps-group: release - - name: Set temporary pre-release version - run: | - VERSION_BASE="$(uv version --short)" - RUN_NUMBER="${{ github.run_number }}" - COMMIT_SHA="$(git rev-parse --short HEAD)" - uv version --frozen "${VERSION_BASE}.dev${RUN_NUMBER}+g${COMMIT_SHA}" - - name: Build packages for distribution - run: uv build - - name: Run AppInspect - uses: ./.github/actions/run-appinspect - - name: Publish packages to Test PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b - with: - repository-url: https://test.pypi.org/legacy/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3c591615..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Publish SDK to PyPI -on: - release: - types: [published] - -env: - PYTHON_VERSION: 3.13 - -jobs: - publish-to-pypi: - runs-on: ubuntu-latest - permissions: - id-token: write # Required for publishing - environment: - name: splunk-pypi - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup-sdk-environment - with: - python-version: ${{ env.PYTHON_VERSION }} - deps-group: release - - name: Build packages for distribution - run: uv build - - name: Run AppInspect - uses: ./.github/actions/run-appinspect - - name: Publish packages to PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b - with: - repository-url: https://test.pypi.org/legacy/ - - name: Generate API reference - run: make -C ./docs html - - name: Upload docs artifact - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a - with: - name: python-sdk-docs - path: docs/_build/html diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 25be7e42..e5c0b8f1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,14 +7,15 @@ concurrency: jobs: test: + runs-on: ubuntu-latest strategy: matrix: - os: [ubuntu-latest] python-version: [3.13] splunk-version: [latest] - runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ matrix.python-version }} @@ -46,7 +47,8 @@ jobs: uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae with: path: .pytest_cache - key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ github.sha }} + key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ + github.sha }} restore-keys: | pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}- - name: Run unit tests diff --git a/AGENTS.md b/AGENTS.md index 5dcab5a6..8345b0ea 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -11,10 +11,10 @@ This project uses [`uv`](https://docs.astral.sh/uv/) for dependency management and running Python tools. All Python and pytest invocations should be prefixed with `uv run`. Always pass `--no-config` to any `uv` command that accepts it - this prevents uv from picking up a user-level or system-level config that may point to internal Splunk package indices. To install/sync dependencies: ```sh -make uv-sync +make install ``` -If you manually edit `pyproject.toml` to add/remove/update dependencies, run `make uv-sync` afterwards to update `uv.lock`. +If you manually edit `pyproject.toml` to add/remove/update dependencies, run `make install` afterwards to update `uv.lock`. The `Makefile` wraps `uv` commands - prefer `make` targets over invoking `uv` directly where a target exists. @@ -22,7 +22,7 @@ The `Makefile` wraps `uv` commands - prefer `make` targets over invoking `uv` di See the `Makefile` for all available targets. Common ones: -- `make uv-sync` - set up / update virtualenv +- `make install` - set up / update virtualenv - `make test` - run the full pytest suite. - `make test-unit` - unit tests only; fastest feedback loop. - `make test-integration` - integration + system coverage; requires Splunk services available (see docker targets). @@ -43,17 +43,12 @@ See the `Makefile` for all available targets. Common ones: **After editing any Python file**, format it: ```sh -# Sort imports, then format -uv run ruff check --fix $FILE -uv run ruff format $FILE +make lint ``` **Before declaring a change done**, run: ```sh -# linter -uv run basedpyright - # testing make test-unit make test-ai diff --git a/Makefile b/Makefile index 693de209..56b0b26b 100644 --- a/Makefile +++ b/Makefile @@ -116,4 +116,4 @@ docker-splunk-restart: .PHONY: docker-tail-python-log docker-tail-python-log: - docker exec -it $(CONTAINER_NAME) sudo tail $(SPLUNK_HOME)/var/log/splunk/python.log \ No newline at end of file + docker exec -it $(CONTAINER_NAME) sudo tail $(SPLUNK_HOME)/var/log/splunk/python.log