From 0b2c759d1725cef0537580ff42ec66b9347ca66f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Thu, 7 May 2026 17:11:55 +0200 Subject: [PATCH 1/2] Adjust workflows once again, merge release workflows into a single source of truth --- .github/workflows/appinspect.yml | 2 + .github/workflows/cd.yml | 85 +++++++++++++++++++++++++++++++ .github/workflows/lint.yml | 4 +- .github/workflows/pre-release.yml | 38 -------------- .github/workflows/release.yml | 36 ------------- .github/workflows/test.yml | 8 +-- AGENTS.md | 13 ++--- Makefile | 2 +- pyproject.toml | 4 +- 9 files changed, 102 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/cd.yml delete mode 100644 .github/workflows/pre-release.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/appinspect.yml b/.github/workflows/appinspect.yml index f6088229..02832e93 100644 --- a/.github/workflows/appinspect.yml +++ b/.github/workflows/appinspect.yml @@ -9,6 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ env.PYTHON_VERSION }} diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..3aa8df1f --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,85 @@ +name: Python CD +on: + push: + branches: [develop] + release: + types: [published] + workflow_dispatch: + +jobs: + build-distributables: + # Why building is separate from publishing: + # https://github.com/pypa/gh-action-pypi-publish/issues/217#issuecomment-1965727093 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false + - uses: ./.github/actions/setup-sdk-environment + with: + python-version: 3.13 + deps-group: release + - name: Set pre-release version + id: set-version + if: ${{ ! startsWith(github.ref, 'refs/tags/') }} + run: | + VERSION_BASE="$(uv version --short)" + RUN_NUMBER="${{ github.run_number }}" + COMMIT_SHA="$(git rev-parse --short HEAD)" + uv version --frozen "${VERSION_BASE}.dev${RUN_NUMBER}+g${COMMIT_SHA}" + - name: Build packages for distribution + run: uv build + - name: Run AppInspect + uses: ./.github/actions/run-appinspect + - name: Upload pre-release distributables + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a + with: + name: splunk-sdk + path: dist/ + - name: Generate API reference + run: make -C ./docs html + - name: Upload docs artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a + with: + name: python-sdk-docs + path: docs/_build/html + + publish-pre-release: + if: startsWith(github.ref, 'refs/tags/') != true + needs: build-release + runs-on: ubuntu-latest + permissions: + id-token: write + environment: + name: splunk-test-pypi + url: https://test.pypi.org/project/splunk-sdk/ + steps: + - name: Download distributables + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c + with: + name: splunk-sdk + path: dist/ + - name: Publish packages to Test PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b + with: + repository-url: https://test.pypi.org/legacy/ + + publish-release: + if: startsWith(github.ref, 'refs/tags/') + needs: build-release + runs-on: ubuntu-latest + permissions: + id-token: write + environment: + name: splunk-pypi + url: https://pypi.org/project/splunk-sdk/ + steps: + - name: Download distributables + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c + with: + name: splunk-sdk + path: dist/ + - name: Publish packages to PyPI + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b + with: + repository-url: https://pypi.org/legacy/ diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1fa1dfa6..160dbaf6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,6 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ matrix.python-version }} @@ -13,4 +15,4 @@ jobs: - name: Verify uv.lock is up-to-date run: uv lock --check - name: Verify files are linted and formatted - run: make ci-lint \ No newline at end of file + run: make ci-lint diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml deleted file mode 100644 index 441e497d..00000000 --- a/.github/workflows/pre-release.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Publish pre-release to Test PyPI -on: - push: - branches: - - develop - - release/2.x - workflow_dispatch: - -env: - PYTHON_VERSION: 3.13 - -jobs: - publish-pre-release: - runs-on: ubuntu-latest - permissions: - id-token: write # Required for publishing - environment: - name: splunk-test-pypi - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup-sdk-environment - with: - python-version: ${{ env.PYTHON_VERSION }} - deps-group: release - - name: Set temporary pre-release version - run: | - VERSION_BASE="$(uv version --short)" - RUN_NUMBER="${{ github.run_number }}" - COMMIT_SHA="$(git rev-parse --short HEAD)" - uv version --frozen "${VERSION_BASE}.dev${RUN_NUMBER}+g${COMMIT_SHA}" - - name: Build packages for distribution - run: uv build - - name: Run AppInspect - uses: ./.github/actions/run-appinspect - - name: Publish packages to Test PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b - with: - repository-url: https://test.pypi.org/legacy/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3c591615..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Publish SDK to PyPI -on: - release: - types: [published] - -env: - PYTHON_VERSION: 3.13 - -jobs: - publish-to-pypi: - runs-on: ubuntu-latest - permissions: - id-token: write # Required for publishing - environment: - name: splunk-pypi - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup-sdk-environment - with: - python-version: ${{ env.PYTHON_VERSION }} - deps-group: release - - name: Build packages for distribution - run: uv build - - name: Run AppInspect - uses: ./.github/actions/run-appinspect - - name: Publish packages to PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b - with: - repository-url: https://test.pypi.org/legacy/ - - name: Generate API reference - run: make -C ./docs html - - name: Upload docs artifact - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a - with: - name: python-sdk-docs - path: docs/_build/html diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 25be7e42..e5c0b8f1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,14 +7,15 @@ concurrency: jobs: test: + runs-on: ubuntu-latest strategy: matrix: - os: [ubuntu-latest] python-version: [3.13] splunk-version: [latest] - runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - uses: ./.github/actions/setup-sdk-environment with: python-version: ${{ matrix.python-version }} @@ -46,7 +47,8 @@ jobs: uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae with: path: .pytest_cache - key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ github.sha }} + key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ + github.sha }} restore-keys: | pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}- - name: Run unit tests diff --git a/AGENTS.md b/AGENTS.md index 5dcab5a6..8345b0ea 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -11,10 +11,10 @@ This project uses [`uv`](https://docs.astral.sh/uv/) for dependency management and running Python tools. All Python and pytest invocations should be prefixed with `uv run`. Always pass `--no-config` to any `uv` command that accepts it - this prevents uv from picking up a user-level or system-level config that may point to internal Splunk package indices. To install/sync dependencies: ```sh -make uv-sync +make install ``` -If you manually edit `pyproject.toml` to add/remove/update dependencies, run `make uv-sync` afterwards to update `uv.lock`. +If you manually edit `pyproject.toml` to add/remove/update dependencies, run `make install` afterwards to update `uv.lock`. The `Makefile` wraps `uv` commands - prefer `make` targets over invoking `uv` directly where a target exists. @@ -22,7 +22,7 @@ The `Makefile` wraps `uv` commands - prefer `make` targets over invoking `uv` di See the `Makefile` for all available targets. Common ones: -- `make uv-sync` - set up / update virtualenv +- `make install` - set up / update virtualenv - `make test` - run the full pytest suite. - `make test-unit` - unit tests only; fastest feedback loop. - `make test-integration` - integration + system coverage; requires Splunk services available (see docker targets). @@ -43,17 +43,12 @@ See the `Makefile` for all available targets. Common ones: **After editing any Python file**, format it: ```sh -# Sort imports, then format -uv run ruff check --fix $FILE -uv run ruff format $FILE +make lint ``` **Before declaring a change done**, run: ```sh -# linter -uv run basedpyright - # testing make test-unit make test-ai diff --git a/Makefile b/Makefile index a9adcdfc..fd9ea59a 100644 --- a/Makefile +++ b/Makefile @@ -116,4 +116,4 @@ docker-splunk-restart: .PHONY: docker-tail-python-log docker-tail-python-log: - docker exec -it $(CONTAINER_NAME) sudo tail $(SPLUNK_HOME)/var/log/splunk/python.log \ No newline at end of file + docker exec -it $(CONTAINER_NAME) sudo tail $(SPLUNK_HOME)/var/log/splunk/python.log diff --git a/pyproject.toml b/pyproject.toml index c1ab11e3..c4f950a1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -82,8 +82,8 @@ reportUnknownMemberType = false reportUnusedCallResult = false # https://docs.astral.sh/ruff/configuration/ -#[tool.ruff] -#line-length = 100 +[tool.ruff] +# line-length = 100 # Enable when reformatting [tool.ruff.lint] fixable = ["ALL"] From 976f974219cef280381a354245aeb637237b8042 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Thu, 7 May 2026 17:11:55 +0200 Subject: [PATCH 2/2] Make the distributable name more specific --- .github/workflows/cd.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 3aa8df1f..a820a1e0 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -11,6 +11,8 @@ jobs: # Why building is separate from publishing: # https://github.com/pypa/gh-action-pypi-publish/issues/217#issuecomment-1965727093 runs-on: ubuntu-latest + outputs: + version: ${{ steps.get-version.outputs.version }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: @@ -21,20 +23,23 @@ jobs: deps-group: release - name: Set pre-release version id: set-version - if: ${{ ! startsWith(github.ref, 'refs/tags/') }} + if: startsWith(github.ref, 'refs/tags/') != true run: | VERSION_BASE="$(uv version --short)" RUN_NUMBER="${{ github.run_number }}" COMMIT_SHA="$(git rev-parse --short HEAD)" uv version --frozen "${VERSION_BASE}.dev${RUN_NUMBER}+g${COMMIT_SHA}" + - name: Get current version + id: get-version + run: echo "version=$(uv version --short)" >> "$GITHUB_OUTPUT" - name: Build packages for distribution run: uv build - name: Run AppInspect uses: ./.github/actions/run-appinspect - - name: Upload pre-release distributables + - name: Upload distributables uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: - name: splunk-sdk + name: splunk-sdk-${{ steps.get-version.outputs.version }} path: dist/ - name: Generate API reference run: make -C ./docs html @@ -46,7 +51,7 @@ jobs: publish-pre-release: if: startsWith(github.ref, 'refs/tags/') != true - needs: build-release + needs: build-distributables runs-on: ubuntu-latest permissions: id-token: write @@ -57,7 +62,7 @@ jobs: - name: Download distributables uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: - name: splunk-sdk + name: splunk-sdk-${{ needs.build-distributables.outputs.version }} path: dist/ - name: Publish packages to Test PyPI uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b @@ -66,7 +71,7 @@ jobs: publish-release: if: startsWith(github.ref, 'refs/tags/') - needs: build-release + needs: build-distributables runs-on: ubuntu-latest permissions: id-token: write @@ -77,7 +82,7 @@ jobs: - name: Download distributables uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: - name: splunk-sdk + name: splunk-sdk-${{ needs.build-distributables.outputs.version }} path: dist/ - name: Publish packages to PyPI uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b