~gpanders/pushbroom

0f7e6f4c4c933ae1dee29ed31cf955d999a4c42c — Gregory Anders a month ago 9eb59c4
Update build manifest

* Don't upload artifacts to sourcehut
* Use API token for PyPI
* Suppress echo statements to protect password
* Use nixos as build image (which includes poetry)
1 files changed, 14 insertions(+), 30 deletions(-)

M .build.yml
M .build.yml => .build.yml +14 -30
@@ 1,13 1,10 @@
image: debian/stable
image: nixos/latest
packages:
    - git
    - curl
    - python3
    - python3-distutils
    - nixos.git
    - nixos.poetry
secrets:
    - 78f39fb6-1185-492f-9c21-f755e10b5e5d
    - 4039c3d1-35f1-4378-b015-8a9c98b4a0cf
    - 555df4e1-b3c6-49dc-bd4e-b02f8ed0fff3
    - 78f39fb6-1185-492f-9c21-f755e10b5e5d # ssh key for mirroring
    - 855e9a3c-26b0-43ea-99e7-9ed40788a272 # pypi credentials
environment:
    GIT_SSH_COMMAND: ssh -o StrictHostKeyChecking=no
triggers:


@@ 16,36 13,23 @@ triggers:
      to: Gregory Anders <greg@gpanders.com>
tasks:
    - setup: |
        curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python3
        [ "$BUILD_REASON" != 'github-pr' ] || complete-build
        echo 'cd pushbroom' >> ~/.buildenv
    - mirror: |
        cd pushbroom
        git push --force --mirror git@github.com:gpanders/pushbroom
    - test: |
        cd pushbroom
        . $HOME/.poetry/env
        poetry install
        poetry run pytest
    - publish: |
        cd pushbroom
        tag=$(git describe --exact-match 2>/dev/null || true)
        if [ -z "$tag" ]; then
            echo "Current commit is not a tag; not building anything"
        else
            . $HOME/.poetry/env
            version=$(echo "$tag" | tr -d 'v')
            curdir=$(pwd)
            tmpdir=$(mktemp -d)

            git worktree add "$tmpdir" "$tag"
            cd "$tmpdir"

            poetry build
            exit 0
        fi

            # Upload to PyPI
            . ~/.pypi-credentials
            poetry publish -u "$PYPI_USERNAME" -p "$PYPI_PASSWORD"
        version=$(echo "$tag" | tr -d 'v')
        poetry build

            # Upload to sourcehut
            export SRHT_TOKEN=$(cat ~/.srht-token)
            curl -H Authorization:"token $SRHT_TOKEN" -F file=@dist/pushbroom-"$version"-py3-none-any.whl https://git.sr.ht/api/repos/pushbroom/artifacts/"$tag"
        fi
        set +x
        . ~/.pypi-credentials
        poetry publish -u "$PYPI_USERNAME" -p "$PYPI_PASSWORD"