Skip deploy workflow when PyPI token is not defined in GitHub secre…

…ts (#147) * Technical improvement * Impacted areas: CI workflows * Details: - Skip `deploy` workflow when PyPI token is not defined in GitHub secrets - Rename the GitHub secret `PYPI_TOKEN_OPENFISCA_BOT` used in `deploy` workflow to `PYPI_TOKEN` - Ensure lint scripts work properly without reachable tags - Update deprecated syntax in GitHub Action workflow
openfisca · May 10, 2024 · 496123a · 496123a
2 parents f3204f4 + 0af37a7
commit 496123a
Show file tree

Hide file tree

Showing 8 changed files with 89 additions and 30 deletions.
diff --git a/.github/lint-changed-python-files.sh b/.github/lint-changed-python-files.sh
diff --git a/.github/lint-changed-yaml-tests.sh b/.github/lint-changed-yaml-tests.sh
diff --git a/.github/lint-files.sh b/.github/lint-files.sh
@@ -0,0 +1,32 @@
+#! /usr/bin/env bash
+
+# Usage: lint-files.sh <file_pattern> <linter_command>
+#
+# Example usage: 
+#   lint-files.sh "*.py" "flake8"
+#   lint-files.sh "tests/*.yaml" "yamllint"
+
+file_pattern=$1
+linter_command=$2
+
+if [ -z "$file_pattern" ] || [ -z "$linter_command" ]
+then
+    echo "Usage: $0 <file_pattern> <linter_command>"
+    exit 1
+fi
+
+last_tagged_commit=$(git describe --tags --abbrev=0 --first-parent 2>/dev/null) # Attempt to find the last tagged commit in the direct ancestry of the main branch avoiding tags introduced by merge commits from other branches
+
+if [ -z "$last_tagged_commit" ]
+then
+    last_tagged_commit=$(git rev-list --max-parents=0 HEAD) # Fallback to finding the root commit if no tags are present
+fi
+
+if ! changed_files=$(git diff-index --name-only --diff-filter=ACMR --exit-code $last_tagged_commit -- "$file_pattern")
+then
+    echo "Linting the following files:"
+    echo "$changed_files"
+    $linter_command $changed_files
+else
+    echo "No changed files matching pattern '$file_pattern' to lint."
+fi
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -23,12 +23,31 @@ jobs:
         with:
           python-version: 3.9.12
       - id: stop-early
-        run: if "${GITHUB_WORKSPACE}/.github/has-functional-changes.sh" ; then echo "::set-output name=status::success" ; fi
+        run: |
+          if "${GITHUB_WORKSPACE}/.github/has-functional-changes.sh"
+          then 
+            echo "status=success" >> $GITHUB_OUTPUT
+          fi
 
+  check-pypi-token: # Use intermediary job as secrets cannot be directly referenced in `if:` conditionals; see https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow
+    runs-on: ubuntu-22.04
+    outputs:
+      pypi_token_present: ${{ steps.check_token.outputs.pypi_token_present }}
+    steps:
+      - name: Check PyPI token is defined
+        id: check_token
+        run: |
+          if [[ -n "${{ secrets.PYPI_TOKEN }}" ]]
+          then
+            echo "pypi_token_present=true" >> $GITHUB_OUTPUT
+          else
+            echo "pypi_token_present=false" >> $GITHUB_OUTPUT
+          fi
+      
   deploy:
     runs-on: ubuntu-22.04
-    needs: [ validate, check-for-functional-changes ]
-    if: needs.check-for-functional-changes.outputs.status == 'success'
+    needs: [ validate, check-for-functional-changes, check-pypi-token ]
+    if: needs.check-for-functional-changes.outputs.status == 'success' && needs.check-pypi-token.outputs.pypi_token_present == 'true'
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python
@@ -46,6 +65,6 @@ jobs:
           path: dist
           key: release-${{ env.pythonLocation }}-${{ hashFiles('pyproject.toml') }}-${{ github.sha }}
       - name: Upload a Python package to PyPi
-        run: twine upload dist/* --username __token__ --password ${{ secrets.PYPI_TOKEN_OPENFISCA_BOT }}
+        run: twine upload dist/* --username __token__ --password ${{ secrets.PYPI_TOKEN }}
       - name: Publish a git tag
         run: "${GITHUB_WORKSPACE}/.github/publish-git-tag.sh"
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -33,10 +33,10 @@ jobs:
       - run: make check-style
 
       - name: Lint Python files
-        run: "${GITHUB_WORKSPACE}/.github/lint-changed-python-files.sh"
+        run: "${GITHUB_WORKSPACE}/.github/lint-files.sh '*.py' 'flake8'"
 
       - name: Lint YAML tests
-        run: "${GITHUB_WORKSPACE}/.github/lint-changed-yaml-tests.sh"
+        run: "${GITHUB_WORKSPACE}/.github/lint-files.sh 'tests/*.yaml' 'yamllint'"
 
   test-yaml:
     runs-on: ubuntu-22.04

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+### 7.1.2 [#147](https://github.com/openfisca/country-template/pull/147)
+
+* Technical improvement
+* Details:
+  - Skip `deploy` workflow when PyPI token is not defined in GitHub secrets
+  - Ensure lint scripts work properly without reachable tags
+  - Rename the GitHub secret `PYPI_TOKEN_OPENFISCA_BOT` used in `deploy` workflow to `PYPI_TOKEN`
+  - Update deprecated syntax in GitHub Actions workflow
+
 ### 7.1.1 [#146](https://github.com/openfisca/country-template/pull/146)
 
 * Technical improvement

diff --git a/README.md b/README.md
@@ -56,7 +56,28 @@ The files that are outside from the `openfisca_country_template` folder are used
 
 ## Packaging your Country Package for Distribution
 
-Country packages are python distributions. To distribute your package via `pip`, follow the steps given by the [Python Packaging Authority](https://python-packaging-user-guide.readthedocs.io/tutorials/distributing-packages/#packaging-your-project).
+Country packages are Python distributions. You can choose to distribute your package automatically via the predefined continuous deployment system on GitHub Actions, or manually.
+
+### Automatic continuous deployment on GitHub
+
+This repository is configured with a continuous deployment system to automate the distribution of your package via `pip`.
+
+#### Setting up continuous deployment
+
+To activate the continuous deployment:
+
+1. Create an account on [PyPI](https://pypi.org/) if you don't already have one.
+2. Generate a token in your PyPI account. This token will allow GitHub Actions to securely upload new versions of your package to PyPI.
+3. Add this token to your GitHub repository's secrets under the name `PYPI_TOKEN`.
+
+Once set up, changes to the `main` branch will trigger an automated workflow to build and publish your package to PyPI, making it available for `pip` installation.
+
+### Manual distribution
+
+If you prefer to manually manage the release and distribution of your package, follow the guidelines provided by the [Python Packaging Authority](https://python-packaging-user-guide.readthedocs.io/tutorials/distributing-packages/#packaging-your-project).
+
+This involves detailed steps on preparing your package, creating distribution files, and uploading them to PyPI.
+
 
 ## Install Instructions for Users and Contributors
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "openfisca-country_template"
-version = "7.1.1"
+version = "7.1.2"
 description = "OpenFisca Rules as Code model for Country-Template."
 readme = "README.md"
 keywords = ["microsimulation", "tax", "benefit", "rac", "rules-as-code"]