diff --git a/README.md b/README.md
index 6fb9abd4ed5ce47f9464039d11f46de8f499831c..351c50d34680e4e984073185b2fc0fd3732eac60 100644
--- a/README.md
+++ b/README.md
@@ -306,6 +306,7 @@ The release job is bound to the `publish` stage, appears only on production and
| `GIT_USERNAME` | Git username for Git push operations (see below) | _none_ |
| :lock: `GIT_PASSWORD` | Git password for Git push operations (see below) | _none_ |
| :lock: `GIT_PRIVATE_KEY`| SSH key for Git push operations (see below) | _none_ |
+| `PYTHON_RELEASE_COMMIT_MESSAGE`| The Git commit message to use on the release commit. This is templated using the [Python Format String Syntax](http://docs.python.org/2/library/string.html#format-string-syntax). Available in the template context are current_version and new_version. | `chore(python-release): {current_version} → {new_version}` |
| `PYTHON_REPOSITORY_URL`| Target PyPI repository to publish packages | _[GitLab project's PyPI packages repository](https://docs.gitlab.com/ee/user/packages/pypi_repository/)_ |
| `PYTHON_REPOSITORY_USERNAME`| Target PyPI repository username credential | `gitlab-ci-token` |
| :lock: `PYTHON_REPOSITORY_PASSWORD`| Target PyPI repository password credential | `$CI_JOB_TOKEN` |
diff --git a/kicker.json b/kicker.json
index 60821c84041cf352567abc2c4bb5829e328221a7..65ac497aff67d777ef1bca716e6159e29a6b2633 100644
--- a/kicker.json
+++ b/kicker.json
@@ -194,6 +194,12 @@
"type": "boolean",
"advanced": true
},
+ {
+ "name": "PYTHON_RELEASE_COMMIT_MESSAGE",
+ "description": "The Git commit message to use on the release commit. This is templated using the [Python Format String Syntax](http://docs.python.org/2/library/string.html#format-string-syntax). Available in the template context are current_version and new_version.",
+ "default": "chore(python-release): {current_version} → {new_version}",
+ "advanced": true
+ },
{
"name": "GIT_USERNAME",
"description": "Git username for Git push operations",
diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml
index 09ee2579ab6ab77c58302808b3cb9082b987940f..4b443f9f5d464b7938da03d1d638a5212b9124e1 100644
--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -77,6 +77,8 @@ variables:
PROD_REF: '/^(master|main)$/'
# default integration ref name (pattern)
INTEG_REF: '/^develop$/'
+ # default release tag name (pattern)
+ RELEASE_REF: '/^v?[0-9]+\.[0-9]+\.[0-9]+$/'
# compileall
PYTHON_COMPILE_ARGS: "*"
@@ -93,6 +95,7 @@ variables:
PYTHON_SBOM_OPTS: "--catalogers python-index-cataloger"
PYTHON_RELEASE_NEXT: "minor"
+ PYTHON_RELEASE_COMMIT_MESSAGE: "chore(python-release): {current_version} → {new_version}"
# By default, publish on the Packages registry of the project
# https://docs.gitlab.com/ee/user/packages/pypi_repository/#authenticate-with-a-ci-job-token
@@ -263,15 +266,7 @@ variables:
case "${PYTHON_BUILD_SYSTEM:-auto}" in
auto)
;;
- poetry*)
- log_info "--- Build system explictly declared: ${PYTHON_BUILD_SYSTEM}"
- return
- ;;
- setuptools*)
- log_info "--- Build system explictly declared: ${PYTHON_BUILD_SYSTEM}"
- return
- ;;
- pipenv*)
+ poetry*|setuptools*|pipenv*)
log_info "--- Build system explictly declared: ${PYTHON_BUILD_SYSTEM}"
return
;;
@@ -332,6 +327,14 @@ variables:
fi
}
+ function maybe_install_poetry() {
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]] && ! command -v poetry > /dev/null
+ then
+ # shellcheck disable=SC2086
+ pip install ${PIP_OPTS} "$PYTHON_BUILD_SYSTEM"
+ fi
+ }
+
# install requirements
function install_requirements() {
case "$PYTHON_BUILD_SYSTEM" in
@@ -339,8 +342,7 @@ variables:
if [[ ! -f "poetry.lock" ]]; then
log_warn "Using Poetry but \\e[33;1mpoetry.lock\\e[0m file not found: you shall commit it with your project files"
fi
- # shellcheck disable=SC2086
- pip install ${PIP_OPTS} "$PYTHON_BUILD_SYSTEM"
+ maybe_install_poetry
poetry install ${PYTHON_EXTRA_DEPS:+--extras "$PYTHON_EXTRA_DEPS"}
;;
setuptools*)
@@ -380,10 +382,9 @@ variables:
}
function _run() {
- if [[ "${PYTHON_BUILD_SYSTEM}" =~ poetry.* ]]
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
- # shellcheck disable=SC2086
- if ! command -v poetry > /dev/null; then pip install ${PIP_OPTS} poetry; fi
+ maybe_install_poetry
poetry run "$@"
else
"$@"
@@ -399,19 +400,16 @@ variables:
_run pip ${PIP_OPTS} "$@"
}
- function _package() {
- case "$PYTHON_BUILD_SYSTEM" in
- poetry)
- # shellcheck disable=SC2086
- if ! command -v poetry > /dev/null; then pip install ${PIP_OPTS} poetry; fi
+ function py_package() {
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
+ then
+ maybe_install_poetry
poetry build
- ;;
- *)
+ else
# shellcheck disable=SC2086
pip install ${PIP_OPTS} build
python -m build
- ;;
- esac
+ fi
}
function configure_scm_auth() {
@@ -437,44 +435,7 @@ variables:
fi
}
- function _release() {
- # 0: guess packaging system
- if [[ -f "pyproject.toml" ]]
- then
- # that might be PEP 517 if a build-backend is specified
- # otherwise it might be only used as configuration file for development tools...
- build_backend=$(sed -rn 's/^build-backend *= *"([^"]*)".*/\1/p' pyproject.toml)
- if [[ "$build_backend" ]]
- then
- case "$build_backend" in
- poetry.core.masonry.api)
- log_info "--- Packaging system auto-detected: Poetry"
- pkg_system="poetry"
- ;;
- setuptools.build_meta)
- log_info "--- Packaging system auto-detected: Setuptools (PEP 517)"
- pkg_system="setuptools"
- ;;
- *)
- log_error "--- Unsupported PEP 517 backend \\e[33;1m${build_backend}\\e[0m: abort"
- exit 1
- ;;
- esac
- fi
- fi
-
- if [[ -z "$pkg_system" ]]
- then
- if [[ -f "setup.py" ]]
- then
- log_info "--- Packaging system auto-detected: Setuptools (legacy)"
- pkg_system="setuptools"
- else
- log_error "--- Couldn't find any supported packaging system: abort"
- exit 1
- fi
- fi
-
+ function py_release() {
# 1: retrieve next release info from semantic-release
if [ "$SEMREL_INFO_ON" ] && [ "$PYTHON_SEMREL_RELEASE_DISABLED" != "true" ]
then
@@ -491,47 +452,48 @@ variables:
fi
# 2: bumpversion (+ Git commit & tag)
- if [[ "$pkg_system" == "poetry" ]]
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
- # shellcheck disable=SC2086
- if ! command -v poetry > /dev/null; then pip install ${PIP_OPTS} poetry; fi
+ maybe_install_poetry
if [[ -z "$py_next_version" ]]
then
py_cur_version=$(poetry version --short)
py_next_version="$PYTHON_RELEASE_NEXT"
fi
- log_info "[Poetry] change version \\e[1;94m${py_cur_version}\\e[0m → \\e[1;94m${py_next_version}\\e[0m"
+ log_info "[poetry] change version \\e[1;94m${py_cur_version}\\e[0m → \\e[1;94m${py_next_version}\\e[0m"
poetry version ${TRACE+--verbose} "$py_next_version"
# eval exact next version
py_next_version=$(poetry version --short)
+ # Git commit and tag
git add pyproject.toml
- git commit -m "chore(python-release): $py_cur_version → $py_next_version [ci skip]"
+ # emulate Bumpversion to generate commit message
+ py_commit_message=$(python -c "print('$PYTHON_RELEASE_COMMIT_MESSAGE'.format(current_version='$py_cur_version', new_version='$py_next_version'))")
+ git commit -m "$py_commit_message"
git tag "$py_next_version"
else
# Setuptools / bumpversion
# shellcheck disable=SC2086
pip install ${PIP_OPTS} bumpversion
- py_commit_message="chore(python-release): {current_version} → {new_version} [ci skip]"
if [[ "$py_next_version" ]]
then
# explicit release version (semantic-release)
- log_info "[Setuptools] bumpversion \\e[1;94m${py_cur_version}\\e[0m → \\e[1;94m${py_next_version}\\e[0m"
+ log_info "[bumpversion] change version \\e[1;94m${py_cur_version}\\e[0m → \\e[1;94m${py_next_version}\\e[0m"
# create cfg in case it doesn't exist - will be updated by bumpversion
touch .bumpversion.cfg
- bumpversion ${TRACE+--verbose} --current-version "$py_cur_version" --commit --message "$py_commit_message" --tag --tag-name "{new_version}" "$py_release_part"
+ bumpversion ${TRACE+--verbose} --current-version "$py_cur_version" --commit ${PYTHON_RELEASE_COMMIT_MESSAGE+--message "$PYTHON_RELEASE_COMMIT_MESSAGE"} --tag --tag-name "{new_version}" "$py_release_part"
elif [[ -f ".bumpversion.cfg" ]]
then
# current version shall be set in .bumpversion.cfg
py_release_part="$PYTHON_RELEASE_NEXT"
log_info "[bumpversion] increase \\e[1;94m${py_release_part}\\e[0m"
- bumpversion ${TRACE+--verbose} --commit --message "$py_commit_message" --tag --tag-name "{new_version}" "$py_release_part"
+ bumpversion ${TRACE+--verbose} --commit ${PYTHON_RELEASE_COMMIT_MESSAGE+--message "$PYTHON_RELEASE_COMMIT_MESSAGE"} "$PYTHON_RELEASE_COMMIT_MESSAGE" --tag --tag-name "{new_version}" "$py_release_part"
elif [[ -f "setup.py" ]]
then
# retrieve current version from setup.py
py_cur_version=$(python setup.py --version)
py_release_part="$PYTHON_RELEASE_NEXT"
- log_info "[Setuptools] bumpversion ($py_release_part) from \\e[1;94m${py_cur_version}\\e[0m"
- bumpversion ${TRACE+--verbose} --current-version "$py_cur_version" --commit --message "$py_commit_message" --tag --tag-name "{new_version}" "$py_release_part" setup.py
+ log_info "[bumpversion] increase \\e[1;94m${py_release_part}\\e[0m (from current \\e[1;94m${py_cur_version}\\e[0m)"
+ bumpversion ${TRACE+--verbose} --current-version "$py_cur_version" --commit ${PYTHON_RELEASE_COMMIT_MESSAGE+--message "$PYTHON_RELEASE_COMMIT_MESSAGE"} --tag --tag-name "{new_version}" "$py_release_part" setup.py
else
log_error "--- setup.py or .bumpversion.cfg file required to retrieve current version: cannot perform release"
exit 1
@@ -542,28 +504,28 @@ variables:
log_info "--- git push commit and tag..."
git push "$git_auth_url" "$CI_COMMIT_REF_NAME"
git push "$git_auth_url" --tags
+ }
- # 4: build new version distribution
- log_info "--- build distribution packages..."
- if [[ "$pkg_system" == "poetry" ]]
+ function py_publish() {
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
+ maybe_install_poetry
+
+ log_info "--- build packages (poetry)..."
poetry build ${TRACE+--verbose}
+
+ log_info "--- publish packages (poetry)..."
+ poetry config repositories.user_defined "$PYTHON_REPOSITORY_URL"
+ poetry publish ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository user_defined
else
# shellcheck disable=SC2086
- pip install ${PIP_OPTS} build
+ pip install ${PIP_OPTS} build twine
+
+ log_info "--- build packages (build)..."
rm -rf dist
python -m build
- fi
- # 5: publish packages
- log_info "--- publish distribution packages..."
- if [[ "$pkg_system" == "poetry" ]]
- then
- poetry config repositories.user_defined "$PYTHON_REPOSITORY_URL"
- poetry publish ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository user_defined
- else
- # shellcheck disable=SC2086
- pip install ${PIP_OPTS} twine
+ log_info "--- publish packages (twine)..."
twine upload ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository-url "$PYTHON_REPOSITORY_URL" dist/*
fi
}
@@ -572,6 +534,14 @@ variables:
# ENDSCRIPT
+###############################################################################################
+# stages definition #
+###############################################################################################
+stages:
+ - build
+ - test
+ - publish
+
###############################################################################################
# Generic python job #
###############################################################################################
@@ -594,14 +564,6 @@ variables:
- cd ${PYTHON_PROJECT_DIR}
- guess_build_system
-###############################################################################################
-# stages definition #
-###############################################################################################
-stages:
- - build
- - test
- - publish
-
###############################################################################################
# build stage #
###############################################################################################
@@ -610,7 +572,7 @@ py-package:
extends: .python-base
stage: build
script:
- - _package
+ - py_package
artifacts:
paths:
- $PYTHON_PROJECT_DIR/dist/*
@@ -811,7 +773,7 @@ py-trivy:
- apt-get update
- apt-get install trivy
- |
- if [[ "$PYTHON_BUILD_SYSTEM" =~ poetry.* ]]
+ if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
# When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel
# These @file URLs in requirements.txt are not supported by Trivy
@@ -862,7 +824,7 @@ py-sbom:
- install_requirements
- |
case "$PYTHON_BUILD_SYSTEM" in
- setuptools* | reqfile)
+ setuptools*|reqfile)
_pip freeze > "${PYTHON_REQS_FILE}"
;;
esac
@@ -906,7 +868,7 @@ py-release:
- git config --global user.name "$GITLAB_USER_LOGIN"
- git checkout -B $CI_COMMIT_REF_NAME
- configure_scm_auth
- - _release
+ - py_release
artifacts:
paths:
- $PYTHON_PROJECT_DIR/dist/*
@@ -918,3 +880,19 @@ py-release:
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
when: manual
allow_failure: true
+
+# (auto from release tag): publishes the Python package(s) to a PyPi registry
+py-publish:
+ extends: .python-base
+ stage: publish
+ script:
+ - py_publish $CI_COMMIT_TAG
+ artifacts:
+ paths:
+ - $PYTHON_PROJECT_DIR/dist/*
+ rules:
+ # exclude if $PYTHON_RELEASE_ENABLED not set
+ - if: '$PYTHON_RELEASE_ENABLED != "true"'
+ when: never
+ # on tag with release pattern: auto
+ - if: '$CI_COMMIT_TAG =~ $RELEASE_REF'