Publish to PyPI #1062
Open
Publish to PyPI #1062
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit refactors the docker-images GitHub Actions workflow by encapsulating behavior into 3 modules: - install-rekor-cli - sign-payload-fips - create-rekor-entry The docker-images workflow has been updated to use these new github actions modules and the old code is commented out as a reference. It should be be removed once the workflow's validity is confirmed.
This is a temporary measure to reduce the amount of redundant and unnecessary compute activity and get more rapid feedback on whether the approach is working. It should be reverted before merge.
This commit adds a new Logs tab to the Job Dashboard. It displays all logging messages sent to the REST API in a table. It includes a polling feature that will update the logs automatically for active Jobs.
This feature updates the Create Job form to allow the user to specify artifact params. When an entrypoint with artifact parameters is selected, the Artifact Params table is populated with the required artifact parameters the user must specify. The user can select valid artifacts (those whose artifact task's output type matches the type of the artifact parameter) from a dropdown. By default, the latest snapshot of the artifact is used. However, the user can choose to expand the history and select a specific snapshot instead. The filtering to display only valid artifacts is currently being done by the frontend. In the future, this will be performed by the backend via a new query.
This commit catches duplicate names of resources and parameters in a resource import TOML file. It raises a 400 BAD REQUEST error with the object names listed for the user to correct. This is distinct from the 400 CONFLICT error that can arise when there is a name conflict with an existing resource in the database. This commit also adds a new test for this category of error.
Collaborator
Author
|
The release process now uses trusted publishers; API tokens are no longer required. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds to the image building functionality introduced for issue #594 (PR #954). On tag push, this workflow will compare the pushed tag against the pyproject.toml version. If they match, the package will be built and published to PyPI and then it kicks off the image building workflow. The image building workflow now has added functionality to pull from PyPI, but is currently disabled per our discussions and can be removed entirely.
Right now this is configured to publish to the Test PyPI instance. Switching to real PyPI needs the following:
PYPI_API_TOKEN)PYPI_MODEflag in release.yml to use real PyPI