Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-91172: Create a workflow for verifying bundled pip and setuptools #31885

Merged
merged 33 commits into from
Jun 22, 2022
Merged

gh-91172: Create a workflow for verifying bundled pip and setuptools #31885

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
e4a8faf
bpo-47016: Create a workflow for verifying bundled pip and setuptools
illia-v Mar 14, 2022
a57cd3a
Corrupt the bundled pip wheel to test the new workflow
illia-v Mar 14, 2022
dcba624
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-v Mar 14, 2022
08a1043
Fix naming style of the new workflow
illia-v Mar 14, 2022
6edd10f
Allow manual triggering the new workflow
illia-v Mar 14, 2022
6f0d809
Bump actions/checkout to v3
illia-v Mar 15, 2022
809e4db
Create a separate script for verifying bundled wheels
illia-v Mar 15, 2022
e46f87d
Corrupt the bundled pip wheel to test the new workflow
illia-v Mar 14, 2022
594644b
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-v Mar 14, 2022
a35673b
Rename the workflow file
illia-v Mar 15, 2022
c82810c
Merge branch 'main' into bpo-47016
illia-v Jun 6, 2022
5210374
Add verify-ensurepip-wheels.py
AA-Turner Jun 6, 2022
7d44bbf
Update verify-bundled-wheels.yml
AA-Turner Jun 6, 2022
633881d
Make workflow permissions explicit
illia-v Jun 6, 2022
40ff278
Add shebang and file mode permissions for unix users
AA-Turner Jun 6, 2022
685c388
git mv verify-ensurepip-wheels verify_ensurepip_wheels
AA-Turner Jun 6, 2022
a2e7cd4
git mv verify-bundled-wheels verify-ensurepip-wheels
AA-Turner Jun 6, 2022
d6a355d
Address review
AA-Turner Jun 6, 2022
a27b7bc
Merge remote-tracking branch 'illia-v/bpo-47016' into bpo-47016
AA-Turner Jun 6, 2022
5acf921
Merge pull request #1 from AA-Turner/bpo-47016
illia-v Jun 7, 2022
7122121
Delete the shell script
illia-v Jun 7, 2022
e1b276a
Mention Adam Turner in the news entry
illia-v Jun 7, 2022
6492602
Corrupt the bundled pip wheel to test the updated workflow
illia-v Jun 7, 2022
6625719
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v Jun 7, 2022
0226c29
Refactor the script to fix the test
illia-v Jun 7, 2022
26cba98
Refactor the script even more
illia-v Jun 8, 2022
0d3dfaf
Make `GITHUB_ACTIONS` a boolean
illia-v Jun 17, 2022
fe4c423
Stop using `actions/setup-python`
illia-v Jun 17, 2022
6786960
Corrupt the bundled pip wheel to test the updated workflow
illia-v Jun 7, 2022
01d3386
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v Jun 7, 2022
7e283c3
Make changes to more files invoke the workflow
illia-v Jun 20, 2022
a74629c
Make the workflow use `actions/setup-python` again
illia-v Jun 20, 2022
66a91ac
Merge branch 'main' into bpo-47016
illia-v Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/verify_bundled_wheels.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Verify bundled pip and setuptools

on:
workflow_dispatch:
push:
paths:
- 'Lib/ensurepip/_bundled/**'
pull_request:
paths:
- 'Lib/ensurepip/_bundled/**'

jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Compare checksums of bundled pip and setuptools to ones published on PyPI
run: ./Misc/verify-bundled-wheels.sh
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Create a GitHub Actions workflow for verifying bundled pip and setuptools.
Patch by Illia Volochii.
46 changes: 46 additions & 0 deletions Misc/verify-bundled-wheels.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/bin/sh

#
# Purpose: Compare checksums of bundled pip and setuptools to ones
# published on PyPI (retrieved via the Warehouse’s JSON API).
#
# Synopsis: ./Misc/verify-bundled-wheels.sh
#
# Requirements: curl, jq
#

cd "$(dirname "$0")/.."
package_names="pip setuptools"
exit_status=0

for package_name in ${package_names}; do
package_path=$(find Lib/ensurepip/_bundled/ -name "${package_name}*.whl")
echo "$package_path"

package_name_uppercase=$(echo "$package_name" | tr "[:lower:]" "[:upper:]")
package_version=$(
grep -Pom 1 "_${package_name_uppercase}_VERSION = \"\K[^\"]+" Lib/ensurepip/__init__.py
)
expected_digest=$(curl -fs "https://pypi.org/pypi/${package_name}/json" | jq --raw-output "
.releases.\"${package_version}\"
| .[]
| select(.filename == \"$(basename "$package_path")\")
| .digests.sha256
")
echo "Expected digest: ${expected_digest}"

actual_digest=$(sha256sum "$package_path" | awk '{print $1}')
echo "Actual digest:\t ${actual_digest}"

# The messages are formatted to be parsed by GitHub Actions.
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-a-notice-message
if [ "$actual_digest" = "$expected_digest" ]; then
echo "::notice file=${package_path}::Successfully verified checksum of this wheel."
else
echo "::error file=${package_path}::Failed to verify checksum of this wheel."
exit_status=1
fi
echo
done

exit $exit_status