Unverified Commit cb118201 authored by Jonathan Crall's avatar Jonathan Crall
Browse files

setup CI

parent 6300ab59
Pipeline #165556 failed with stages
in 59 seconds
# Note: expand yaml
# yaml merge-expand .gitlab-ci.yml _expandyml && cat _expandyml
#
# GITLAB LINTER
# https://gitlab.kitware.com/computer-vision/kwarray/-/ci/lint
# This CI file has 4 types of jobs:
# (1) in the build stage we we build the wheels on a manylinux docker image
# (2) then in the test stage we install the wheels, run unit tests, and measure coverage
# (3) after testing we sign the wheels with the CI's GPG key
# (4) finally if we are on the release branch we will push the signed wheels to pypi
stages:
- build
- test
- gpgsign
- deploy
### TEMPLATES ###
# Define common templates using YAML anchors
.common_template: &common_template
tags:
# Tags define which runners will accept which jobs
- docker
- linux
variables:
# Change pip's cache directory to be inside the project directory since we can
# only cache local items.
PIP_CACHE_DIR: "$CI_PROJECT_DIR/mb_work/cache_pip"
.build_template: &build_template
# Tags define which runners will accept which jobs
<<:
- *common_template
stage:
build
before_script:
- python -V # Print out python version for debugging
script:
- python setup.py bdist_wheel --universal
cache:
paths:
- .cache/pip
artifacts:
paths:
- dist/*.whl
.test_full_template: &test_full_template
# Tags define which runners will accept which jobs
<<:
- *common_template
stage:
test
before_script:
- python -V # Print out python version for debugging
- export PYVER=$(python -c "import sys; print('{}{}'.format(*sys.version_info[0:2]))")
- pip install virtualenv
- virtualenv venv$PYVER
- source venv$PYVER/bin/activate
- pip install pip -U
- pip install pip setuptools -U
- python -V # Print out python version for debugging
- pip install -r requirements.txt
- pip install .
script:
- ./run_tests.py
cache:
paths:
- .cache/pip
- venv/
# Coverage is a regex that will parse the coverage from the test stdout
coverage: '/TOTAL.+ ([0-9]{1,3}%)/'
.__gpg_heredoc__: &__gpg_heredoc__
- |
# THIS IS NOT EXECUTE ON THE CI, THIS IS FOR DEVELOPER REFERENCE
# ON HOW THE ENCRYPTED GPG KEYS ARE SETUP.
# Load or generate secrets
source $(secret_loader.sh)
echo $CI_KITWARE_SECRET
echo $TWINE_USERNAME
# ADD RELEVANT VARIABLES TO GITLAB SECRET VARIABLES
# https://gitlab.kitware.com/computer-vision/kwarray/-/settings/ci_cd
# Note that it is important to make sure that these variables are
# only decrpyted on protected branches by selecting the protected
# and masked option. Also make sure you have master and release
# branches protected.
# https://gitlab.kitware.com/computer-vision/kwarray/-/settings/repository#js-protected-branches-settings
# HOW TO ENCRYPT YOUR SECRET GPG KEY
IDENTIFIER="travis-ci-Erotemic"
GPG_KEYID=$(gpg --list-keys --keyid-format LONG "$IDENTIFIER" | head -n 2 | tail -n 1 | awk '{print $1}' | tail -c 9)
echo "GPG_KEYID = $GPG_KEYID"
# Export plaintext gpg public keys, private keys, and trust info
mkdir -p dev
gpg --armor --export-secret-keys $GPG_KEYID > dev/ci_secret_gpg_key.pgp
gpg --armor --export $GPG_KEYID > dev/ci_public_gpg_key.pgp
gpg --export-ownertrust > dev/gpg_owner_trust
# Encrypt gpg keys and trust with CI secret
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -e -a -in dev/ci_public_gpg_key.pgp > dev/ci_public_gpg_key.pgp.enc
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -e -a -in dev/ci_secret_gpg_key.pgp > dev/ci_secret_gpg_key.pgp.enc
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -e -a -in dev/gpg_owner_trust > dev/gpg_owner_trust.enc
echo $GPG_KEYID > dev/public_gpg_key
# Test decrpyt
cat dev/public_gpg_key
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_public_gpg_key.pgp.enc
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/gpg_owner_trust.enc
GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_secret_gpg_key.pgp.enc
source $(secret_unloader.sh)
# Look at what we did, clean up, and add it to git
ls dev/*.enc
rm dev/gpg_owner_trust dev/*.pgp
git status
git add dev/*.enc
git add dev/public_gpg_key
.gpgsign_template: &gpgsign_template
<<:
- *common_template
stage:
gpgsign
script:
- export GPG_EXECUTABLE=gpg
- export GPG_KEYID=$(cat dev/public_gpg_key)
- echo "GPG_KEYID = $GPG_KEYID"
- $GPG_EXECUTABLE --version
- openssl version
- $GPG_EXECUTABLE --list-keys
- $GPG_EXECUTABLE --list-keys
# Decrypt and import GPG Keys / trust
# note CI_KITWARE_SECRET is a protected variables only available on master and release branch
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_secret_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- $GPG_EXECUTABLE --list-keys || echo "first one fails for some reason"
- $GPG_EXECUTABLE --list-keys
# The publish script only builds wheels and does gpg signing if TAG_AND_UPLOAD is False
- MB_PYTHON_TAG=$MB_PYTHON_TAG USE_GPG=True GPG_KEYID=$GPG_KEYID TWINE_PASSWORD=$TWINE_PASSWORD TWINE_USERNAME=$TWINE_USERNAME GPG_EXECUTABLE=$GPG_EXECUTABLE DEPLOY_BRANCH=release TAG_AND_UPLOAD=False ./publish.sh
artifacts:
paths:
- dist/*.asc
- dist/*.tar.gz
- dist/*.whl
only:
refs:
# Gitlab will only expose protected variables on protected branches
# (which I've set to be master and release), so only run this stage
# there.
- master
- release
.deploy_template: &deploy_template
<<:
- *common_template
stage:
deploy
script:
- export GPG_EXECUTABLE=gpg
- export GPG_KEYID=$(cat dev/public_gpg_key)
- echo "GPG_KEYID = $GPG_KEYID"
- $GPG_EXECUTABLE --version
- openssl version
- $GPG_EXECUTABLE --list-keys
- $GPG_EXECUTABLE --list-keys
# Decrypt and import GPG Keys / trust
# note CI_KITWARE_SECRET is a protected variables only available on master and release branch
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
- GLKWS=$CI_KITWARE_SECRET openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:GLKWS -d -a -in dev/ci_secret_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- $GPG_EXECUTABLE --list-keys || echo "first one fails for some reason"
- $GPG_EXECUTABLE --list-keys
# Install twine
- pip install six pyopenssl ndg-httpsclient pyasn1 -U
- pip install requests[security] twine
# Execute the publish script for real this time
- MB_PYTHON_TAG=$MB_PYTHON_TAG USE_GPG=True GPG_KEYID=$GPG_KEYID TWINE_PASSWORD=$TWINE_PASSWORD TWINE_USERNAME=$TWINE_USERNAME GPG_EXECUTABLE=$GPG_EXECUTABLE CURRENT_BRANCH=release DEPLOY_BRANCH=release TAG_AND_UPLOAD=yes ./publish.sh
only:
refs:
- release
.build_install_test: &build_install_test
- pip install -r requirements.txt -U
### JOBS ###
# Define the actual jobs
# ---------------
# Python 3.8 Jobs
build/cp38-cp38-linux:
<<:
- *build_template
image:
python:3.8
test_full/cp38-cp38-linux:
<<:
- *test_full_template
image:
python:3.8
# for universal builds we only need to gpg sign once
gpgsign/cp38-cp38-linux:
<<:
- *gpgsign_template
image:
python:3.8
deploy/cp38-cp38-linux:
<<:
- *deploy_template
image:
python:3.8
# ---------------
# Python 3.7 Jobs
build/cp37-cp37m-linux:
<<:
- *build_template
image:
python:3.7
test_full/cp37-cp37m-linux:
<<:
- *test_full_template
image:
python:3.7
# for universal builds we only need to gpg sign once
gpgsign/cp37-cp37m-linux:
<<:
- *gpgsign_template
image:
python:3.7
deploy/cp37-cp37m-linux:
<<:
- *deploy_template
image:
python:3.7
# ---------------
# Python 3.6 Jobs
build/cp36-cp36m-linux:
<<:
- *build_template
image:
python:3.6
test_full/cp36-cp36m-linux:
<<:
- *test_full_template
image:
python:3.6
#gpgsign/cp36-cp36m-linux:
# <<:
# - *gpgsign_template
# image:
# python:3.6
#deploy/cp36-cp36m-linux:
# <<:
# - *deploy_template
# image:
# python:3.6
# ---------------
# Python 3.5 Jobs
build/cp35-cp35m-linux:
<<:
- *build_template
image:
python:3.5
test_full/cp35-cp35m-linux:
<<:
- *test_full_template
image:
python:3.5
#gpgsign/cp35-cp35m-linux:
# <<:
# - *gpgsign_template
# image:
# python:3.5
#deploy/cp35-cp35m-linux:
# <<:
# - *deploy_template
# image:
# python:3.5
# ---------------
# Python 2.7 Jobs
build/cp27-cp27mu-linux:
<<:
- *build_template
image:
python:2.7
test_full/cp27-cp27mu-linux:
<<:
- *test_full_template
image:
python:2.7
#gpgsign/cp27-cp27mu-linux:
# <<:
# - *gpgsign_template
# image:
# python:2.7
#deploy/cp27-cp27mu-linux:
# <<:
# - *deploy_template
# image:
# python:2.7
U2FsdGVkX19gbRNrKnZs2bXOlRynqpeVdtlzkIACifp4JtprEtPLtQMtNHDrPEoN
QfXrpuJvu8adp2E7NPnQThLcS3nW/tHL3T4lYGPTVSRXnqOo3wpzo+/eFnQGRS4T
SAhXZVCNuv2lkMJtEYKTbqDZPkZyakNLzvP4hcQrxFfFTiaZSmVnNvFjpDnAe/ov
pNh7GwmvvmNb3c00y5oTfH1b4WzXN1lmRTWCihtWdyabysKGbfnDFaAp/JW74bN7
O3x0dADxsyX0rHAc/TccV79QzSiQ+Pg57hchyW37GF1WGMQMlmHgPmAG3Gttm2Q/
JlDX8euYqdwIRhuZlqsQfvLlZ24Lm2sOyqaBpBXuW0wfQaK9SkB23yZk3KqMM0u+
PwuUYo9cMYw+KXFqBRkR4nVMasPwwYkfxC2NCWTUWtaLG/AtiTolpNfp0lSMbjQl
AQ4OmJJdvu6aDqPOAwELRx1Hf/7Skt3YzftdasyEbGymuEhxqRiIX40z2jGRKDvq
eULs87pTSuIobCL17BC08tq18A5aJq0vlAW/L9U3MSbobSwDWDyRQGsoSsi70QKh
FqrnqlsqVYLMvfsrp7MbxZzfTULUQRmGsr/WXgKcqlGHfSNRUhMitvU4N6IJ9CsI
P5nPb5gmYOQtuRndfny5Hr/M1Ip1TwiUEfQXIibdgbXDy90hSE77mAU1d6e/gS8Z
VAJg7R/2JA7IOumc69u5JLVsfgpoyMefxcs59+jrwK4GUHSnQeIVlXKy3CeajQ11
WlxfmJMr7eptloJTRg3mlzyXA8hekMTjEyFqNQkyHU1pbDDTo68k/vfygZXmcgAQ
q1FkDxfiUlOeJqVBkY6UD6cEkrjTEgDsFdvckV0e2406Mpr7pu58v4YbSz2sPILZ
JK8+vpgJ3vAHFPnmoXxGkDjj++SloYK7riW8Yh09n+/RRNCjYMSLUAuIp5vPXT5+
c9s4C2uSeRKp1l/4v13ei0jbMwAvtwOuRG7nTlhFHu65Q0PVrBdn9AIiBbu7U6p6
U2FsdGVkX19gt1Owz1DB7MgMtpjr2gpOiLbxH4bA9w7l36V6w/rfwqhEfghjg4g1
lfj57eWFfloIIlYvrRrOKmwwVPVgQierm4FetGKrlhkBU6SG0aEZXzWQRFm8ZvlJ
S7M61/xwAxb4lu5T9E9Y1HgT/h9tMq8eOsWepCLg53HD5VPRL/ltSEK12OwbxMe9
m5sALjuiMysZFi9ryicvbMkVm/4U0IOr9cmbIqTg6c2y/scTXOSrTmhvVMpcNTwJ
qZN4ZwBVtkP1fbQDxiww0TCeK6JynksSzmfEwKQER13FzkTqGBRJ162Iz8DRQQqr
ofWl+mXlDCit9jXFAad+aZy+BqG6NwLOEuZCXKJNKQKPhtTB5jCXI9BPbtkhVSDj
vnS8gOIcikYftKyANkcSJBFlf2QQtfJUI9CiNATzG1nmWc011gRMfxzJ+2YvjzFG
9bx+by3Fz+nowq+tue4VFkBDa1cqBr2u5AurCa79C9PKEcfq9xdWIzA1rBZ2/Upv
DQvVDt3c1BSkgMwO8pJo7i5Xs6g4bZ0M0Mr8+Rs04yuHEftbw+M58hAvuj7A6MoM
4tT+nyQw6Rx4tRitn9Ick/XhGiuS7WNIJcZC3T3I5O1lmenq1HhJ0Ld57Gi7QL4O
Y+qn29f+9M2swt7yUFoblbNnN8vq9uzJ8ZsqUKmgGqYf8hWZXQRsOFHlvEhtXCs9
otHM2+/TMkZK98VXm2dnI/kKJbpHL6PmorHPGyintiCG5f3WnHNzJaB1/m4WeO6b
RRyko7xTEESbtJtGQGoIzllIKUNZg5s7jn+elEjCU6baboCVrqhIshqkZYiJhZ94
MGO6pZGldd3+aPAlg1pWDIIwR8hkgeEmMaGYPq7HAY8MtrWtv+ztJCMzpWdjTqSm
S1GLeaq0uhZb/FDiK+ZrteUlswD7GIdbWL5UKmPBBn+07VFW0QXaau4/1xPclmvX
AyD6kid01n7iLDPtAqOxSaHovsMtciIapxPd1eKQTCGTwAI5lU1x2hvsHramUhBs
BwbYGKKRF1HpPoB9BcsH5t6lYVqx40RUq9D9LUiNA17XvCNszo93ZuM8LYot05vj
tCHTqK0jpi2899IRkWd1Gjg7VPEvE7AKsKfUvz2uRuDK9pJdVPaDumbM07GKMoGv
U2FsdGVkX19ozBB89feXs8KwrW5fO2KjC1Iljc0lUKC2mEQP6kTz7QwFoiyvM8+W
YNCZ2U5UBUJrFOC8ZIzqY4KMp3yDlIJiDFxyuJxUKKRXb3a31sRemlUk2COJ+SEz
cZccLHLib0COM+qhc+l5j7d4JERt2xTYYHZft0j7xLdiuRe/pW/i1qqPvsD5wEWo
HbA3POe5FVMRcMDFGpYGn36nJOgG8/0dtbIy0JI94WWXjERNKrCFBdnVLfqTrirA
muObZgUi9nuEZKZ9f3MI1v1kbRtVXUpQ1Xjr9cp/Z6X8n1MTUuwJe5LUC5a24awM
0KVdRMlPE3hVXo2tXPLgl2T/kmRI23ukxBnSD2Ho94rQ/16+XUw6KKLhtQWsBeWb
y3YhU6rqJ7BrbflnPIQ//p5qq5ARoTG+kVdieZLFn8A=
__version__ = '0.0.1.dev0'
__version__ = '0.0.1'
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Installation:
pip install git+https://github.com/Erotemic/liberator.git
Developing:
git clone https://github.com/Erotemic/liberator.git
pip install -e liberator
"""
import sys
from os.path import exists
......@@ -183,8 +175,7 @@ if __name__ == '__main__':
name=NAME,
version=VERSION,
author='Jon Crall',
description=('A Python utility belt containing simple tools, '
'a stdlib like feel, and extra batteries.'),
description=('static code extractor for Python'),
long_description=parse_description(),
long_description_content_type='text/x-rst',
install_requires=parse_requirements('requirements/runtime.txt'),
......@@ -193,8 +184,8 @@ if __name__ == '__main__':
'tests': parse_requirements('requirements/tests.txt'),
'optional': parse_requirements('requirements/optional.txt'),
},
author_email='erotemic@gmail.com',
url='https://github.com/Erotemic/liberator',
author_email='jon.crall@kitware.com',
url='https://gitlab.kitware.com/python/liberator',
license='Apache 2',
packages=find_packages('.'),
classifiers=[
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment