Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mix fixes and prep release for 0.0.17 #72

Merged
merged 4 commits into from
Nov 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,23 @@ jobs:
name: distributions
path: dist/

generate-provenance:
name: Generate GitHub build provenances
runs-on: ubuntu-latest
needs: [build]
permissions:
id-token: write # to sign the provenance
attestations: write # to persist the attestation files
steps:
- name: Download distributions
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: distributions
path: dist/
- name: Create provenances
uses: actions/attest-build-provenance@v1
with:
subject-path: 'dist/*'

publish:
name: Publish Python 🐍 distributions 📦 to PyPI
Expand Down
14 changes: 12 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.17]

### Fixed

- The `GitLabPublisher` policy now takes the workflow file path in order to
Expand All @@ -17,6 +19,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
similar to `GitHubPublisher`'s behavior
([#71](https://github.com/trailofbits/pypi-attestations/pull/71)).


### Changed

- Publisher classes (`GitLabPublisher` and `GitHubPublisher`) no longer take a claims
dictionary during construction
([#72](https://github.com/trailofbits/pypi-attestations/pull/72)).

## [0.0.16]

### Added
Expand Down Expand Up @@ -184,8 +193,9 @@ This is a corrective release for [0.0.14].

- Initial implementation

[Unreleased]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.16...HEAD
[0.0.16]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.15...v0.0.15
[Unreleased]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.17...HEAD
[0.0.17]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.16...v0.0.17
[0.0.16]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.15...v0.0.16
[0.0.15]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.14...v0.0.15
[0.0.14]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.13...v0.0.14
[0.0.13]: https://github.com/trailofbits/pypi-attestation-models/compare/v0.0.12...v0.0.13
Expand Down
2 changes: 1 addition & 1 deletion src/pypi_attestations/__init__.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"""The `pypi-attestations` APIs."""

__version__ = "0.0.16"
__version__ = "0.0.17"

from ._impl import (
Attestation,
Expand Down
1 change: 0 additions & 1 deletion src/pypi_attestations/_impl.py
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,6 @@ class _PublisherBase(BaseModel):
model_config = ConfigDict(alias_generator=to_snake)

kind: str
claims: Optional[dict[str, Any]] = None

def _as_policy(self) -> VerificationPolicy:
"""Return an appropriate `sigstore.policy.VerificationPolicy` for this publisher."""
Expand Down
23 changes: 2 additions & 21 deletions test/test_impl.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import os
from hashlib import sha256
from pathlib import Path
from typing import Any, Optional
from typing import Any

import pretend
import pytest
Expand Down Expand Up @@ -136,12 +136,10 @@ def test_verify_github_attested(self) -> None:
assert predicate_type == "https://docs.pypi.org/attestations/publish/v1"
assert predicate == {}

@pytest.mark.parametrize("claims", (None, {}, {"ref": "refs/tags/v0.0.4a2"}))
def test_verify_from_github_publisher(self, claims: Optional[dict]) -> None:
def test_verify_from_github_publisher(self) -> None:
publisher = impl.GitHubPublisher(
repository="trailofbits/pypi-attestation-models",
workflow="release.yml",
claims=claims,
)

bundle = Bundle.from_json(gh_signed_dist_bundle_path.read_bytes())
Expand Down Expand Up @@ -586,23 +584,6 @@ def test_wrong_kind(self) -> None:
with pytest.raises(ValueError, match="Input should be 'GitLab'"):
impl.GitLabPublisher(kind="GitHub", repository="foo/bar")

def test_claims(self) -> None:
raw = {
"kind": "GitHub",
"repository": "foo/bar",
"workflow": "publish.yml",
"claims": {
"this": "is-preserved",
"this-too": 123,
},
}
pub: impl.Publisher = TypeAdapter(impl.Publisher).validate_python(raw)

assert pub.claims == {
"this": "is-preserved",
"this-too": 123,
}


class TestProvenance:
def test_version(self) -> None:
Expand Down