From ea5af31b2a7ec27a7b0df0b4981c5b63b7a1cb93 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 00:36:13 +0200 Subject: [PATCH 01/12] feat(ci): switch to OIDC publishing --- .github/workflows/release.yml | 12 ++++++++++-- pyproject.toml | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d4aa82160..cf3005c89 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,15 +7,23 @@ on: jobs: release: - if: github.repository == 'python-gitlab/python-gitlab' + if: github.repository == 'nejch/python-gitlab' # testing via test.pypi.org first runs-on: ubuntu-latest + environment: test.pypi.org # testing via test.pypi.org first steps: - uses: actions/checkout@v3.5.0 with: fetch-depth: 0 token: ${{ secrets.RELEASE_GITHUB_TOKEN }} + - name: mint API token + id: mint-token + run: | + oidc_token=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi" | jq '.value') + api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token') + echo "::add-mask::${api_token}" + echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release uses: relekang/python-semantic-release@v7.33.2 with: github_token: ${{ secrets.RELEASE_GITHUB_TOKEN }} - pypi_token: ${{ secrets.PYPI_TOKEN }} + pypi_token: ${{ steps.mint-token.outputs.api-token }} diff --git a/pyproject.toml b/pyproject.toml index 520c03d65..e3ff41960 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,6 +30,7 @@ branch = "main" version_variable = "gitlab/_version.py:__version__" commit_subject = "chore: release v{version}" commit_message = "" +repository = "testpypi" # testing via test.pypi.org first [tool.pylint.messages_control] max-line-length = 88 From 7d662e496de83a0d92bf227ce09a51f725192a06 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 00:46:37 +0200 Subject: [PATCH 02/12] chore(ci): add id-token permissions --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf3005c89..88bbe3731 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,6 +9,8 @@ jobs: release: if: github.repository == 'nejch/python-gitlab' # testing via test.pypi.org first runs-on: ubuntu-latest + permissions: + id-token: write environment: test.pypi.org # testing via test.pypi.org first steps: - uses: actions/checkout@v3.5.0 From d916d876b3ae688829f3108b8979d0dcd6da66d8 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 29 Apr 2023 22:54:14 +0000 Subject: [PATCH 03/12] chore: release v3.15.0 --- CHANGELOG.md | 5 +++++ gitlab/_version.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c1d09321..b1dcba9c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ +## v3.15.0 (2023-04-29) +### Feature +* **ci:** Switch to OIDC publishing ([`ea5af31`](https://github.com/nejch/python-gitlab/commit/ea5af31b2a7ec27a7b0df0b4981c5b63b7a1cb93)) +* Usernames support for MR approvals ([`a2b8c8c`](https://github.com/nejch/python-gitlab/commit/a2b8c8ccfb5d4fa4d134300861a3bfb0b10246ca)) + ## v3.14.0 (2023-04-11) ### Feature * **projects:** Allow importing additional items from GitHub ([`ce84f2e`](https://github.com/python-gitlab/python-gitlab/commit/ce84f2e64a640e0d025a7ba3a436f347ad25e88e)) diff --git a/gitlab/_version.py b/gitlab/_version.py index 802275d6d..faef45179 100644 --- a/gitlab/_version.py +++ b/gitlab/_version.py @@ -3,4 +3,4 @@ __email__ = "gauvainpocentek@gmail.com" __license__ = "LGPL3" __title__ = "python-gitlab" -__version__ = "3.14.0" +__version__ = "3.15.0" From 0432dab046aab88ea6bd988d5ecb5384380a2f41 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 13:00:46 +0200 Subject: [PATCH 04/12] fix(ci): strip quotes from minted token --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 88bbe3731..882d084e2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: id: mint-token run: | oidc_token=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi" | jq '.value') - api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token') + api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token' | tr -d '"') echo "::add-mask::${api_token}" echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release From b48981f8903c0cf990094f08ce83dac6745869a2 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 30 Apr 2023 11:04:25 +0000 Subject: [PATCH 05/12] chore: release v3.15.1 --- CHANGELOG.md | 4 ++++ gitlab/_version.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1dcba9c2..4de9059fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ +## v3.15.1 (2023-04-30) +### Fix +* **ci:** Strip quotes from minted token ([`0432dab`](https://github.com/nejch/python-gitlab/commit/0432dab046aab88ea6bd988d5ecb5384380a2f41)) + ## v3.15.0 (2023-04-29) ### Feature * **ci:** Switch to OIDC publishing ([`ea5af31`](https://github.com/nejch/python-gitlab/commit/ea5af31b2a7ec27a7b0df0b4981c5b63b7a1cb93)) diff --git a/gitlab/_version.py b/gitlab/_version.py index faef45179..647a43914 100644 --- a/gitlab/_version.py +++ b/gitlab/_version.py @@ -3,4 +3,4 @@ __email__ = "gauvainpocentek@gmail.com" __license__ = "LGPL3" __title__ = "python-gitlab" -__version__ = "3.15.0" +__version__ = "3.15.1" From ccf4a51ffb4784ae14b9d561e04974ed09260342 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 13:10:02 +0200 Subject: [PATCH 06/12] fix(ci): debug tokens --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 882d084e2..9e3b67b8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,8 +22,9 @@ jobs: run: | oidc_token=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi" | jq '.value') api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token' | tr -d '"') - echo "::add-mask::${api_token}" - echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" + echo "OIDC token: $oidc_token" + echo "pypi token: $api_token" + $echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release uses: relekang/python-semantic-release@v7.33.2 with: From 84de8e0175a4557998a065188ad7739e61e76ab0 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 13:14:04 +0200 Subject: [PATCH 07/12] fix(ci): fix echo --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9e3b67b8a..48a21e2f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token' | tr -d '"') echo "OIDC token: $oidc_token" echo "pypi token: $api_token" - $echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" + echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release uses: relekang/python-semantic-release@v7.33.2 with: From 1e4b4c6194a3de9c5ba1817aa68c68cd2b4e34fe Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 30 Apr 2023 11:15:16 +0000 Subject: [PATCH 08/12] chore: release v3.15.2 --- CHANGELOG.md | 5 +++++ gitlab/_version.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4de9059fd..a66dd2d01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ +## v3.15.2 (2023-04-30) +### Fix +* **ci:** Fix echo ([`84de8e0`](https://github.com/nejch/python-gitlab/commit/84de8e0175a4557998a065188ad7739e61e76ab0)) +* **ci:** Debug tokens ([`ccf4a51`](https://github.com/nejch/python-gitlab/commit/ccf4a51ffb4784ae14b9d561e04974ed09260342)) + ## v3.15.1 (2023-04-30) ### Fix * **ci:** Strip quotes from minted token ([`0432dab`](https://github.com/nejch/python-gitlab/commit/0432dab046aab88ea6bd988d5ecb5384380a2f41)) diff --git a/gitlab/_version.py b/gitlab/_version.py index 647a43914..89b3a29bd 100644 --- a/gitlab/_version.py +++ b/gitlab/_version.py @@ -3,4 +3,4 @@ __email__ = "gauvainpocentek@gmail.com" __license__ = "LGPL3" __title__ = "python-gitlab" -__version__ = "3.15.1" +__version__ = "3.15.2" From e8d25d3962e02a54a1b56b154c7e2d8fa04e4821 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 13:26:34 +0200 Subject: [PATCH 09/12] fix(ci): use upstream script --- .github/workflows/release.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48a21e2f9..bbaf524be 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,10 +20,15 @@ jobs: - name: mint API token id: mint-token run: | - oidc_token=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi" | jq '.value') - api_token=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}" | jq '.token' | tr -d '"') - echo "OIDC token: $oidc_token" - echo "pypi token: $api_token" + resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ + "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi") + oidc_token=$(jq '.value' <<< "${resp}") + resp=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\":${oidc_token}}") + api_token=$(jq '.token' <<< "${resp}") + api_token=$(echo ${api_token:1:-1}) + echo "response: ${resp}" + echo "oidc token: $oidc_token" + echo "api token: $api_token" echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release uses: relekang/python-semantic-release@v7.33.2 From a237f8b185db9643e93cfceb9673a0e9878ac86c Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 30 Apr 2023 11:28:05 +0000 Subject: [PATCH 10/12] chore: release v3.15.3 --- CHANGELOG.md | 4 ++++ gitlab/_version.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a66dd2d01..eda1c9289 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ +## v3.15.3 (2023-04-30) +### Fix +* **ci:** Use upstream script ([`e8d25d3`](https://github.com/nejch/python-gitlab/commit/e8d25d3962e02a54a1b56b154c7e2d8fa04e4821)) + ## v3.15.2 (2023-04-30) ### Fix * **ci:** Fix echo ([`84de8e0`](https://github.com/nejch/python-gitlab/commit/84de8e0175a4557998a065188ad7739e61e76ab0)) diff --git a/gitlab/_version.py b/gitlab/_version.py index 89b3a29bd..6978fe4fe 100644 --- a/gitlab/_version.py +++ b/gitlab/_version.py @@ -3,4 +3,4 @@ __email__ = "gauvainpocentek@gmail.com" __license__ = "LGPL3" __title__ = "python-gitlab" -__version__ = "3.15.2" +__version__ = "3.15.3" From 57f1e3ad57e09443c8d512d733a7861408eb38e6 Mon Sep 17 00:00:00 2001 From: Nejc Habjan Date: Sun, 30 Apr 2023 14:01:10 +0200 Subject: [PATCH 11/12] fix(ci): clean up release script --- .github/workflows/release.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bbaf524be..1da049603 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,15 +20,13 @@ jobs: - name: mint API token id: mint-token run: | - resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ - "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi") + resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi") oidc_token=$(jq '.value' <<< "${resp}") + resp=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\":${oidc_token}}") - api_token=$(jq '.token' <<< "${resp}") - api_token=$(echo ${api_token:1:-1}) - echo "response: ${resp}" - echo "oidc token: $oidc_token" - echo "api token: $api_token" + api_token=$(jq '.token' <<< "${resp}" | tr -d '"') + + echo "::add-mask::${api_token}" echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - name: Python Semantic Release uses: relekang/python-semantic-release@v7.33.2 From ffefb074907515bc1fe98168035c5f2db334275e Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 30 Apr 2023 12:04:54 +0000 Subject: [PATCH 12/12] chore: release v3.15.4 --- CHANGELOG.md | 4 ++++ gitlab/_version.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eda1c9289..7b4612437 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ +## v3.15.4 (2023-04-30) +### Fix +* **ci:** Clean up release script ([`57f1e3a`](https://github.com/nejch/python-gitlab/commit/57f1e3ad57e09443c8d512d733a7861408eb38e6)) + ## v3.15.3 (2023-04-30) ### Fix * **ci:** Use upstream script ([`e8d25d3`](https://github.com/nejch/python-gitlab/commit/e8d25d3962e02a54a1b56b154c7e2d8fa04e4821)) diff --git a/gitlab/_version.py b/gitlab/_version.py index 6978fe4fe..42d7d168d 100644 --- a/gitlab/_version.py +++ b/gitlab/_version.py @@ -3,4 +3,4 @@ __email__ = "gauvainpocentek@gmail.com" __license__ = "LGPL3" __title__ = "python-gitlab" -__version__ = "3.15.3" +__version__ = "3.15.4"