From 632b8ee54eb2df8ac6e20746a0bd95b7ebb053aa Mon Sep 17 00:00:00 2001 From: bashonly <88596187+bashonly@users.noreply.github.com> Date: Thu, 21 Dec 2023 15:06:26 -0600 Subject: [PATCH] [core] Release workflow and Updater cleanup (#8640) - Only use trusted publishing with PyPI and remove support for PyPI tokens from release workflow - Clean up improper actions syntax in the build workflow inputs - Refactor Updater to allow for consistent unit testing with `UPDATE_SOURCES` Authored by: bashonly --- .github/workflows/build.yml | 8 ++++---- .github/workflows/release.yml | 24 +----------------------- test/test_update.py | 9 +++++++++ yt_dlp/update.py | 7 ++++--- 4 files changed, 18 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d944659b8..036ce4348 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -80,12 +80,12 @@ on: default: true type: boolean origin: - description: . + description: Origin required: false - default: '' + default: 'current repo' type: choice options: - - '' + - 'current repo' permissions: contents: read @@ -99,7 +99,7 @@ jobs: - name: Process origin id: process_origin run: | - echo "origin=${{ inputs.origin || github.repository }}" >> "$GITHUB_OUTPUT" + echo "origin=${{ inputs.origin == 'current repo' && github.repository || inputs.origin }}" | tee "$GITHUB_OUTPUT" unix: needs: process diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 84e892ffe..69b5e3152 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -64,7 +64,6 @@ jobs: target_tag: ${{ steps.setup_variables.outputs.target_tag }} pypi_project: ${{ steps.setup_variables.outputs.pypi_project }} pypi_suffix: ${{ steps.setup_variables.outputs.pypi_suffix }} - pypi_token: ${{ steps.setup_variables.outputs.pypi_token }} head_sha: ${{ steps.get_target.outputs.head_sha }} steps: @@ -153,7 +152,6 @@ jobs: ${{ !!secrets[format('{0}_archive_repo_token', env.target_repo)] }} || fallback_token pypi_project='${{ vars[format('{0}_pypi_project', env.target_repo)] }}' pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.target_repo)] }}' - ${{ !secrets[format('{0}_pypi_token', env.target_repo)] }} || pypi_token='${{ env.target_repo }}_pypi_token' fi else target_tag="${source_tag:-${version}}" @@ -163,7 +161,6 @@ jobs: ${{ !!secrets[format('{0}_archive_repo_token', env.source_repo)] }} || fallback_token pypi_project='${{ vars[format('{0}_pypi_project', env.source_repo)] }}' pypi_suffix='${{ vars[format('{0}_pypi_suffix', env.source_repo)] }}' - ${{ !secrets[format('{0}_pypi_token', env.source_repo)] }} || pypi_token='${{ env.source_repo }}_pypi_token' else target_repo='${{ github.repository }}' fi @@ -172,13 +169,6 @@ jobs: if [[ "${target_repo}" == '${{ github.repository }}' ]] && ${{ !inputs.prerelease }}; then pypi_project='${{ vars.PYPI_PROJECT }}' fi - if [[ -z "${pypi_token}" && "${pypi_project}" ]]; then - if ${{ !secrets.PYPI_TOKEN }}; then - pypi_token=OIDC - else - pypi_token=PYPI_TOKEN - fi - fi echo "::group::Output variables" cat << EOF | tee -a "$GITHUB_OUTPUT" @@ -189,7 +179,6 @@ jobs: target_tag=${target_tag} pypi_project=${pypi_project} pypi_suffix=${pypi_suffix} - pypi_token=${pypi_token} EOF echo "::endgroup::" @@ -286,18 +275,7 @@ jobs: python devscripts/set-variant.py pip -M "You installed yt-dlp with pip or using the wheel from PyPi; Use that to update" python setup.py sdist bdist_wheel - - name: Publish to PyPI via token - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets[needs.prepare.outputs.pypi_token] }} - if: | - needs.prepare.outputs.pypi_token != 'OIDC' && env.TWINE_PASSWORD - run: | - twine upload dist/* - - - name: Publish to PyPI via trusted publishing - if: | - needs.prepare.outputs.pypi_token == 'OIDC' + - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: verbose: true diff --git a/test/test_update.py b/test/test_update.py index 2a5647e44..a5a388c10 100644 --- a/test/test_update.py +++ b/test/test_update.py @@ -11,6 +11,14 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) from test.helper import FakeYDL, report_warning from yt_dlp.update import Updater, UpdateInfo + +# XXX: Keep in sync with yt_dlp.update.UPDATE_SOURCES +TEST_UPDATE_SOURCES = { + 'stable': 'yt-dlp/yt-dlp', + 'nightly': 'yt-dlp/yt-dlp-nightly-builds', + 'master': 'yt-dlp/yt-dlp-master-builds', +} + TEST_API_DATA = { 'yt-dlp/yt-dlp/latest': { 'tag_name': '2023.12.31', @@ -104,6 +112,7 @@ class FakeUpdater(Updater): _channel = 'stable' _origin = 'yt-dlp/yt-dlp' + _update_sources = TEST_UPDATE_SOURCES def _download_update_spec(self, *args, **kwargs): return TEST_LOCKFILE_ACTUAL diff --git a/yt_dlp/update.py b/yt_dlp/update.py index f99583b08..ba7eadf81 100644 --- a/yt_dlp/update.py +++ b/yt_dlp/update.py @@ -206,13 +206,14 @@ class Updater: # XXX: use class variables to simplify testing _channel = CHANNEL _origin = ORIGIN + _update_sources = UPDATE_SOURCES def __init__(self, ydl, target: str | None = None): self.ydl = ydl # For backwards compat, target needs to be treated as if it could be None self.requested_channel, sep, self.requested_tag = (target or self._channel).rpartition('@') # Check if requested_tag is actually the requested repo/channel - if not sep and ('/' in self.requested_tag or self.requested_tag in UPDATE_SOURCES): + if not sep and ('/' in self.requested_tag or self.requested_tag in self._update_sources): self.requested_channel = self.requested_tag self.requested_tag: str = None # type: ignore (we set it later) elif not self.requested_channel: @@ -237,11 +238,11 @@ class Updater: self._block_restart('Automatically restarting into custom builds is disabled for security reasons') else: # Check if requested_channel resolves to a known repository or else raise - self.requested_repo = UPDATE_SOURCES.get(self.requested_channel) + self.requested_repo = self._update_sources.get(self.requested_channel) if not self.requested_repo: self._report_error( f'Invalid update channel {self.requested_channel!r} requested. ' - f'Valid channels are {", ".join(UPDATE_SOURCES)}', True) + f'Valid channels are {", ".join(self._update_sources)}', True) self._identifier = f'{detect_variant()} {system_identifier()}'