Add prep-release and release and update wheels according to fork of Python SDK

MOmarMiraj · MOmarMiraj · commit a004bf250661 · 2025-04-03T12:52:09.000-04:00
diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml
@@ -0,0 +1,57 @@
+name: Prep Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Version number"
+        required: true
+        type: string
+      build_number:
+        description: "Build number "
+        required: true
+        type: string
+      release_notes:
+        description: "Release notes for the version"
+        required: true
+        type: string
+
+jobs:
+  prepare-release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+      - name: Setup Git User
+        run: |
+          git config --global user.email "${{ steps.import-gpg.outputs.email }}"
+          git config --global user.name "${{ steps.import-gpg.outputs.name }}"
+
+      - name: Parse and Validate Inputs
+        id: get_inputs
+        run: |
+          # Get inputs passed to the workflow
+          VERSION="${{ github.event.inputs.version }}"
+          BUILD_NUMBER="${{ github.event.inputs.build_number }}"
+          echo -e "${{ github.event.inputs.RELEASE_NOTES }}" > src/release/RELEASE-NOTES
+
+          # Save the parsed values for future steps
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Run the Prep Release Script
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER"
+        shell: bash
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,29 @@
+name: Release SDK
+
+on:
+  workflow_dispatch:
+
+jobs:
+  Release-SDK:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+      - name: Setup Git User
+        run: |
+          git config --global user.email "${{ steps.import-gpg.outputs.email }}"
+          git config --global user.name "${{ steps.import-gpg.outputs.name }}"
+
+      - name: Run the Release Script
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: make release
+        shell: bash
diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
@@ -1,4 +1,4 @@
-name: Release Builder
+name: Wheels Builder and Publisher
 on:
   pull_request:
     branches:
@@ -12,17 +12,21 @@ jobs:
     runs-on: ${{ matrix.os }}
     if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/')
     strategy:
-      matrix: 
-        # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner 
+      fail-fast: false
+      matrix:
+        # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner
         os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14]
     steps:
       - uses: actions/checkout@v4
+      - name: Upgrade build dependencies
+        run: python -m pip install --upgrade pip setuptools wheel
+
 
       # Need to grab the SDK version for the wheel name
       - name: Extract SDK Version
         run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV"
         shell: bash
-      
+
       - name: Install cibuildwheel
         run: |
           python -m pip install cibuildwheel
@@ -33,10 +37,13 @@ jobs:
           CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64"
           CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64"
           CIBW_ARCHS: "native"
+          CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel"
+          CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}"
           CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio"
+          MACOSX_DEPLOYMENT_TARGET: "12.0"
           CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py"
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }}
-          CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason Linux doesn't read the env variables correctly
+          CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command
         run: |
           python -m cibuildwheel --output-dir dist
 
@@ -55,13 +62,13 @@ jobs:
       - name: Extract SDK Version
         run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV"
         shell: bash
-        
+
       - name: Install dependencies
         run: pip3 install build pydantic pytest pytest-asyncio
 
       - name: Build source distribution
         run: python3 -m build --sdist
-      
+
       - name: Test Source Distribution
         env:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }}
@@ -73,7 +80,7 @@ jobs:
         with:
           name: onepassword-sdk-${{ env.SDK_VERSION }}
           path: ./dist/*.tar.gz
-  
+
   publish-to-pypi:
     name: Publish to PyPI
     runs-on: ubuntu-latest
@@ -82,13 +89,13 @@ jobs:
       name: pypi
       url: https://pypi.org/project/onepassword-sdk/
     permissions:
-      id-token: write  # Required for PyPi trusted publishing
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     needs: [build_wheels, build-sdist]
     steps:
       - uses: actions/download-artifact@v4
         with:
             pattern: onepassword-sdk-*
             path: ./dist
             merge-multiple: true
-      - name: Publish package distributions to PyPI
+      - name: Publish package distributions to PyPi
         uses: pypa/gh-action-pypi-publish@release/v1.12
