Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
@rjdbcm
rjdbcm committed Jul 10, 2024
0 parents commit fc288f5
Show file tree
Hide file tree
Showing 52 changed files with 7,911 additions and 0 deletions.
46 changes: 46 additions & 0 deletions .github/workflows/cleanup.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: cleanup caches by a branch
on:
pull_request:
types:
- closed

permissions: read-all

jobs:
cleanup:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
actions: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
uploads.github.com:443
- name: Cleanup caches
run: |
gh extension install actions/gh-actions-cache
echo "Fetching list of cache key"
cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
## Setting this to not fail the workflow while deleting cache keys.
set +e
echo "Deleting caches..."
for cacheKey in $cacheKeysForPR
do
gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
done
echo "Done"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge
226 changes: 226 additions & 0 deletions .github/workflows/ozi.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,226 @@

# Part of ozi-core.
# See LICENSE.txt in the project root for details.
# Additional copyright and license terms apply, see NOTICE for details.
name: OZI

on:
push:
branches:
- "v?[0-9].[0-9]*"
- "v?[1-9]+[0-9].[0-9]*"

permissions:
contents: read

jobs:


checkpoint-cp310-ubuntu-latest:
name: checkpoint (Python 3.10 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
- uses: OZI-Project/checkpoint@0.4.2
with:
python-version: "3.10"

checkpoint-cp311-ubuntu-latest:
name: checkpoint (Python 3.11 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
- uses: OZI-Project/checkpoint@0.4.2
with:
python-version: "3.11"

checkpoint-cp312-ubuntu-latest:
name: checkpoint (Python 3.12 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
- uses: OZI-Project/checkpoint@0.4.2
with:
python-version: "3.12"


checkpoint:
runs-on: ubuntu-latest
needs: [checkpoint-cp310-ubuntu-latest,checkpoint-cp311-ubuntu-latest,checkpoint-cp312-ubuntu-latest,]
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block


draft:
needs: checkpoint
runs-on: ubuntu-latest
concurrency: draft
strategy:
fail-fast: true
permissions:
contents: write
id-token: write
outputs:
drafted: ${{ steps.draft.outputs.drafted }}
tag: ${{ steps.draft.outputs.tag }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- uses: OZI-Project/draft@0.3.4
id: draft
with:
github-token: ${{ secrets.GITHUB_TOKEN }}


release:
needs: [draft, checkpoint]
runs-on: ubuntu-latest
concurrency: release
strategy:
matrix:
py:
- security2
- security1
- bugfix
- prerelease
fail-fast: true
max-parallel: 1
outputs:
hashes: ${{ steps.release.outputs.hashes }}
permissions:
contents: write
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
files.pythonhosted.org:443
fulcio.sigstore.dev:443
github.com:443
pypi.org:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oziproject.dev:443
www.oziproject.dev:443
objects.githubusercontent.com:443
- uses: OZI-Project/release@0.6.5
id: release
with:
python-dist: ${{ matrix.py }}
github-token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ needs.draft.outputs.tag }}

generate-provenance:
needs: [draft, release]
name: Generate build provenance
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
# Currently this action needs to be referred by tag. More details at:
# https://github.com/slsa-framework/slsa-github-generator#verification-of-provenance
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
provenance-name: provenance-${{ github.event.repository.name }}-${{ needs.draft.outputs.tag }}.intoto.jsonl
base64-subjects: "${{ needs.release.outputs.hashes }}"
upload-tag-name: "${{ needs.draft.outputs.tag }}"
upload-assets: true


publish:
runs-on: ubuntu-latest
needs: [draft, release, generate-provenance]
if: needs.draft.outputs.drafted == 'true'
permissions:
contents: write
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
upload.pypi.org:443
uploads.github.com:443
- uses: OZI-Project/publish@0.1.7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
25 changes: 25 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# OZI packaging
sig/
subprojects/ozi/
build*/
/dist/
temp/

# Utility environments
.hypothesis/
.pytest_cache/
.tox/
.ruff_cache/

# coverage files
.coverage
coverage.xml
.coverage.*

# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so
11 changes: 11 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# ozi-core CHANGELOG

## 0.0.0 (2024-07-09)

### :tada:

* :tada:: Initialized ozi-core with ``ozi-new``.

```sh
ozi-new project --name ozi-core --summary 'The OZI Project packaging core library.' --keywords OZI,mesonbuild --home-page https://www.oziproject.dev --author 'Eden Ross Duff MSc' --author-email help@oziproject.dev --license 'OSI Approved :: Apache Software License' --license-expression 'Apache-2.0 WITH LLVM-exception' --requires-dist 'pyparsing~=3.1' --requires-dist 'GitPython>=3' --requires-dist 'TAP-Producer~=0.1.1' --requires-dist 'meson[ninja]>=1.1.0' --requires-dist requests --requires-dist types-requests --requires-dist 'packaging~=24.0' --requires-dist spdx-license-list --requires-dist 'ozi-spec~=0.5' --requires-dist 'ozi-templates~=2.5.1'
```
Loading

0 comments on commit fc288f5

Please sign in to comment.