Add GitHub action to publish pyscitt CLI to PyPi (#169)

.github/workflows/release.yml

@@ -0,0 +1,84 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*.*.*"
+
+jobs:
+  build_pyscitt:
+    name: "Build pyscitt"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.8'
+
+      - name: Build pyscitt
+        run: |
+          python3 -m pip install build
+          cd pyscitt
+          python3 -m build
+
+      - name: Upload dist folder
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: pyscitt/dist
+
+  create_github_release:
+    name: "Create GitHub Release"
+    runs-on: ubuntu-latest
+    needs: build_pyscitt
+
+    permissions:
+      contents: write # IMPORTANT: this permission is mandatory for creating a GitHub Release
+
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Download pyscitt dist folder
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: pyscitt/dist
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            pyscitt/dist/*.whl
+            pyscitt/dist/*.tar.gz
+            LICENSE.txt
+
+  publish_pyscitt_to_pypi:
+    name: "Publish pyscitt to PyPI"
+    runs-on: ubuntu-latest
+    needs: build_pyscitt
+
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing to PyPi
+
+    environment:
+      name: pypi
+      url: https://pypi.org/p/pyscitt
+
+    steps:
+      - name: Download pyscitt dist folder
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: pyscitt/dist
+
+      - name: Publish pyscitt to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: pyscitt/dist
+          skip-existing: true

README.md

@@ -43,7 +43,21 @@ See [DEVELOPMENT.md](DEVELOPMENT.md) for instructions on building, running, and
 
 To help with the configuration of an application or to be able to interact with its API you could leverage the available CLI.
 
-See [pyscitt](pyscitt/README.md)
+The CLI is written in Python and is currently distributed through the GitHub releases as a `wheel` file. To use it:
+
+- Download a release: `curl -LO https://github.com/microsoft/scitt-ccf-ledger/releases/download/0.5.0/pyscitt-0.0.1-py3-none-any.whl`
+- Install it: `pip install pyscitt-0.0.1-py3-none-any.whl`
+- Try it: `scitt --help`
+
+An alternative way is to clone the repository and just run [`./pyscitt.sh`](../pyscitt.sh), e.g. `./pyscitt.sh --help`
+
+The CLI is extensively used in the following functional tests and demo scripts:
+
+- [Transparency service demo](../demo/cts_poc/README.md)
+- [GitHub hosted DID demo](../demo/github/README.md)
+- [CLI tests](../test/test_cli.py)
+
+See [pyscitt](pyscitt/README.md) for more details.
 
 ### Reproducing builds
 

pyscitt/README.md

@@ -1,18 +1,7 @@
-CCF SCITT CLI
-----------------
+# pyscitt: Python CLI tools for SCITT CCF Ledger
 
-The CLI is extensively used in functional tests and in demo scripts:
+Tools to sign claims and interact with a SCITT CCF Ledger.
 
-- [Transparency service demo](../demo/cts_poc/README.md)
-- [GitHub hosted DID demo](../demo/github/README.md)
-- [CLI tests](../test/test_cli.py)
+For more information, please find the `scitt-ccf-ledger` repository at https://github.com/microsoft/scitt-ccf-ledger.
 
-## Installation
-
-CLI is written in Python and is distributed through the GitHub releases as a `wheel` file.
-
-- Download a release: `curl -LO https://github.com/microsoft/scitt-ccf-ledger/releases/download/0.5.0/pyscitt-0.0.1-py3-none-any.whl`
-- Install it: `pip install pyscitt-0.0.1-py3-none-any.whl`
-- Try it: `scitt --help`
-
-An alternative way is to clone the repository and just run [`./pyscitt.sh`](../pyscitt.sh), e.g. `./pyscitt.sh --help`
+Package sources are available at https://github.com/microsoft/scitt-ccf-ledger/tree/main/pyscitt.

pyscitt/pyscitt/crypto.py

@@ -385,6 +385,7 @@ def parse_cose_sign1(buf: bytes) -> Tuple[dict, bytes]:
     msg = Sign1Message.decode(buf)
     header = cose_header_to_jws_header(msg.phdr)
     payload = msg.payload
+    assert payload, "Payload is null"
     return header, payload
 
 

pyscitt/setup.py

@@ -1,12 +1,24 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
+from os import path
+
 from setuptools import find_packages, setup
 
+PACKAGE_NAME = "pyscitt"
+PACKAGE_VERSION = "0.1.0"
+
+path_here = path.abspath(path.dirname(__file__))
+
+with open(path.join(path_here, "README.md"), encoding="utf-8") as f:
+    long_description = f.read()
+
 setup(
-    name="pyscitt",
-    version="0.1.0",
+    name=PACKAGE_NAME,
+    version=PACKAGE_VERSION,
     description="Tools to sign claims and interact with a SCITT CCF Ledger",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
     packages=find_packages(),
     entry_points={
         "console_scripts": ["scitt=pyscitt.cli.main:main"],
@@ -17,10 +29,18 @@
         "cryptography==41.*",  # needs to match ccf
         "httpx",
         "cbor2==5.4.*",
-        # TODO: remove this once pycose >= 1.0.2 is released
-        "pycose @ git+https://github.com/TimothyClaeys/pycose@94db358eda640966c0e0e9148110b6c66763f9e5#egg=pycose",
+        "pycose==1.1.0",
         "pyjwt",
         "azure-keyvault",
         "azure-identity",
     ],
+    license="Apache License 2.0",
+    author="SCITT CCF Team",
+    classifiers=[
+        "Development Status :: 3 - Alpha",
+        "Intended Audience :: Developers",
+        "Programming Language :: Python :: 3",
+        "License :: OSI Approved :: MIT License",
+    ],
+    url="https://github.com/microsoft/scitt-ccf-ledger/tree/main/pyscitt",
 )