From a35542f5c51280db42db3372ec6630fb6ffeb1f5 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 06:38:28 -0600 Subject: [PATCH 01/12] INTPYTHON-406 Add automated release workflows for Django-MongoDB --- .github/workflows/codeql.yml | 70 ++++++++++++++++++++ .github/workflows/dist.yml | 37 +++++++++++ .github/workflows/release-python.yml | 95 ++++++++++++++++++++++++++++ 3 files changed, 202 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dist.yml create mode 100644 .github/workflows/release-python.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..91b18fe79 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main", "*" ] + pull_request: + branches: [ "main", "*" ] + schedule: + - cron: '35 23 * * 5' + workflow_call: + inputs: + ref: + required: true + type: string + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + timeout-minutes: 360 + permissions: + # required for all workflows + security-events: write + # required to fetch internal or private CodeQL packs + packages: read + actions: read + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: 3.x + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: python + build-mode: none + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: security-extended + config: | + paths-ignore: + - '.github/**' + - 'tests/**' + + - shell: bash + run: | + pip install -e . + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:python" diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml new file mode 100644 index 000000000..4fe653bb3 --- /dev/null +++ b/.github/workflows/dist.yml @@ -0,0 +1,37 @@ +name: Python Dist + +on: + workflow_dispatch: + workflow_call: + inputs: + ref: + required: true + type: string + push: + tags: + - "[0-9]+.[0-9]+.[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+.post[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+[a-b][0-9]+" + - "[0-9]+.[0-9]+.[0-9]+rc[0-9]+" + +jobs: + build: + runs-on: ubuntu-latest + environment: release + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: 3.x + - name: Install dependencies + run: pip install build + - name: Create packages + run: python -m build . + - name: Store package artifacts + uses: actions/upload-artifact@v4 + with: + name: all-dist-${{ github.run_id }} + path: "dist/*" diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml new file mode 100644 index 000000000..ca759ab66 --- /dev/null +++ b/.github/workflows/release-python.yml @@ -0,0 +1,95 @@ +name: Release + +on: + workflow_dispatch: + inputs: + version: + description: "The new version to set" + required: true + following_version: + description: "The post (dev) version to set" + required: true + dry_run: + description: "Dry Run?" + default: false + type: boolean + +env: + # Changes per repo + PRODUCT_NAME: django-mongodb + # Changes per branch + SILK_ASSET_GROUP: django-mongodb-main + EVERGREEN_PROJECT: django-mongodb + +defaults: + run: + shell: bash -eux {0} + +jobs: + pre-publish: + environment: release + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + outputs: + version: ${{ steps.pre-publish.outputs.version }} + steps: + - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }} + - uses: mongodb-labs/drivers-github-tools/python/pre-publish@v2 + id: pre-publish + with: + version: ${{ inputs.version }} + dry_run: ${{ inputs.dry_run }} + + build-dist: + needs: [pre-publish] + uses: ./.github/workflows/dist.yml + with: + ref: ${{ needs.pre-publish.outputs.version }} + + static-scan: + needs: [pre-publish] + uses: ./.github/workflows/codeql.yml + with: + ref: ${{ needs.pre-publish.outputs.version }} + + publish: + needs: [build-dist, static-scan] + runs-on: ubuntu-latest + environment: release + permissions: + id-token: write + contents: write + attestations: write + security-events: write + steps: + - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }} + - uses: blink1073/drivers-github-tools/python/publish@INTPYTHON-406 + with: + version: ${{ inputs.version }} + following_version: ${{ inputs.following_version }} + product_name: ${{ env.PRODUCT_NAME }} + silk_asset_group: ${{ env.SILK_ASSET_GROUP }} + evergreen_project: ${{ env.EVERGREEN_PROJECT }} + token: ${{ github.token }} + repository_url: https://test.pypi.org/legacy/ + dry_run: ${{ inputs.dry_run }} From 37bb07fd285e5108666527b011796a9bd06c144d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 07:27:13 -0600 Subject: [PATCH 02/12] add version bump script --- .github/scripts/bump-version.sh | 5 +++++ .github/workflows/release-python.yml | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 .github/scripts/bump-version.sh diff --git a/.github/scripts/bump-version.sh b/.github/scripts/bump-version.sh new file mode 100644 index 000000000..4aa383dff --- /dev/null +++ b/.github/scripts/bump-version.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -eu + +CURRENT_VERSION=$(python setup.py --version) +sed -i "s/__version__ = \"${CURRENT_VERSION}\"/__version__ = \"$1\"/" django_mongodb/__init__.py diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index ca759ab66..19b0ebe5e 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -49,6 +49,7 @@ jobs: id: pre-publish with: version: ${{ inputs.version }} + version_bump_script: ./.github/scripts/bump-version.sh dry_run: ${{ inputs.dry_run }} build-dist: @@ -90,6 +91,7 @@ jobs: product_name: ${{ env.PRODUCT_NAME }} silk_asset_group: ${{ env.SILK_ASSET_GROUP }} evergreen_project: ${{ env.EVERGREEN_PROJECT }} + version_bump_script: ./.github/scripts/bump-version.sh token: ${{ github.token }} repository_url: https://test.pypi.org/legacy/ dry_run: ${{ inputs.dry_run }} From 65718c5227790313b008da2a5c96a7dc4339bf9d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 07:29:13 -0600 Subject: [PATCH 03/12] executable --- .github/scripts/bump-version.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 .github/scripts/bump-version.sh diff --git a/.github/scripts/bump-version.sh b/.github/scripts/bump-version.sh old mode 100644 new mode 100755 From eec394e07e2907bf775d20e22df9c8a726c8151c Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 10:41:26 -0600 Subject: [PATCH 04/12] switch to hatch --- .github/dependabot.yml | 5 +++++ .github/scripts/bump-version.sh | 5 ----- .github/workflows/release-python.yml | 2 -- pyproject.toml | 20 +++++++++++--------- 4 files changed, 16 insertions(+), 16 deletions(-) delete mode 100755 .github/scripts/bump-version.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d8b0bfee0..5bf500ba1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,8 @@ updates: actions: patterns: - "*" + # Python + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/scripts/bump-version.sh b/.github/scripts/bump-version.sh deleted file mode 100755 index 4aa383dff..000000000 --- a/.github/scripts/bump-version.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -eu - -CURRENT_VERSION=$(python setup.py --version) -sed -i "s/__version__ = \"${CURRENT_VERSION}\"/__version__ = \"$1\"/" django_mongodb/__init__.py diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 19b0ebe5e..ca759ab66 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -49,7 +49,6 @@ jobs: id: pre-publish with: version: ${{ inputs.version }} - version_bump_script: ./.github/scripts/bump-version.sh dry_run: ${{ inputs.dry_run }} build-dist: @@ -91,7 +90,6 @@ jobs: product_name: ${{ env.PRODUCT_NAME }} silk_asset_group: ${{ env.SILK_ASSET_GROUP }} evergreen_project: ${{ env.EVERGREEN_PROJECT }} - version_bump_script: ./.github/scripts/bump-version.sh token: ${{ github.token }} repository_url: https://test.pypi.org/legacy/ dry_run: ${{ inputs.dry_run }} diff --git a/pyproject.toml b/pyproject.toml index d41371041..96a5dcce4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,10 +1,10 @@ [build-system] -requires = ["setuptools>=65.0"] -build-backend = "setuptools.build_meta" +requires = ["hatchling", "hatch-requirements-txt>=0.4.1"] +build-backend = "hatchling.build" [project] name = "django-mongodb" -dynamic = ["version"] +dynamic = ["version", "dependencies"] description = "MongoDB backend for Django" readme = "README.md" license = {file="LICENSE"} @@ -31,10 +31,6 @@ classifiers = [ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", ] -dependencies = [ - "django>=5.0,<5.1", - "pymongo>=4.6,<5.0", -] [project.optional-dependencies] docs = [ "sphinx>=7"] @@ -45,8 +41,12 @@ Documentation = "https://django-mongodb.readthedocs.io" Source = "https://github.com/mongodb-labs/django-mongodb" Tracker = "https://github.com/mongodb-labs/django-mongodb/issues" -[tool.setuptools.dynamic] -version = {attr = "django_mongodb.__version__"} +[tool.hatch.version] +path = "django_mongodb/__init__.py" +validate-bump = false + +[tool.hatch.metadata.hooks.requirements_txt] +files = ["requirements.txt"] [tool.mypy] strict = true @@ -119,3 +119,5 @@ partial_branches = ["if (.*and +)*not _use_c( and.*)*:"] [tool.coverage.html] directory = "htmlcov" + +[tool.hatch] From e9cdd43a3dcc9e100f6ff8ced3b5bd27008f9fda Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 10:41:38 -0600 Subject: [PATCH 05/12] add requirements file --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 000000000..9e1fd53c3 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +django>=5.0,<5.1 +pymongo>=4.6,<5.0 From 47c23b253e1f5d8f81a21417b63325dd6b26a014 Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:42:56 +0000 Subject: [PATCH 06/12] BUMP 5.0.0.dev0 Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- django_mongodb/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django_mongodb/__init__.py b/django_mongodb/__init__.py index 7994999df..3452ed930 100644 --- a/django_mongodb/__init__.py +++ b/django_mongodb/__init__.py @@ -1,4 +1,4 @@ -__version__ = "5.0a0" +__version__ = "5.0.0.dev0" # Check Django compatibility before other imports which may fail if the # wrong version of Django is installed. From 77aa3e31baded5d06820f0051220a6e803cc0f8a Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:49:38 +0000 Subject: [PATCH 07/12] BUMP 5.0.0.dev1 Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- django_mongodb/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django_mongodb/__init__.py b/django_mongodb/__init__.py index 3452ed930..ba9b38b44 100644 --- a/django_mongodb/__init__.py +++ b/django_mongodb/__init__.py @@ -1,4 +1,4 @@ -__version__ = "5.0.0.dev0" +__version__ = "5.0.0.dev1" # Check Django compatibility before other imports which may fail if the # wrong version of Django is installed. From 8b1f4977d32a47bef30dbd6bed46e316d250db7b Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:52:36 +0000 Subject: [PATCH 08/12] BUMP 5.0.0.dev2 Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- django_mongodb/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django_mongodb/__init__.py b/django_mongodb/__init__.py index ba9b38b44..0f865dd7a 100644 --- a/django_mongodb/__init__.py +++ b/django_mongodb/__init__.py @@ -1,4 +1,4 @@ -__version__ = "5.0.0.dev1" +__version__ = "5.0.0.dev2" # Check Django compatibility before other imports which may fail if the # wrong version of Django is installed. From 51e7934553f94267b536ad1aefe6a8a03444ed41 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 15:18:13 -0600 Subject: [PATCH 09/12] make following version optional --- .github/workflows/release-python.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index ca759ab66..084d50f22 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -8,7 +8,7 @@ on: required: true following_version: description: "The post (dev) version to set" - required: true + required: false dry_run: description: "Dry Run?" default: false From c0ce2df50ef96849ad0b1b720fa250bea5d9c242 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 7 Nov 2024 15:20:35 -0600 Subject: [PATCH 10/12] remove unused config --- pyproject.toml | 2 -- 1 file changed, 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 96a5dcce4..4fd41fef0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -119,5 +119,3 @@ partial_branches = ["if (.*and +)*not _use_c( and.*)*:"] [tool.coverage.html] directory = "htmlcov" - -[tool.hatch] From 86016df06c3b866c9af21a1b0ef9e629c0c82b00 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 13 Nov 2024 08:19:57 -0600 Subject: [PATCH 11/12] switch to upstream --- .github/workflows/release-python.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 084d50f22..d9f7667c9 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -83,7 +83,7 @@ jobs: aws_region_name: ${{ vars.AWS_REGION_NAME }} aws_secret_id: ${{ secrets.AWS_SECRET_ID }} artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }} - - uses: blink1073/drivers-github-tools/python/publish@INTPYTHON-406 + - uses: mongodb-labs/drivers-github-tools/python/publish@v2 with: version: ${{ inputs.version }} following_version: ${{ inputs.following_version }} From 0e092b85ceae830c96d42dca84c815eba29f60a4 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 18 Nov 2024 09:33:20 -0600 Subject: [PATCH 12/12] address review --- django_mongodb/__init__.py | 2 +- requirements.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/django_mongodb/__init__.py b/django_mongodb/__init__.py index 0f865dd7a..7994999df 100644 --- a/django_mongodb/__init__.py +++ b/django_mongodb/__init__.py @@ -1,4 +1,4 @@ -__version__ = "5.0.0.dev2" +__version__ = "5.0a0" # Check Django compatibility before other imports which may fail if the # wrong version of Django is installed. diff --git a/requirements.txt b/requirements.txt index 9e1fd53c3..214677f9a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ +# NOTE: this needs to change per branch to track the django version. django>=5.0,<5.1 pymongo>=4.6,<5.0