From 88398fbc2739eaceef5c5a49082f5b0027a72bc9 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:04:18 -0500 Subject: [PATCH 01/65] add wheel building action --- .github/workflows/wheels.yml | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/wheels.yml diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml new file mode 100644 index 00000000..2ad6ae35 --- /dev/null +++ b/.github/workflows/wheels.yml @@ -0,0 +1,52 @@ +name: Build + +on: [push, pull_request, workflow_dispatch] # this is just for testing + # push: + # branches: + # - main + # # Release branches + # - "sdk-core/*" + # pull_request: + # branches: + # - main + # - "sdk-core/*" + # Allow manual triggering of the workflow + # workflow_dispatch: + +jobs: + build_wheels: + name: Build wheels for Python SDK on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + matrix: + # Macos 13 is an intel runner and macos 14 is an apple silicon runner + os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] + + + steps: + - uses: actions/checkout@v4 + + # Need to grab the SDK version for the wheel name + - name: Extract SDK Version + run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Build wheels + env: + CIBW_MANYLINUX_X86_64_IMAGE: "manylinux2_32" + CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux2_32" + CIBW_ARCHS: "native" + CIBW_BEFORE_TEST: "pip install pydantic" + CIBW_TEST_COMMAND: "python3 example/example.py" + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + + uses: pypa/cibuildwheel@v2.23.0 + + - uses: actions/upload-artifact@v4 + with: + name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }}-${{ strategy.job-index }} + path: ./wheelhouse/*.whl \ No newline at end of file From 8eac2b748185d1b39836743446daf0aa4eb4f6a8 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:07:46 -0500 Subject: [PATCH 02/65] fix manylinux image and dont build wheels for PyPi --- .github/workflows/wheels.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 2ad6ae35..8c96cacd 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -37,8 +37,9 @@ jobs: - name: Build wheels env: - CIBW_MANYLINUX_X86_64_IMAGE: "manylinux2_32" - CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux2_32" + CIBW_SKIP: pp* + CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_32" + CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_32" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" CIBW_TEST_COMMAND: "python3 example/example.py" From c2627e67e48ad4a53f663f93d2ff4c126f4e019e Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:13:44 -0500 Subject: [PATCH 03/65] go to 2_34 manylinux image as theres no 2_32 image --- .github/workflows/wheels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 8c96cacd..d3514d45 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -38,8 +38,8 @@ jobs: - name: Build wheels env: CIBW_SKIP: pp* - CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_32" - CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_32" + CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_34" + CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_34" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" CIBW_TEST_COMMAND: "python3 example/example.py" From ea82680895e975cf0836cfc0e822d42c1753aa9b Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:17:12 -0500 Subject: [PATCH 04/65] fix linux image name --- .github/workflows/wheels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index d3514d45..9a98c8a9 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -38,8 +38,8 @@ jobs: - name: Build wheels env: CIBW_SKIP: pp* - CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_34" - CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_34" + CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_34_x86_64" + CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" CIBW_TEST_COMMAND: "python3 example/example.py" From 9742677aecbfbf3a3f9cf2d6d9130063e285f218 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:18:40 -0500 Subject: [PATCH 05/65] add full url for linux image --- .github/workflows/wheels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 9a98c8a9..21514bb2 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -38,8 +38,8 @@ jobs: - name: Build wheels env: CIBW_SKIP: pp* - CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_34_x86_64" - CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux_2_34_aarch64" + CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" + CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" CIBW_TEST_COMMAND: "python3 example/example.py" From 16a9cb40700db3f5945a4e6686315a70813ae106 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:50:41 -0500 Subject: [PATCH 06/65] update setup.py to build in correct folder --- setup.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 9e4a7b7a..fb65e689 100644 --- a/setup.py +++ b/setup.py @@ -1,4 +1,5 @@ from pathlib import Path +import sysconfig from setuptools import setup, find_packages from sysconfig import get_platform from version import SDK_VERSION @@ -19,10 +20,25 @@ def finalize_options(self): except ImportError: bdist_wheel = None +def get_data_files(): + # Specify the destination directory for platform-specific shared libraries + shared_libs = get_shared_library_data_to_include() + data_files = [] + + # Use sysconfig to get the correct platform-specific site-packages directory + platlib_path = sysconfig.get_paths()["platlib"] + + for file_path in shared_libs: + if file_path: + # Add the library file to data_files list with correct platlib path + data_files.append((platlib_path, [file_path])) + + return data_files + def get_shared_library_data_to_include(): # Return the correct uniffi C shared library extension for the given platform - include_path = "lib" + include_path = "src/onepassword/lib" machine_type = os.getenv("PYTHON_MACHINE_PLATFORM") or platform.machine().lower() if machine_type in ["x86_64", "amd64"]: include_path = os.path.join(include_path, "x86_64") @@ -73,7 +89,7 @@ def get_shared_library_data_to_include(): "License :: OSI Approved :: MIT License", ], cmdclass={"bdist_wheel": bdist_wheel}, - package_data={"": get_shared_library_data_to_include()}, + data_files=get_data_files(), install_requires=[ "pydantic>=2.5", # Minimum Pydantic version to run the Python SDK ], From cd8b06fdfa37dfac18d62f6562612c2b07cb1d53 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:55:28 -0500 Subject: [PATCH 07/65] update test cmd path --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 21514bb2..8903fde1 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -42,7 +42,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" - CIBW_TEST_COMMAND: "python3 example/example.py" + CIBW_TEST_COMMAND: "python3 onepassword-sdk-python/example/example.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} uses: pypa/cibuildwheel@v2.23.0 From 6f659f641029d102dd63cc2d6b9fc3fbb6dd2666 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 12:59:18 -0500 Subject: [PATCH 08/65] checkout only the example folder --- .github/workflows/wheels.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 8903fde1..4a989b44 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -25,6 +25,10 @@ jobs: steps: - uses: actions/checkout@v4 + with: + sparse-checkout: | + example/* + sparse-checkout-cone-mode: true # Need to grab the SDK version for the wheel name - name: Extract SDK Version @@ -42,7 +46,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" - CIBW_TEST_COMMAND: "python3 onepassword-sdk-python/example/example.py" + CIBW_TEST_COMMAND: "python3 example/example.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} uses: pypa/cibuildwheel@v2.23.0 From deaeb15f1d977bbb93bc25a511d74de5991b5acf Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 13:00:14 -0500 Subject: [PATCH 09/65] checkout example folder correctly --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 4a989b44..19121a5e 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -28,7 +28,7 @@ jobs: with: sparse-checkout: | example/* - sparse-checkout-cone-mode: true + sparse-checkout-cone-mode: false # Need to grab the SDK version for the wheel name - name: Extract SDK Version From efe387e5ac9fe505993e5285e850385938565908 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 4 Mar 2025 13:05:15 -0500 Subject: [PATCH 10/65] edit path --- .github/workflows/wheels.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 19121a5e..5d5b36a8 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -25,10 +25,6 @@ jobs: steps: - uses: actions/checkout@v4 - with: - sparse-checkout: | - example/* - sparse-checkout-cone-mode: false # Need to grab the SDK version for the wheel name - name: Extract SDK Version @@ -46,7 +42,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic" - CIBW_TEST_COMMAND: "python3 example/example.py" + CIBW_TEST_COMMAND: "python3 ${{github.workspace}}/example/example.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} uses: pypa/cibuildwheel@v2.23.0 From 670175fb4cd6242f3bd2603f528abae26c1409c7 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 07:38:02 -0500 Subject: [PATCH 11/65] add support for shared libs packaging --- setup.py | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/setup.py b/setup.py index fb65e689..fa4583f6 100644 --- a/setup.py +++ b/setup.py @@ -2,6 +2,8 @@ import sysconfig from setuptools import setup, find_packages from sysconfig import get_platform + +import setuptools from version import SDK_VERSION import platform import os @@ -20,25 +22,13 @@ def finalize_options(self): except ImportError: bdist_wheel = None -def get_data_files(): - # Specify the destination directory for platform-specific shared libraries - shared_libs = get_shared_library_data_to_include() - data_files = [] - - # Use sysconfig to get the correct platform-specific site-packages directory - platlib_path = sysconfig.get_paths()["platlib"] - - for file_path in shared_libs: - if file_path: - # Add the library file to data_files list with correct platlib path - data_files.append((platlib_path, [file_path])) - - return data_files - +class BinaryDistribution (setuptools.Distribution): + def has_ext_modules(self): + return True def get_shared_library_data_to_include(): # Return the correct uniffi C shared library extension for the given platform - include_path = "src/onepassword/lib" + include_path = "lib" machine_type = os.getenv("PYTHON_MACHINE_PLATFORM") or platform.machine().lower() if machine_type in ["x86_64", "amd64"]: include_path = os.path.join(include_path, "x86_64") @@ -72,6 +62,7 @@ def get_shared_library_data_to_include(): packages=find_packages( where="src", ), + distclass=BinaryDistribution, license="MIT", license_files="LICENSE", package_dir={"": "src"}, @@ -89,7 +80,7 @@ def get_shared_library_data_to_include(): "License :: OSI Approved :: MIT License", ], cmdclass={"bdist_wheel": bdist_wheel}, - data_files=get_data_files(), + package_data={"": get_shared_library_data_to_include()}, install_requires=[ "pydantic>=2.5", # Minimum Pydantic version to run the Python SDK ], From 3ad27e920e98e90a5212e4651241926330c62df5 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 07:41:51 -0500 Subject: [PATCH 12/65] add cryptography as a wheel --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 5d5b36a8..0dca001f 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -41,7 +41,7 @@ jobs: CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" - CIBW_BEFORE_TEST: "pip install pydantic" + CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python3 ${{github.workspace}}/example/example.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} From 5e84ed0c3a83d3d4d4a32a96b2fb8b7fe3e7b4be Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 07:45:52 -0500 Subject: [PATCH 13/65] make it manual --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 0dca001f..cb6ca4f9 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,6 +1,6 @@ name: Build -on: [push, pull_request, workflow_dispatch] # this is just for testing +on: [workflow_dispatch] # this is just for testing # push: # branches: # - main From 35d2f0de531d54ef1532b29a65b1291ce3bb4fbf Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 07:49:00 -0500 Subject: [PATCH 14/65] don't stop if fail --- .github/workflows/wheels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index cb6ca4f9..1c76785c 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,6 +1,6 @@ name: Build -on: [workflow_dispatch] # this is just for testing +on: [push, pull_request, workflow_dispatch] # this is just for testing # push: # branches: # - main @@ -44,7 +44,7 @@ jobs: CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python3 ${{github.workspace}}/example/example.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - + continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 - uses: actions/upload-artifact@v4 From 67edcbbc45a32315f357a60651653a15ef1bd274 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 08:02:35 -0500 Subject: [PATCH 15/65] debug working dir --- .github/workflows/wheels.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 1c76785c..1f561962 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -25,6 +25,13 @@ jobs: steps: - uses: actions/checkout@v4 + - name: List all files in the workspace + run: | + if [ "$(uname)" == "Linux" ] || [ "$(uname)" == "Darwin" ]; then + find $GITHUB_WORKSPACE + else + dir $GITHUB_WORKSPACE + fi # Need to grab the SDK version for the wheel name - name: Extract SDK Version @@ -43,6 +50,7 @@ jobs: CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python3 ${{github.workspace}}/example/example.py" + MACOSX_DEPLOYMENT_TARGET: 11.0 OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 From 145758d80c6767c2cc75e3e5c40e56e4c6a7d16b Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 08:11:02 -0500 Subject: [PATCH 16/65] check file permissions --- .github/workflows/wheels.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 1f561962..5fb900b5 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -25,13 +25,9 @@ jobs: steps: - uses: actions/checkout@v4 - - name: List all files in the workspace - run: | - if [ "$(uname)" == "Linux" ] || [ "$(uname)" == "Darwin" ]; then - find $GITHUB_WORKSPACE - else - dir $GITHUB_WORKSPACE - fi + - name: Check file permissions for example.py + run: ls -l $GITHUB_WORKSPACE/example/example.py + continue-on-error: true # Need to grab the SDK version for the wheel name - name: Extract SDK Version From f31665458499fc8e1fcea3ca0c3eafed4bf1225d Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 08:16:16 -0500 Subject: [PATCH 17/65] change to python instead of python3 --- .github/workflows/wheels.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 5fb900b5..06340d60 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -25,9 +25,6 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Check file permissions for example.py - run: ls -l $GITHUB_WORKSPACE/example/example.py - continue-on-error: true # Need to grab the SDK version for the wheel name - name: Extract SDK Version @@ -45,7 +42,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: "python3 ${{github.workspace}}/example/example.py" + CIBW_TEST_COMMAND: "python ${{github.workspace}}/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 881497d57c72e6669955dac64ad7e8fe4ea2d7b3 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:14:06 -0500 Subject: [PATCH 18/65] remove other jobs and see files path --- .github/workflows/wheels.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 06340d60..4d691a34 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,4 +1,4 @@ -name: Build +name: Build Wheels for Python SDK on: [push, pull_request, workflow_dispatch] # this is just for testing # push: @@ -20,7 +20,7 @@ jobs: strategy: matrix: # Macos 13 is an intel runner and macos 14 is an apple silicon runner - os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] + os: [ubuntu-22.04, ubuntu-22.04-arm] steps: @@ -28,7 +28,11 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version - run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + + - name: List Files in Example Directory + run: ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ + - name: Setup Python uses: actions/setup-python@v5 @@ -43,7 +47,7 @@ jobs: CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python ${{github.workspace}}/example/example.py" - MACOSX_DEPLOYMENT_TARGET: 11.0 + MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 From f7a108359059f1a863ec4baf5547c95ea5778aba Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:16:26 -0500 Subject: [PATCH 19/65] try hardcoded path --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 4d691a34..4434d1f6 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -46,7 +46,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: "python ${{github.workspace}}/example/example.py" + CIBW_TEST_COMMAND: "python /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 1cc21ce5f38183240260009c1f1b7c0c4f1f6d5b Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:18:39 -0500 Subject: [PATCH 20/65] debug --- .github/workflows/wheels.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 4434d1f6..4cfb6169 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -30,8 +30,15 @@ jobs: - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - - name: List Files in Example Directory - run: ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ + - name: Debug directory contents + run: | + echo "Current working directory:" + pwd + echo "Listing files in the example directory:" + ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ + echo "Attempting to read example.py:" + cat /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py + - name: Setup Python From f94d10ba4d588c9a8918ae310a627b4ab689f7ed Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:20:26 -0500 Subject: [PATCH 21/65] see python version and go to 3.12 --- .github/workflows/wheels.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 4cfb6169..238d2a0d 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -38,13 +38,15 @@ jobs: ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ echo "Attempting to read example.py:" cat /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py - - - - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "3.13" + python-version: "3.12" + + - name: Verify Python version + run: | + python3 --version + which python3 - name: Build wheels env: From c777afd4ed8b901054af3ce815051f4a461141dd Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:23:11 -0500 Subject: [PATCH 22/65] try --- .github/workflows/wheels.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 238d2a0d..aedaa535 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -30,23 +30,19 @@ jobs: - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - - name: Debug directory contents - run: | - echo "Current working directory:" - pwd - echo "Listing files in the example directory:" - ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ - echo "Attempting to read example.py:" - cat /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py - name: Setup Python uses: actions/setup-python@v5 with: python-version: "3.12" - - name: Verify Python version + - name: Debug directory contents run: | - python3 --version - which python3 + echo "Current working directory:" + pwd + echo "Listing files in the example directory:" + ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ + echo "Attempting to read example.py:" + python3 /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py - name: Build wheels env: From 521efd0385427f67af13a1370e1149c4b7c89513 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:24:15 -0500 Subject: [PATCH 23/65] check here --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index aedaa535..1992d84c 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -42,7 +42,7 @@ jobs: echo "Listing files in the example directory:" ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ echo "Attempting to read example.py:" - python3 /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py + python3 ${{github.workspace}}/example/example.py - name: Build wheels env: From bacb8c70ba0ee6bc7ffd491f1ee624169fe8f06a Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:26:07 -0500 Subject: [PATCH 24/65] try bilding wheels now --- .github/workflows/wheels.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 1992d84c..c2d5d0ff 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: # Macos 13 is an intel runner and macos 14 is an apple silicon runner - os: [ubuntu-22.04, ubuntu-22.04-arm] + os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] steps: @@ -34,15 +34,6 @@ jobs: uses: actions/setup-python@v5 with: python-version: "3.12" - - - name: Debug directory contents - run: | - echo "Current working directory:" - pwd - echo "Listing files in the example directory:" - ls -alh /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/ - echo "Attempting to read example.py:" - python3 ${{github.workspace}}/example/example.py - name: Build wheels env: @@ -51,7 +42,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: "python /home/runner/work/onepassword-sdk-python/onepassword-sdk-python/example/example.py" + CIBW_TEST_COMMAND: python3 ${{github.workspace}}/example/example.py MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From efc4ed447df14487e4c6111643ad8be8ff8fea8a Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:30:18 -0500 Subject: [PATCH 25/65] fix path of test and removei nstallation of python --- .github/workflows/wheels.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index c2d5d0ff..a22cd818 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -29,11 +29,6 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: "3.12" - name: Build wheels env: @@ -42,7 +37,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: python3 ${{github.workspace}}/example/example.py + CIBW_TEST_COMMAND: python ./onepassword-sdk-python/example/example.py MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 8f19e0def4cc93a0ef2d0c357ab959f33eab1508 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:32:38 -0500 Subject: [PATCH 26/65] add python3 --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index a22cd818..577343d8 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -37,7 +37,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: python ./onepassword-sdk-python/example/example.py + CIBW_TEST_COMMAND: python3 ./onepassword-sdk-python/example/example.py MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 1a3e9bbfb75912826641f15cfcf0e66ec38ada3f Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:34:33 -0500 Subject: [PATCH 27/65] revert path --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 577343d8..0f26d650 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -37,7 +37,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: python3 ./onepassword-sdk-python/example/example.py + CIBW_TEST_COMMAND: python3 ${{github.workspace}}/example/example.py MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From e3ffc3ef1deb3ba628262856bd581c159dd52443 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:41:07 -0500 Subject: [PATCH 28/65] add script --- .github/workflows/wheels.yml | 5 ++++- run_example.sh | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 run_example.sh diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 0f26d650..7a930ff4 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -29,6 +29,9 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + + - name: Make test script executable + run: chmod +x run_test.sh - name: Build wheels env: @@ -37,7 +40,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: python3 ${{github.workspace}}/example/example.py + CIBW_TEST_COMMAND: ${{github.workspace}}/run_test.sh MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true diff --git a/run_example.sh b/run_example.sh new file mode 100644 index 00000000..3e2af66c --- /dev/null +++ b/run_example.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -e + +echo "Running example.py" +python example/example.py From ea0c161b948f04992cf0091af4660a2262f03d18 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:41:57 -0500 Subject: [PATCH 29/65] add permission --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 7a930ff4..2db28d4f 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -31,7 +31,7 @@ jobs: run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - name: Make test script executable - run: chmod +x run_test.sh + run: chmod +x ${{github.workspace}}/run_test.sh - name: Build wheels env: From fce070edef5a90cec1879cb795d60ca6c4dca8ea Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:42:34 -0500 Subject: [PATCH 30/65] fix name --- .github/workflows/wheels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 2db28d4f..200e2ee5 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -31,7 +31,7 @@ jobs: run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - name: Make test script executable - run: chmod +x ${{github.workspace}}/run_test.sh + run: chmod +x ${{github.workspace}}/run_example.sh - name: Build wheels env: @@ -40,7 +40,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: ${{github.workspace}}/run_test.sh + CIBW_TEST_COMMAND: ${{github.workspace}}/run_example.sh MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 8bba2eb6e85aac09cc220bd8120445447048c445 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:45:31 -0500 Subject: [PATCH 31/65] delete script --- .github/workflows/wheels.yml | 8 ++++---- run_example.sh | 5 ----- 2 files changed, 4 insertions(+), 9 deletions(-) delete mode 100644 run_example.sh diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 200e2ee5..7903b26d 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -29,9 +29,6 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - - - name: Make test script executable - run: chmod +x ${{github.workspace}}/run_example.sh - name: Build wheels env: @@ -40,7 +37,10 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: ${{github.workspace}}/run_example.sh + CIBW_TEST_COMMAND: | + cd ${{github.workspace}} + ls + python example/example.py MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true diff --git a/run_example.sh b/run_example.sh deleted file mode 100644 index 3e2af66c..00000000 --- a/run_example.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e - -echo "Running example.py" -python example/example.py From 028d32b5590b0d112c2570c708d6a473d07708e3 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 09:54:24 -0500 Subject: [PATCH 32/65] fix test command --- .github/workflows/wheels.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 7903b26d..ad89ba4f 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -37,10 +37,7 @@ jobs: CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: | - cd ${{github.workspace}} - ls - python example/example.py + CIBW_TEST_COMMAND: "python {project}/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true From 2e6941f6275cecb73f5720e630b4b983d057233b Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 10:06:33 -0500 Subject: [PATCH 33/65] pass sa token to linux --- .github/workflows/wheels.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index ad89ba4f..2d63f018 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -39,6 +39,7 @@ jobs: CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python {project}/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason linux doesn't read the env variables OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 From 4e944bddd00516ab712dacf5e943def249aafea2 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 10:33:58 -0500 Subject: [PATCH 34/65] add morgan change --- .github/workflows/wheels.yml | 5 ++++- example/example.py | 18 +++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 2d63f018..7e5eb5ed 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -39,8 +39,11 @@ jobs: CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python {project}/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason linux doesn't read the env variables OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + OP_VAULT_ID: ${{ secrets.EXAMPLE_TESTS_OP_VAULT_ID }} + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN, OP_VAULT_ID # to pass in the SA token, for some reason linux doesn't read the env variables + + continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 diff --git a/example/example.py b/example/example.py index ccb55a37..1f68dcbf 100644 --- a/example/example.py +++ b/example/example.py @@ -44,18 +44,16 @@ async def main(): print(error) # [developer-docs.sdk.python.validate-secret-reference]-end - # [developer-docs.sdk.python.resolve-secret]-start - # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. - value = await client.secrets.resolve("op://vault/item/field") - print(value) - # [developer-docs.sdk.python.resolve-secret]-end + vault_id= os.getenv("OP_VAULT_ID") + if vault_id is None: + raise Exception("OP_VAULT_ID environment variable is not set") # [developer-docs.sdk.python.create-item]-start # Create an Item and add it to your vault. to_create = ItemCreateParams( title="MyName", category=ItemCategory.LOGIN, - vault_id="7turaasywpymt3jecxoxk5roli", + vault_id=vault_id, fields=[ ItemField( id="username", @@ -95,6 +93,12 @@ async def main(): print(dict(created_item)) + # [developer-docs.sdk.python.resolve-secret]-start + # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. + value = await client.secrets.resolve(f"op://{created_item.vault_id}/{created_item.id}/username") + print(value) + # [developer-docs.sdk.python.resolve-secret]-end + # [developer-docs.sdk.python.resolve-totp-code]-start # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. code = await client.secrets.resolve( @@ -375,4 +379,4 @@ async def create_attach_and_delete_file_field_item(client: Client): if __name__ == "__main__": - asyncio.run(main()) + asyncio.run(main()) \ No newline at end of file From cd9b562e9a31194ae2067873356f52ff554ebfd3 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 10:36:10 -0500 Subject: [PATCH 35/65] fix rules of when this job wil run --- .github/workflows/wheels.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 7e5eb5ed..c9f224cb 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,17 +1,17 @@ name: Build Wheels for Python SDK -on: [push, pull_request, workflow_dispatch] # this is just for testing - # push: - # branches: - # - main - # # Release branches - # - "sdk-core/*" - # pull_request: - # branches: - # - main - # - "sdk-core/*" +on: + push: + branches: + - main + # Release branches + - "sdk-core/*" + pull_request: + branches: + - main + - "sdk-core/*" # Allow manual triggering of the workflow - # workflow_dispatch: + workflow_dispatch: jobs: build_wheels: From 98f48327d01e9e1a20410dc4bf4846584e09c3ba Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 10:37:15 -0500 Subject: [PATCH 36/65] update sa token --- .github/workflows/wheels.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index c9f224cb..36476c56 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -39,12 +39,10 @@ jobs: CIBW_BEFORE_TEST: "pip install pydantic cryptography" CIBW_TEST_COMMAND: "python {project}/example/example.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.EXAMPLE_TESTS_OP_SERVICE_ACCOUNT_TOKEN }} OP_VAULT_ID: ${{ secrets.EXAMPLE_TESTS_OP_VAULT_ID }} CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN, OP_VAULT_ID # to pass in the SA token, for some reason linux doesn't read the env variables - - continue-on-error: true uses: pypa/cibuildwheel@v2.23.0 - uses: actions/upload-artifact@v4 From 8bf9ccb61c1cdccf0df49b54b3598eae7ac8f03a Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 11:29:56 -0500 Subject: [PATCH 37/65] test on test_client instead of example.py --- .github/workflows/wheels.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 36476c56..fe7ecae1 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -36,12 +36,11 @@ jobs: CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" - CIBW_BEFORE_TEST: "pip install pydantic cryptography" - CIBW_TEST_COMMAND: "python {project}/example/example.py" + CIBW_BEFORE_TEST: "pip install pydantic cryptography pytest pytest-asyncio" + CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.EXAMPLE_TESTS_OP_SERVICE_ACCOUNT_TOKEN }} - OP_VAULT_ID: ${{ secrets.EXAMPLE_TESTS_OP_VAULT_ID }} - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN, OP_VAULT_ID # to pass in the SA token, for some reason linux doesn't read the env variables + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason linux doesn't read the env variables uses: pypa/cibuildwheel@v2.23.0 From e88f750781b4496fcbbb074f3b4a201711f289bd Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 11:35:41 -0500 Subject: [PATCH 38/65] skip musllinux wheels --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index fe7ecae1..c0d21ffb 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -32,7 +32,7 @@ jobs: - name: Build wheels env: - CIBW_SKIP: pp* + CIBW_SKIP: pp* *-musllinux_* CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" From 976c276546977415cd7df252a2dadbe7072a693e Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 11:52:57 -0500 Subject: [PATCH 39/65] fix rules for when the job is ran --- .github/workflows/wheels.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index c0d21ffb..a3ea7bce 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -3,13 +3,8 @@ name: Build Wheels for Python SDK on: push: branches: - - main # Release branches - "sdk-core/*" - pull_request: - branches: - - main - - "sdk-core/*" # Allow manual triggering of the workflow workflow_dispatch: @@ -36,7 +31,7 @@ jobs: CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" - CIBW_BEFORE_TEST: "pip install pydantic cryptography pytest pytest-asyncio" + CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} From 2a09d16585225454572a4846f9a3be41b2d81641 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 12:38:41 -0500 Subject: [PATCH 40/65] check if its manual and its a release branch --- .github/workflows/wheels.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index a3ea7bce..e8659011 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -10,6 +10,7 @@ on: jobs: build_wheels: + if: github.event_name == 'workflow_dispatch' && startsWith(github.ref, 'refs/heads/sdk-core/') name: Build wheels for Python SDK on ${{ matrix.os }} runs-on: ${{ matrix.os }} strategy: From 1fc38954dc49339f0b1632629f14181c6f752bcf Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 12:46:52 -0500 Subject: [PATCH 41/65] add input --- .github/workflows/wheels.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index e8659011..33d2074c 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -7,10 +7,14 @@ on: - "sdk-core/*" # Allow manual triggering of the workflow workflow_dispatch: + inputs: + build-wheels: + description: 'Do you want to build wheels for the Python SDK?' + type: boolean + default: false jobs: build_wheels: - if: github.event_name == 'workflow_dispatch' && startsWith(github.ref, 'refs/heads/sdk-core/') name: Build wheels for Python SDK on ${{ matrix.os }} runs-on: ${{ matrix.os }} strategy: From c3f0211e2931115ea52d96685d2a300933bb2393 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 12:49:37 -0500 Subject: [PATCH 42/65] remove the push --- .github/workflows/wheels.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 33d2074c..a5b7a383 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,10 +1,6 @@ name: Build Wheels for Python SDK on: - push: - branches: - # Release branches - - "sdk-core/*" # Allow manual triggering of the workflow workflow_dispatch: inputs: From cc5cf761e5a740deb56a5fda51bc992ce1678873 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 12:57:59 -0500 Subject: [PATCH 43/65] fix up yml file --- .github/workflows/wheels.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index a5b7a383..68220307 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,5 +1,4 @@ name: Build Wheels for Python SDK - on: # Allow manual triggering of the workflow workflow_dispatch: @@ -15,13 +14,11 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - # Macos 13 is an intel runner and macos 14 is an apple silicon runner + # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] - - steps: - uses: actions/checkout@v4 - + # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV @@ -36,11 +33,11 @@ jobs: CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason linux doesn't read the env variables + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason Linux doesn't read the env variables correctly uses: pypa/cibuildwheel@v2.23.0 - + - uses: actions/upload-artifact@v4 with: - name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }}-${{ strategy.job-index }} - path: ./wheelhouse/*.whl \ No newline at end of file + name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }} + path: ./wheelhouse/*.whl From 5690c3263aaea55221ffea4b9401c9f65e698629 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 12:59:27 -0500 Subject: [PATCH 44/65] revert example file --- example/example.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/example/example.py b/example/example.py index 1f68dcbf..4a8e859e 100644 --- a/example/example.py +++ b/example/example.py @@ -44,16 +44,18 @@ async def main(): print(error) # [developer-docs.sdk.python.validate-secret-reference]-end - vault_id= os.getenv("OP_VAULT_ID") - if vault_id is None: - raise Exception("OP_VAULT_ID environment variable is not set") + # [developer-docs.sdk.python.resolve-secret]-start + # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. + value = await client.secrets.resolve("op://vault/item/field") + print(value) + # [developer-docs.sdk.python.resolve-secret]-end # [developer-docs.sdk.python.create-item]-start # Create an Item and add it to your vault. to_create = ItemCreateParams( title="MyName", category=ItemCategory.LOGIN, - vault_id=vault_id, + vault_id="7turaasywpymt3jecxoxk5roli", fields=[ ItemField( id="username", @@ -93,12 +95,6 @@ async def main(): print(dict(created_item)) - # [developer-docs.sdk.python.resolve-secret]-start - # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. - value = await client.secrets.resolve(f"op://{created_item.vault_id}/{created_item.id}/username") - print(value) - # [developer-docs.sdk.python.resolve-secret]-end - # [developer-docs.sdk.python.resolve-totp-code]-start # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. code = await client.secrets.resolve( From 2345ad1861ea34bd293b2e1f67a0e99df805f6be Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 13:01:28 -0500 Subject: [PATCH 45/65] clean up setup.py --- setup.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/setup.py b/setup.py index fa4583f6..7d251de4 100644 --- a/setup.py +++ b/setup.py @@ -1,9 +1,6 @@ from pathlib import Path -import sysconfig -from setuptools import setup, find_packages +from setuptools import setup, find_packages, Distribution from sysconfig import get_platform - -import setuptools from version import SDK_VERSION import platform import os @@ -22,7 +19,7 @@ def finalize_options(self): except ImportError: bdist_wheel = None -class BinaryDistribution (setuptools.Distribution): +class BinaryDistribution(Distribution): def has_ext_modules(self): return True From a16e535d22da0f1feae2f1a0d9d875146f3a43e2 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Wed, 5 Mar 2025 13:04:08 -0500 Subject: [PATCH 46/65] add build sdist and fix EOL --- .github/workflows/wheels.yml | 18 ++++++++++++++++++ example/example.py | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 68220307..7b445c4a 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -41,3 +41,21 @@ jobs: with: name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }} path: ./wheelhouse/*.whl + + build-sdist: + name: Build source distribution for Python SDK + runs-on: ubuntu-latest + needs: build_wheels + steps: + # Need to grab the SDK version for the wheel name + - name: Extract SDK Version + run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + - name: Build source distribution + run: python -m build --sdist + + - uses: actions/upload-artifact@v4 + with: + name: onepassword-sdk-${{ env.SDK_VERSION }} + path: ./wheelhouse/*.tar.gz diff --git a/example/example.py b/example/example.py index 4a8e859e..ccb55a37 100644 --- a/example/example.py +++ b/example/example.py @@ -375,4 +375,4 @@ async def create_attach_and_delete_file_field_item(client: Client): if __name__ == "__main__": - asyncio.run(main()) \ No newline at end of file + asyncio.run(main()) From 94fe54805791d1e728c1ac74249f7fe178f5adbd Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 6 Mar 2025 06:11:33 -0500 Subject: [PATCH 47/65] add test job for source distro --- .github/workflows/wheels.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 7b445c4a..6c2101f7 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -45,15 +45,22 @@ jobs: build-sdist: name: Build source distribution for Python SDK runs-on: ubuntu-latest - needs: build_wheels steps: # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - uses: actions/checkout@v4 + - name: Build source distribution run: python -m build --sdist + + - name: Test Source Distribution + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + run: | + python -m pip install dist/*.tar.gz + python -m pytest src/onepassword/test_client.py - uses: actions/upload-artifact@v4 with: From 1a487cac15542b87e3030e2822635d23949f5010 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 6 Mar 2025 06:13:14 -0500 Subject: [PATCH 48/65] test sdist job --- .github/workflows/wheels.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 6c2101f7..a8e084df 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,5 +1,8 @@ name: Build Wheels for Python SDK on: + pull_request: + branches: + - main # Allow manual triggering of the workflow workflow_dispatch: inputs: From f7b1d8cccfed3d01bda0041ba535acee002cb4df Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 6 Mar 2025 06:15:37 -0500 Subject: [PATCH 49/65] install python dep for source distro --- .github/workflows/wheels.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index a8e084df..51351ccd 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -54,6 +54,8 @@ jobs: run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - uses: actions/checkout@v4 + - name: Install dependencies + run: pip install build pydantic pytest pytest-asyncio - name: Build source distribution run: python -m build --sdist From 3593dfba37138e90b06062b5612957c04eae1913 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 6 Mar 2025 06:19:04 -0500 Subject: [PATCH 50/65] clean up .yml file --- .github/workflows/wheels.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 51351ccd..8f735ebd 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,13 +1,9 @@ -name: Build Wheels for Python SDK +name: Release Builder on: - pull_request: - branches: - - main - # Allow manual triggering of the workflow workflow_dispatch: inputs: - build-wheels: - description: 'Do you want to build wheels for the Python SDK?' + build-release: + description: 'Do you want to build the release for the Python SDK (this includes the wheels + sdist)?' type: boolean default: false @@ -70,4 +66,4 @@ jobs: - uses: actions/upload-artifact@v4 with: name: onepassword-sdk-${{ env.SDK_VERSION }} - path: ./wheelhouse/*.tar.gz + path: ./dist/*.tar.gz From 212f8a6c33c0191137595d72feac6f6fd9e18f6a Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 6 Mar 2025 12:07:05 -0500 Subject: [PATCH 51/65] add publishing of pypi to workflow --- .github/workflows/wheels.yml | 44 ++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 8f735ebd..dd38ba4b 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,16 +1,16 @@ name: Release Builder on: - workflow_dispatch: - inputs: - build-release: - description: 'Do you want to build the release for the Python SDK (this includes the wheels + sdist)?' - type: boolean - default: false + pull_request: + branches: + - main + types: + - closed jobs: build_wheels: name: Build wheels for Python SDK on ${{ matrix.os }} runs-on: ${{ matrix.os }} + if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') strategy: matrix: # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner @@ -21,6 +21,10 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + + - name: Install cibuildwheel + run: | + python -m pip install cibuildwheel - name: Build wheels env: @@ -33,17 +37,18 @@ jobs: MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason Linux doesn't read the env variables correctly - - uses: pypa/cibuildwheel@v2.23.0 + run: | + python -m cibuildwheel --output-dir dist - uses: actions/upload-artifact@v4 with: name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }} - path: ./wheelhouse/*.whl + path: ./dist/*.whl build-sdist: name: Build source distribution for Python SDK runs-on: ubuntu-latest + if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') steps: # Need to grab the SDK version for the wheel name - name: Extract SDK Version @@ -67,3 +72,24 @@ jobs: with: name: onepassword-sdk-${{ env.SDK_VERSION }} path: ./dist/*.tar.gz + + publish-to-pypi: + name: Publish to PyPI + runs-on: ubuntu-latest + if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') + environment: + name: testpypi + url: https://pypi.org/p/ + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + needs: [build_wheels, build-sdist] + steps: + - uses: actions/download-artifact@v2 + with: + name: python-sdk-release + path: dist + + - name: Publish package distributions to TestPyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ From fa1c3ece8cf7ce8bde326766c29ec6fc85bb414b Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Sat, 8 Mar 2025 00:59:51 -0500 Subject: [PATCH 52/65] fix wheels to correctly build and publish wheels to pypi and add pyproject toml to fix wheel metadata and remove the need of version.py and replace with txt. Update scripts along with the change from .py to .txt --- .github/workflows/wheels.yml | 39 ++++++++++++++-------------- pyproject.toml | 33 +++++++++++++++++++++++ setup.py | 27 ------------------- src/release/scripts/build-wheels.sh | 4 +-- src/release/scripts/prep-release.sh | 11 ++++---- src/release/scripts/release.sh | 9 +------ src/release/templates/version.tpl.py | 1 - version.py | 1 - version.txt | 1 + 9 files changed, 60 insertions(+), 66 deletions(-) create mode 100644 pyproject.toml delete mode 100644 src/release/templates/version.tpl.py delete mode 100644 version.py create mode 100644 version.txt diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index dd38ba4b..b6bf2de9 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -20,7 +20,8 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version - run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV + run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" + shell: bash - name: Install cibuildwheel run: | @@ -34,7 +35,6 @@ jobs: CIBW_ARCHS: "native" CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" - MACOSX_DEPLOYMENT_TARGET: 11.0 # Required for building on macOS OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason Linux doesn't read the env variables correctly run: | @@ -50,23 +50,24 @@ jobs: runs-on: ubuntu-latest if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') steps: + - uses: actions/checkout@v4 # Need to grab the SDK version for the wheel name - name: Extract SDK Version - run: echo "SDK_VERSION=$(python -c 'import version; print(version.SDK_VERSION)')" >> $GITHUB_ENV - - - uses: actions/checkout@v4 + run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" + shell: bash + - name: Install dependencies - run: pip install build pydantic pytest pytest-asyncio + run: pip3 install build pydantic pytest pytest-asyncio - name: Build source distribution - run: python -m build --sdist + run: python3 -m build --sdist - name: Test Source Distribution env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} run: | - python -m pip install dist/*.tar.gz - python -m pytest src/onepassword/test_client.py + python3 -m pip install dist/*.tar.gz + python3 -m pytest src/onepassword/test_client.py - uses: actions/upload-artifact@v4 with: @@ -78,18 +79,16 @@ jobs: runs-on: ubuntu-latest if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') environment: - name: testpypi - url: https://pypi.org/p/ + name: pypi + url: https://pypi.org/project/onepassword-sdk/ permissions: - id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write # Required for PyPi trusted publishing needs: [build_wheels, build-sdist] steps: - - uses: actions/download-artifact@v2 - with: - name: python-sdk-release - path: dist - - - name: Publish package distributions to TestPyPI - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: actions/download-artifact@v4 with: - repository-url: https://test.pypi.org/legacy/ + pattern: onepassword-sdk-* + path: ./dist + merge-multiple: true + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1.12 diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 00000000..176de990 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,33 @@ +[build-system] +requires = ["setuptools>=66", "wheel"] +build-backend = "setuptools.build_meta" + +[project] +name = "onepassword-sdk" +dynamic = ["version"] +description = "The 1Password Python SDK offers programmatic read access to your secrets in 1Password in an interface native to Python." +authors = [{ name = "1Password" }] +license = { file = "LICENSE" } +readme = "README.md" +requires-python = ">=3.9" +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Operating System :: MacOS", + "Operating System :: POSIX :: Linux", + "Operating System :: Microsoft :: Windows", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "License :: OSI Approved :: MIT License", +] +dependencies = [ + "pydantic>=2.5", +] + +[project.urls] +Homepage = "https://github.com/1Password/onepassword-sdk-python" + +[tool.setuptools.dynamic] +version = {file = "./version.txt"} \ No newline at end of file diff --git a/setup.py b/setup.py index 7d251de4..da45642b 100644 --- a/setup.py +++ b/setup.py @@ -1,7 +1,5 @@ -from pathlib import Path from setuptools import setup, find_packages, Distribution from sysconfig import get_platform -from version import SDK_VERSION import platform import os @@ -49,36 +47,11 @@ def get_shared_library_data_to_include(): setup( - name="onepassword-sdk", - version=SDK_VERSION, - author="1Password", - long_description=(Path(__file__).parent / "README.md").read_text(), - long_description_content_type="text/markdown", - description="The 1Password Python SDK offers programmatic read access to your secrets in 1Password in an interface native to Python.", - url="https://github.com/1Password/onepassword-sdk-python", packages=find_packages( where="src", ), distclass=BinaryDistribution, - license="MIT", - license_files="LICENSE", package_dir={"": "src"}, - python_requires=">=3.9", - classifiers=[ - "Development Status :: 5 - Production/Stable", - "Operating System :: MacOS", - "Operating System :: POSIX :: Linux", - "Operating System :: Microsoft :: Windows", - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", - "Programming Language :: Python :: 3.12", - "Programming Language :: Python :: 3.13", - "License :: OSI Approved :: MIT License", - ], cmdclass={"bdist_wheel": bdist_wheel}, package_data={"": get_shared_library_data_to_include()}, - install_requires=[ - "pydantic>=2.5", # Minimum Pydantic version to run the Python SDK - ], ) diff --git a/src/release/scripts/build-wheels.sh b/src/release/scripts/build-wheels.sh index 484875d3..e11d0e89 100755 --- a/src/release/scripts/build-wheels.sh +++ b/src/release/scripts/build-wheels.sh @@ -2,8 +2,6 @@ # Helper script to build the required wheels for the Python SDK -output_version_file="version.py" - # The list of python verisons the SDKs release for python_versions=("$@") @@ -15,7 +13,7 @@ macOS_version_x86_64=10.9 macOS_version_arm64=11.0 # Extracts the current verison number for cleanup function -current_version=$(awk -F "['\"]" '/SDK_VERSION =/{print $2}' "$output_version_file") +current_version=$(cat version.txt) # Function to execute upon exit cleanup() { diff --git a/src/release/scripts/prep-release.sh b/src/release/scripts/prep-release.sh index 88e709d2..5318ed4f 100755 --- a/src/release/scripts/prep-release.sh +++ b/src/release/scripts/prep-release.sh @@ -2,21 +2,20 @@ # Helper script to prepare a release for the Python SDK. -output_version_file="version.py" +output_version_file="version.txt" output_build_file="src/onepassword/build_number.py" -version_template_file="src/release/templates/version.tpl.py" build_number_template_file="src/release/templates/build_number.tpl.py" # Extracts the current build/version number for comparison and backup -current_version=$(awk -F "['\"]" '/SDK_VERSION =/{print $2}' "$output_version_file") +current_version=$(cat "$output_version_file") current_build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "$output_build_file") # Function to execute upon exit cleanup() { echo "Performing cleanup tasks..." # Revert changes to file if any - sed -e "s/{{ version }}/$current_version/" "$version_template_file" > "$output_version_file" + echo -n "$current_version" > "$output_version_file" sed -e "s/{{ build }}/$current_build/" "$build_number_template_file" > "$output_build_file" exit 1 } @@ -86,8 +85,8 @@ update_and_validate_version # Update and validate the build number update_and_validate_build -# Update version & build number in version.py and build_number.py respectively -sed -e "s/{{ version }}/$version/" "$version_template_file" > "$output_version_file" +# Update version & build number in version.txt and build_number.py respectively +echo -n "$version" > "$output_version_file" sed -e "s/{{ build }}/$build/" "$build_number_template_file" > "$output_build_file" diff --git a/src/release/scripts/release.sh b/src/release/scripts/release.sh index 050c1489..688863b4 100755 --- a/src/release/scripts/release.sh +++ b/src/release/scripts/release.sh @@ -5,7 +5,7 @@ set -e # Read the contents of the files into variables -version=$(awk -F "['\"]" '/SDK_VERSION =/{print $2}' "version.py") +version=$(cat "version.txt") build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "src/onepassword/build_number.py") release_notes=$(< src/release/RELEASE-NOTES) @@ -27,10 +27,3 @@ git tag -a -s "v${version}" -m "${version}" git push origin tag "v${version}" gh release create "v${version}" --title "Release ${version}" --notes "${release_notes}" --repo github.com/1Password/onepassword-sdk-python - -# Release on PyPi -python3 -m twine upload dist/* - -# Delete the dist folder after published -rm -r dist src/*.egg-info - diff --git a/src/release/templates/version.tpl.py b/src/release/templates/version.tpl.py deleted file mode 100644 index 9c787be2..00000000 --- a/src/release/templates/version.tpl.py +++ /dev/null @@ -1 +0,0 @@ -SDK_VERSION = "{{ version }}" diff --git a/version.py b/version.py deleted file mode 100644 index f5ebd34f..00000000 --- a/version.py +++ /dev/null @@ -1 +0,0 @@ -SDK_VERSION = "0.2.0" diff --git a/version.txt b/version.txt new file mode 100644 index 00000000..341cf11f --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +0.2.0 \ No newline at end of file From 314cdc719ba6be66eec2281fb95ccfa83990e701 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Sat, 8 Mar 2025 01:01:13 -0500 Subject: [PATCH 53/65] add new line at EOF --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 176de990..0fccf23b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,4 +30,4 @@ dependencies = [ Homepage = "https://github.com/1Password/onepassword-sdk-python" [tool.setuptools.dynamic] -version = {file = "./version.txt"} \ No newline at end of file +version = {file = "./version.txt"} From a004bf25066149cda9b2b5957d0eaed9d679e248 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 3 Apr 2025 12:52:09 -0400 Subject: [PATCH 54/65] Add prep-release and release and update wheels according to fork of Python SDK --- .github/workflows/prep-release.yml | 57 ++++++++++++++++++++++++++++++ .github/workflows/release.yml | 29 +++++++++++++++ .github/workflows/wheels.yml | 27 ++++++++------ 3 files changed, 103 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/prep-release.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml new file mode 100644 index 00000000..9670cc38 --- /dev/null +++ b/.github/workflows/prep-release.yml @@ -0,0 +1,57 @@ +name: Prep Release + +on: + workflow_dispatch: + inputs: + version: + description: "Version number" + required: true + type: string + build_number: + description: "Build number " + required: true + type: string + release_notes: + description: "Release notes for the version" + required: true + type: string + +jobs: + prepare-release: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ + steps: + - name: Checkout the code + uses: actions/checkout@v4 + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + git_user_signingkey: true + git_commit_gpgsign: true + git_tag_gpgsign: true + - name: Setup Git User + run: | + git config --global user.email "${{ steps.import-gpg.outputs.email }}" + git config --global user.name "${{ steps.import-gpg.outputs.name }}" + + - name: Parse and Validate Inputs + id: get_inputs + run: | + # Get inputs passed to the workflow + VERSION="${{ github.event.inputs.version }}" + BUILD_NUMBER="${{ github.event.inputs.build_number }}" + echo -e "${{ github.event.inputs.RELEASE_NOTES }}" > src/release/RELEASE-NOTES + + # Save the parsed values for future steps + echo "VERSION=$VERSION" >> $GITHUB_ENV + echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV + shell: bash + + - name: Run the Prep Release Script + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER" + shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..deae2581 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,29 @@ +name: Release SDK + +on: + workflow_dispatch: + +jobs: + Release-SDK: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ + steps: + - name: Checkout the code + uses: actions/checkout@v4 + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + git_user_signingkey: true + git_commit_gpgsign: true + git_tag_gpgsign: true + - name: Setup Git User + run: | + git config --global user.email "${{ steps.import-gpg.outputs.email }}" + git config --global user.name "${{ steps.import-gpg.outputs.name }}" + + - name: Run the Release Script + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: make release + shell: bash diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index b6bf2de9..26452acd 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -1,4 +1,4 @@ -name: Release Builder +name: Wheels Builder and Publisher on: pull_request: branches: @@ -12,17 +12,21 @@ jobs: runs-on: ${{ matrix.os }} if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') strategy: - matrix: - # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner + fail-fast: false + matrix: + # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] steps: - uses: actions/checkout@v4 + - name: Upgrade build dependencies + run: python -m pip install --upgrade pip setuptools wheel + # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" shell: bash - + - name: Install cibuildwheel run: | python -m pip install cibuildwheel @@ -33,10 +37,13 @@ jobs: CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" CIBW_ARCHS: "native" + CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" + CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" + MACOSX_DEPLOYMENT_TARGET: "12.0" CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # to pass in the SA token, for some reason Linux doesn't read the env variables correctly + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command run: | python -m cibuildwheel --output-dir dist @@ -55,13 +62,13 @@ jobs: - name: Extract SDK Version run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" shell: bash - + - name: Install dependencies run: pip3 install build pydantic pytest pytest-asyncio - name: Build source distribution run: python3 -m build --sdist - + - name: Test Source Distribution env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} @@ -73,7 +80,7 @@ jobs: with: name: onepassword-sdk-${{ env.SDK_VERSION }} path: ./dist/*.tar.gz - + publish-to-pypi: name: Publish to PyPI runs-on: ubuntu-latest @@ -82,7 +89,7 @@ jobs: name: pypi url: https://pypi.org/project/onepassword-sdk/ permissions: - id-token: write # Required for PyPi trusted publishing + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing needs: [build_wheels, build-sdist] steps: - uses: actions/download-artifact@v4 @@ -90,5 +97,5 @@ jobs: pattern: onepassword-sdk-* path: ./dist merge-multiple: true - - name: Publish package distributions to PyPI + - name: Publish package distributions to PyPi uses: pypa/gh-action-pypi-publish@release/v1.12 From 43548d18d33d26c930cd533b01f58306083b98ad Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 3 Apr 2025 16:55:43 -0400 Subject: [PATCH 55/65] remove release notes and add comments --- .github/workflows/prep-release.yml | 9 ++------- .github/workflows/wheels.yml | 2 +- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index 9670cc38..df151882 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -4,15 +4,11 @@ on: workflow_dispatch: inputs: version: - description: "Version number" + description: "Version number:" required: true type: string build_number: - description: "Build number " - required: true - type: string - release_notes: - description: "Release notes for the version" + description: "Build number:" required: true type: string @@ -42,7 +38,6 @@ jobs: # Get inputs passed to the workflow VERSION="${{ github.event.inputs.version }}" BUILD_NUMBER="${{ github.event.inputs.build_number }}" - echo -e "${{ github.event.inputs.RELEASE_NOTES }}" > src/release/RELEASE-NOTES # Save the parsed values for future steps echo "VERSION=$VERSION" >> $GITHUB_ENV diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 26452acd..2f225c58 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -36,7 +36,7 @@ jobs: CIBW_SKIP: pp* *-musllinux_* CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" - CIBW_ARCHS: "native" + CIBW_ARCHS: "native" # Equivalent to python's platform.machine() CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" From 5750b309b654a51acce2c5cda1d77ed3ffdaab14 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 3 Apr 2025 17:12:26 -0400 Subject: [PATCH 56/65] remove unnecessary c omments --- .github/workflows/wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 2f225c58..2a152fec 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -58,7 +58,7 @@ jobs: if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') steps: - uses: actions/checkout@v4 - # Need to grab the SDK version for the wheel name + - name: Extract SDK Version run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" shell: bash From 95c3aee674c400e340dd86516339011865a02a66 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Fri, 4 Apr 2025 09:35:17 -0400 Subject: [PATCH 57/65] update setting up git user to use person who commited to be the one who owns the commit --- .github/workflows/prep-release.yml | 5 +++-- .github/workflows/release.yml | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index df151882..a91da9fe 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -27,10 +27,11 @@ jobs: git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true + - name: Setup Git User run: | - git config --global user.email "${{ steps.import-gpg.outputs.email }}" - git config --global user.name "${{ steps.import-gpg.outputs.name }}" + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Parse and Validate Inputs id: get_inputs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index deae2581..c7aceb35 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,8 @@ jobs: git_tag_gpgsign: true - name: Setup Git User run: | - git config --global user.email "${{ steps.import-gpg.outputs.email }}" - git config --global user.name "${{ steps.import-gpg.outputs.name }}" + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run the Release Script env: From 0a8e17a317b4c08efa6874ebe3eccc13c7097f27 Mon Sep 17 00:00:00 2001 From: Mohammed Omar Miraj <103403052+MOmarMiraj@users.noreply.github.com> Date: Thu, 8 May 2025 21:04:19 -0400 Subject: [PATCH 58/65] Apply suggestions from code review fix nits Co-authored-by: Eduard Filip --- .github/workflows/release.yml | 2 +- .github/workflows/wheels.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7aceb35..eafc49ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: jobs: - Release-SDK: + release-sdk: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ steps: diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 2a152fec..b9573509 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -21,7 +21,6 @@ jobs: - name: Upgrade build dependencies run: python -m pip install --upgrade pip setuptools wheel - # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" From c63f59bd3fd7a72829d534078542db59a4299b00 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Thu, 8 May 2025 23:00:00 -0400 Subject: [PATCH 59/65] Clean up files and change version.txt to .VERSION --- .VERSION | 1 + .github/workflows/wheels.yml | 10 +++++----- pyproject.toml | 2 +- src/release/scripts/build-wheels.sh | 6 +++--- src/release/scripts/prep-release.sh | 16 ++++++++-------- src/release/scripts/release.sh | 2 +- version.txt | 1 - 7 files changed, 19 insertions(+), 19 deletions(-) create mode 100644 .VERSION delete mode 100644 version.txt diff --git a/.VERSION b/.VERSION new file mode 100644 index 00000000..a2268e2d --- /dev/null +++ b/.VERSION @@ -0,0 +1 @@ +0.3.1 \ No newline at end of file diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index b9573509..c6f9c4b1 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -10,7 +10,7 @@ jobs: build_wheels: name: Build wheels for Python SDK on ${{ matrix.os }} runs-on: ${{ matrix.os }} - if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') strategy: fail-fast: false matrix: @@ -23,7 +23,7 @@ jobs: # Need to grab the SDK version for the wheel name - name: Extract SDK Version - run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" + run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" shell: bash - name: Install cibuildwheel @@ -54,12 +54,12 @@ jobs: build-sdist: name: Build source distribution for Python SDK runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') steps: - uses: actions/checkout@v4 - name: Extract SDK Version - run: echo "SDK_VERSION=$(cat version.txt)" >> "$GITHUB_ENV" + run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" shell: bash - name: Install dependencies @@ -83,7 +83,7 @@ jobs: publish-to-pypi: name: Publish to PyPI runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && contains(github.event.pull_request.head.ref, 'sdk-core/') + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') environment: name: pypi url: https://pypi.org/project/onepassword-sdk/ diff --git a/pyproject.toml b/pyproject.toml index 0fccf23b..43d85305 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,4 +30,4 @@ dependencies = [ Homepage = "https://github.com/1Password/onepassword-sdk-python" [tool.setuptools.dynamic] -version = {file = "./version.txt"} +version = {file = "./.VERSION"} diff --git a/src/release/scripts/build-wheels.sh b/src/release/scripts/build-wheels.sh index e11d0e89..ef2f25d9 100755 --- a/src/release/scripts/build-wheels.sh +++ b/src/release/scripts/build-wheels.sh @@ -13,14 +13,14 @@ macOS_version_x86_64=10.9 macOS_version_arm64=11.0 # Extracts the current verison number for cleanup function -current_version=$(cat version.txt) +current_version=$(cat .VERSION) # Function to execute upon exit cleanup() { echo "Performing cleanup tasks..." # Remove dist and egg-info and the potential release candidate if created rm -r dist src/*.egg-info/ onepassword_sdk-"${current_version}" - exit 1 + exit 1 } # Set the trap to call the cleanup function on exit @@ -42,7 +42,7 @@ build_wheels() { export PYTHON_OS_PLATFORM=$os_platform export PYTHON_MACHINE_PLATFORM=$machine_platform - case "$os_platform" in + case "$os_platform" in Darwin) macos_version= # Min MacOS version for Python 3.13+ is 10.13 diff --git a/src/release/scripts/prep-release.sh b/src/release/scripts/prep-release.sh index 5318ed4f..89ccc08f 100755 --- a/src/release/scripts/prep-release.sh +++ b/src/release/scripts/prep-release.sh @@ -2,12 +2,12 @@ # Helper script to prepare a release for the Python SDK. -output_version_file="version.txt" +output_version_file=".VERSION" output_build_file="src/onepassword/build_number.py" build_number_template_file="src/release/templates/build_number.tpl.py" -# Extracts the current build/version number for comparison and backup +# Extracts the current build/version number for comparison and backup current_version=$(cat "$output_version_file") current_build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "$output_build_file") @@ -17,7 +17,7 @@ cleanup() { # Revert changes to file if any echo -n "$current_version" > "$output_version_file" sed -e "s/{{ build }}/$current_build/" "$build_number_template_file" > "$output_build_file" - exit 1 + exit 1 } # Set the trap to call the cleanup function on exit @@ -38,14 +38,14 @@ update_and_validate_version() { read -p "Enter the version number (format: x.y.z(-beta.w)): " version # Validate the version number format - if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then + if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then if [[ "${current_version}" != "${version}" ]]; then # TODO: Check the less than case as well. echo "New version number is: ${version}" return 0 else echo "Version hasn't changed." - fi + fi else echo "Invalid version number format: ${version}" echo "Please enter a version number in the 'x.y.z(-beta.w)' format." @@ -54,7 +54,7 @@ update_and_validate_version() { } # Function to validate the build number format. -# SEMVER Format: Mmmppbb - 7 Digits +# SEMVER Format: Mmmppbb - 7 Digits update_and_validate_build() { while true; do # Prompt the user to input the build number @@ -83,9 +83,9 @@ enforce_latest_code update_and_validate_version # Update and validate the build number -update_and_validate_build +update_and_validate_build -# Update version & build number in version.txt and build_number.py respectively +# Update version & build number in .VERSION and build_number.py respectively echo -n "$version" > "$output_version_file" sed -e "s/{{ build }}/$build/" "$build_number_template_file" > "$output_build_file" diff --git a/src/release/scripts/release.sh b/src/release/scripts/release.sh index 688863b4..e0952a7a 100755 --- a/src/release/scripts/release.sh +++ b/src/release/scripts/release.sh @@ -5,7 +5,7 @@ set -e # Read the contents of the files into variables -version=$(cat "version.txt") +version=$(cat ".VERSION") build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "src/onepassword/build_number.py") release_notes=$(< src/release/RELEASE-NOTES) diff --git a/version.txt b/version.txt deleted file mode 100644 index 341cf11f..00000000 --- a/version.txt +++ /dev/null @@ -1 +0,0 @@ -0.2.0 \ No newline at end of file From 6891a341117166a8973f8514c1469615e96c532a Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Fri, 9 May 2025 10:38:14 -0400 Subject: [PATCH 60/65] remove wheels.yml and add building+publishing to release --- .github/workflows/prep-release.yml | 5 -- .github/workflows/release.yml | 96 +++++++++++++++++++++++++-- .github/workflows/wheels.yml | 100 ----------------------------- 3 files changed, 92 insertions(+), 109 deletions(-) delete mode 100644 .github/workflows/wheels.yml diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index a91da9fe..342fec17 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -28,11 +28,6 @@ jobs: git_commit_gpgsign: true git_tag_gpgsign: true - - name: Setup Git User - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Parse and Validate Inputs id: get_inputs run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eafc49ac..9b2b29e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,79 @@ on: workflow_dispatch: jobs: + build_wheels: + name: Build wheels for Python SDK on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + if: startsWith(github.ref, 'refs/heads/sdk-core/') + strategy: + fail-fast: false + matrix: + # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner + os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] + steps: + - uses: actions/checkout@v4 + - name: Upgrade build dependencies + run: python -m pip install --upgrade pip setuptools wheel + + # Need to grab the SDK version for the wheel name + - name: Extract SDK Version + run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" + shell: bash + + - name: Install cibuildwheel + run: | + python -m pip install cibuildwheel + + - name: Build wheels + env: + CIBW_SKIP: pp* *-musllinux_* + CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" + CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" + CIBW_ARCHS: "native" # Equivalent to python's platform.machine() + CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" + CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" + CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" + MACOSX_DEPLOYMENT_TARGET: "12.0" + CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command + run: | + python -m cibuildwheel --output-dir dist + + - uses: actions/upload-artifact@v4 + with: + name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }} + path: ./dist/*.whl + + build-sdist: + name: Build source distribution for Python SDK + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/sdk-core/') + steps: + - uses: actions/checkout@v4 + + - name: Extract SDK Version + run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" + shell: bash + + - name: Install dependencies + run: pip3 install build pydantic pytest pytest-asyncio + + - name: Build source distribution + run: python3 -m build --sdist + + - name: Test Source Distribution + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} + run: | + python3 -m pip install dist/*.tar.gz + python3 -m pytest src/onepassword/test_client.py + + - uses: actions/upload-artifact@v4 + with: + name: onepassword-sdk-${{ env.SDK_VERSION }} + path: ./dist/*.tar.gz + release-sdk: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ @@ -17,13 +90,28 @@ jobs: git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - - name: Setup Git User - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run the Release Script env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: make release shell: bash + + publish-to-pypi: + name: Publish to PyPI + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/sdk-core/') + environment: + name: pypi + url: https://pypi.org/project/onepassword-sdk/ + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + needs: [build_wheels, build-sdist] + steps: + - uses: actions/download-artifact@v4 + with: + pattern: onepassword-sdk-* + path: ./dist + merge-multiple: true + - name: Publish package distributions to PyPi + uses: pypa/gh-action-pypi-publish@release/v1.12 diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml deleted file mode 100644 index c6f9c4b1..00000000 --- a/.github/workflows/wheels.yml +++ /dev/null @@ -1,100 +0,0 @@ -name: Wheels Builder and Publisher -on: - pull_request: - branches: - - main - types: - - closed - -jobs: - build_wheels: - name: Build wheels for Python SDK on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') - strategy: - fail-fast: false - matrix: - # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner - os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] - steps: - - uses: actions/checkout@v4 - - name: Upgrade build dependencies - run: python -m pip install --upgrade pip setuptools wheel - - # Need to grab the SDK version for the wheel name - - name: Extract SDK Version - run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" - shell: bash - - - name: Install cibuildwheel - run: | - python -m pip install cibuildwheel - - - name: Build wheels - env: - CIBW_SKIP: pp* *-musllinux_* - CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" - CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" - CIBW_ARCHS: "native" # Equivalent to python's platform.machine() - CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" - CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" - CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" - MACOSX_DEPLOYMENT_TARGET: "12.0" - CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command - run: | - python -m cibuildwheel --output-dir dist - - - uses: actions/upload-artifact@v4 - with: - name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }} - path: ./dist/*.whl - - build-sdist: - name: Build source distribution for Python SDK - runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') - steps: - - uses: actions/checkout@v4 - - - name: Extract SDK Version - run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" - shell: bash - - - name: Install dependencies - run: pip3 install build pydantic pytest pytest-asyncio - - - name: Build source distribution - run: python3 -m build --sdist - - - name: Test Source Distribution - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - run: | - python3 -m pip install dist/*.tar.gz - python3 -m pytest src/onepassword/test_client.py - - - uses: actions/upload-artifact@v4 - with: - name: onepassword-sdk-${{ env.SDK_VERSION }} - path: ./dist/*.tar.gz - - publish-to-pypi: - name: Publish to PyPI - runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'sdk-core/') - environment: - name: pypi - url: https://pypi.org/project/onepassword-sdk/ - permissions: - id-token: write # IMPORTANT: this permission is mandatory for trusted publishing - needs: [build_wheels, build-sdist] - steps: - - uses: actions/download-artifact@v4 - with: - pattern: onepassword-sdk-* - path: ./dist - merge-multiple: true - - name: Publish package distributions to PyPi - uses: pypa/gh-action-pypi-publish@release/v1.12 From 62c6f613922f06d200bdc275d519511871491925 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Fri, 9 May 2025 10:49:26 -0400 Subject: [PATCH 61/65] add passphrase and token env variables for signing commits --- .github/workflows/prep-release.yml | 3 +++ .github/workflows/release.yml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index 342fec17..d8310bbe 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -19,11 +19,14 @@ jobs: steps: - name: Checkout the code uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT }} - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9b2b29e9..30989417 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -83,10 +83,14 @@ jobs: steps: - name: Checkout the code uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT }} + - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true From 2e6d5e5acf26b8ffaf7c35a08babab838254bdc1 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Mon, 12 May 2025 18:26:26 -0400 Subject: [PATCH 62/65] Remove prep release action and combine it with the release action and update the logic as well as update the release readme. --- .github/workflows/prep-release.yml | 51 ------------------------ .github/workflows/release.yml | 64 ++++++++++++++++++++++++++---- src/release/README.md | 14 ++++++- 3 files changed, 69 insertions(+), 60 deletions(-) delete mode 100644 .github/workflows/prep-release.yml diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml deleted file mode 100644 index d8310bbe..00000000 --- a/.github/workflows/prep-release.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Prep Release - -on: - workflow_dispatch: - inputs: - version: - description: "Version number:" - required: true - type: string - build_number: - description: "Build number:" - required: true - type: string - -jobs: - prepare-release: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ - steps: - - name: Checkout the code - uses: actions/checkout@v4 - with: - token: ${{ secrets.PAT }} - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.PASSPHRASE }} - git_user_signingkey: true - git_commit_gpgsign: true - git_tag_gpgsign: true - - - name: Parse and Validate Inputs - id: get_inputs - run: | - # Get inputs passed to the workflow - VERSION="${{ github.event.inputs.version }}" - BUILD_NUMBER="${{ github.event.inputs.build_number }}" - - # Save the parsed values for future steps - echo "VERSION=$VERSION" >> $GITHUB_ENV - echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV - shell: bash - - - name: Run the Prep Release Script - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER" - shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 30989417..ebe58225 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,13 +1,56 @@ -name: Release SDK +name: Release Python SDKs on: workflow_dispatch: + inputs: + version: + description: "Version number" + required: true + type: string + build_number: + description: "Build number " + required: true + type: string jobs: - build_wheels: + prepare-release: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ + steps: + - name: Checkout the code + uses: actions/checkout@v4 + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Parse and Validate Inputs + run: | + # Get inputs passed to the workflow + VERSION="${{ github.event.inputs.version }}" + BUILD_NUMBER="${{ github.event.inputs.build_number }}" + + # Save the parsed values for future steps + echo "VERSION=$VERSION" >> $GITHUB_ENV + echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV + shell: bash + + - name: Run the Prep Release Script + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER" + shell: bash + + build-wheels: name: Build wheels for Python SDK on ${{ matrix.os }} runs-on: ${{ matrix.os }} if: startsWith(github.ref, 'refs/heads/sdk-core/') + needs: [prepare-release] strategy: fail-fast: false matrix: @@ -15,6 +58,9 @@ jobs: os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14] steps: - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + - name: Upgrade build dependencies run: python -m pip install --upgrade pip setuptools wheel @@ -32,7 +78,7 @@ jobs: CIBW_SKIP: pp* *-musllinux_* CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" - CIBW_ARCHS: "native" # Equivalent to python's platform.machine() + CIBW_ARCHS: "native" CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" @@ -52,9 +98,12 @@ jobs: name: Build source distribution for Python SDK runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') + needs: [prepare-release] steps: - uses: actions/checkout@v4 - + with: + ref: ${{ github.ref }} + # Need to grab the SDK version for the wheel name - name: Extract SDK Version run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV" shell: bash @@ -77,14 +126,15 @@ jobs: name: onepassword-sdk-${{ env.SDK_VERSION }} path: ./dist/*.tar.gz - release-sdk: + Release-SDK: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ + needs: [build-wheels, build-sdist] steps: - name: Checkout the code uses: actions/checkout@v4 with: - token: ${{ secrets.PAT }} + ref: ${{ github.ref }} - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 @@ -110,7 +160,7 @@ jobs: url: https://pypi.org/project/onepassword-sdk/ permissions: id-token: write # IMPORTANT: this permission is mandatory for trusted publishing - needs: [build_wheels, build-sdist] + needs: [Release-SDK] steps: - uses: actions/download-artifact@v4 with: diff --git a/src/release/README.md b/src/release/README.md index 8c6d4683..b7e07c7a 100644 --- a/src/release/README.md +++ b/src/release/README.md @@ -1,5 +1,15 @@ -## How to Prepare a Release for the Python SDK +# How to Release the Python SDK +## Release off an Release Candidate Branch in Github Actions +To release the Python SDK via Github Action, you must do the following: +1. SDK core opens a new PR with the latest generated code and latest core. This branch should start off with `sdk-core/...` +2. Add the release notes for the RC as well as update the examples if needed. +3. Run the `Release Python SDKs` action and input the correct build and version number while referencing the RC branch. +4. After the action is completed, the Python SDK is released on Github and PyPi, you can merge the PR branch. + +If the Github Action isn't working, you can follow the manual steps below to release the Python SDK. + +## Manual Steps to release a Python SDK Before running this script, the user must make sure that they have the write permissions to the Python SDK repository. Run this make command to install all dependencies required for the Python SDK release process. @@ -10,7 +20,7 @@ release/install-dependencies Step 1. Make any changes to the SDK as required on a feature branch or main branch. NOTE: If ran on a main branch, a release branch will be created. -Step 2. Go to the root of the repo and run +Step 2. Go to the root of the repo and run ``` make prep-release ``` From 1debd813f13db711a3ee012994b32dd38e7e44c6 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 20 May 2025 13:54:46 -0400 Subject: [PATCH 63/65] add new line at EOF of version file and fix script to trim it. Address nits in release github --- .VERSION | 2 +- .github/workflows/release.yml | 32 ++++++++++++++--------------- src/release/scripts/prep-release.sh | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.VERSION b/.VERSION index a2268e2d..9e11b32f 100644 --- a/.VERSION +++ b/.VERSION @@ -1 +1 @@ -0.3.1 \ No newline at end of file +0.3.1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ebe58225..d446e753 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,11 +4,11 @@ on: workflow_dispatch: inputs: version: - description: "Version number" + description: "New version for the SDKs in the format of M.m.p" required: true type: string build_number: - description: "Build number " + description: "New build number for the SDKs in the format of Mmmppbb " required: true type: string @@ -16,6 +16,9 @@ jobs: prepare-release: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ + env: + VERSION: ${{ github.event.inputs.version }} + BUILD_NUMBER: ${{ github.event.inputs.build_number }} steps: - name: Checkout the code uses: actions/checkout@v4 @@ -28,22 +31,11 @@ jobs: git_user_signingkey: true git_commit_gpgsign: true - - name: Parse and Validate Inputs - run: | - # Get inputs passed to the workflow - VERSION="${{ github.event.inputs.version }}" - BUILD_NUMBER="${{ github.event.inputs.build_number }}" - - # Save the parsed values for future steps - echo "VERSION=$VERSION" >> $GITHUB_ENV - echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV - shell: bash - - name: Run the Prep Release Script env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER" + make prep-release VERSION="{{ env.SDK_VERSION }}" BUILD_NUMBER="{{ env.SDK_BUILD_NUMBER }}" shell: bash build-wheels: @@ -52,6 +44,7 @@ jobs: if: startsWith(github.ref, 'refs/heads/sdk-core/') needs: [prepare-release] strategy: + # we don't want all of them failing if one fails fail-fast: false matrix: # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner @@ -75,17 +68,24 @@ jobs: - name: Build wheels env: + # Skip all the unneeded images like PyPy and musllinux images CIBW_SKIP: pp* *-musllinux_* + # Set the manylinux X86_64/aarch64 image to this specific 2.34 image CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64" CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64" + # Set the wheel to the native archtiecture (output of platform.machine() which we use in the setup.py script) CIBW_ARCHS: "native" + # Windows reparing of wheels are not supported so manually install it. CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel" CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}" + # Dependencies required for testing each wheel CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio" + # The minimum MacOS version for darwin wheels (matches OPH) MACOSX_DEPLOYMENT_TARGET: "12.0" + # The command to test every wheel CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py" - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} - CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command + # Pass the service account token in all wheel buildings for testing of the wheels. + CIBW_ENVIRONMENT: OP_SERVICE_ACCOUNT_TOKEN=${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }} run: | python -m cibuildwheel --output-dir dist diff --git a/src/release/scripts/prep-release.sh b/src/release/scripts/prep-release.sh index 89ccc08f..76c92047 100755 --- a/src/release/scripts/prep-release.sh +++ b/src/release/scripts/prep-release.sh @@ -8,8 +8,8 @@ build_number_template_file="src/release/templates/build_number.tpl.py" # Extracts the current build/version number for comparison and backup -current_version=$(cat "$output_version_file") -current_build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "$output_build_file") +current_version=$(cat "$output_version_file" | tr -d '[:space:]') +current_build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "$output_build_file" | tr -d '[:space:]') # Function to execute upon exit cleanup() { From 6b1d7ebf82d60f29050fac4a23020ab203fa8066 Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 20 May 2025 14:49:10 -0400 Subject: [PATCH 64/65] fail prep release if on CI to avoid inf loop --- .github/workflows/release.yml | 7 ++++--- src/release/scripts/prep-release.sh | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d446e753..b5863fd3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,8 +17,8 @@ jobs: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/ env: - VERSION: ${{ github.event.inputs.version }} - BUILD_NUMBER: ${{ github.event.inputs.build_number }} + SDK_VERSION: ${{ github.event.inputs.version }} + SDK_BUILD_NUMBER: ${{ github.event.inputs.build_number }} steps: - name: Checkout the code uses: actions/checkout@v4 @@ -34,8 +34,9 @@ jobs: - name: Run the Prep Release Script env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SDK_CI: 1 run: | - make prep-release VERSION="{{ env.SDK_VERSION }}" BUILD_NUMBER="{{ env.SDK_BUILD_NUMBER }}" + make prep-release VERSION=${{ env.SDK_VERSION }} BUILD_NUMBER=${{ env.SDK_BUILD_NUMBER }} shell: bash build-wheels: diff --git a/src/release/scripts/prep-release.sh b/src/release/scripts/prep-release.sh index 76c92047..f85f81f0 100755 --- a/src/release/scripts/prep-release.sh +++ b/src/release/scripts/prep-release.sh @@ -50,6 +50,10 @@ update_and_validate_version() { echo "Invalid version number format: ${version}" echo "Please enter a version number in the 'x.y.z(-beta.w)' format." fi + # If running in CI, exit immediately + if [[ -n "${SDK_CI}" ]]; then + exit 1 + fi done } @@ -73,6 +77,10 @@ update_and_validate_build() { echo "Invalid build number format: ${build}" echo "Please enter a build number in the 'Mmmppbb' format." fi + # If running in CI, exit immediately + if [[ -n "${SDK_CI}" ]]; then + exit 1 + fi done } From 4699a2ed84dee9391c81ba1dda34d4cef82a0bed Mon Sep 17 00:00:00 2001 From: Omar Miraj Date: Tue, 20 May 2025 15:10:00 -0400 Subject: [PATCH 65/65] update wheels script to match CI/CD incase of error --- src/release/scripts/build-wheels.sh | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/src/release/scripts/build-wheels.sh b/src/release/scripts/build-wheels.sh index ef2f25d9..4d1e5a7b 100755 --- a/src/release/scripts/build-wheels.sh +++ b/src/release/scripts/build-wheels.sh @@ -6,11 +6,7 @@ python_versions=("$@") # Minimum glibc version we support -glibc_version=2-32 - -# These versions are being supported due to the SDKs supporting Python 3.9+ -macOS_version_x86_64=10.9 -macOS_version_arm64=11.0 +glibc_version=2-34 # Extracts the current verison number for cleanup function current_version=$(cat .VERSION) @@ -44,21 +40,7 @@ build_wheels() { case "$os_platform" in Darwin) - macos_version= - # Min MacOS version for Python 3.13+ is 10.13 - python_version=$(pyenv exec python3 --version 2>&1) - - if [[ "$machine_platform" == "x86_64" ]]; then - if [[ "$python_version" == "Python 3.13"* ]]; then - macos_version="10.13" - else - macos_version=$macOS_version_x86_64 - fi - else - macos_version=$macOS_version_arm64 - fi - - export _PYTHON_HOST_PLATFORM="macosx-${macos_version}-${PYTHON_MACHINE_PLATFORM}" + export _PYTHON_HOST_PLATFORM="macosx-12.0-${PYTHON_MACHINE_PLATFORM}" ;; Linux) export _PYTHON_HOST_PLATFORM="manylinux-${glibc_version}-${PYTHON_MACHINE_PLATFORM}"