Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-91172: Create a workflow for verifying bundled pip and setuptools#31885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
ambv merged 33 commits intopython:mainfromillia-v:bpo-47016
Jun 22, 2022
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
Show all changes
33 commits
Select commitHold shift + click to select a range
e4a8faf
bpo-47016: Create a workflow for verifying bundled pip and setuptools
illia-vMar 14, 2022
a57cd3a
Corrupt the bundled pip wheel to test the new workflow
illia-vMar 14, 2022
dcba624
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-vMar 14, 2022
08a1043
Fix naming style of the new workflow
illia-vMar 14, 2022
6edd10f
Allow manual triggering the new workflow
illia-vMar 14, 2022
6f0d809
Bump actions/checkout to v3
illia-vMar 15, 2022
809e4db
Create a separate script for verifying bundled wheels
illia-vMar 15, 2022
e46f87d
Corrupt the bundled pip wheel to test the new workflow
illia-vMar 14, 2022
594644b
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-vMar 14, 2022
a35673b
Rename the workflow file
illia-vMar 15, 2022
c82810c
Merge branch 'main' into bpo-47016
illia-vJun 6, 2022
5210374
Add verify-ensurepip-wheels.py
AA-TurnerJun 6, 2022
7d44bbf
Update verify-bundled-wheels.yml
AA-TurnerJun 6, 2022
633881d
Make workflow permissions explicit
illia-vJun 6, 2022
40ff278
Add shebang and file mode permissions for unix users
AA-TurnerJun 6, 2022
685c388
git mv verify-ensurepip-wheels verify_ensurepip_wheels
AA-TurnerJun 6, 2022
a2e7cd4
git mv verify-bundled-wheels verify-ensurepip-wheels
AA-TurnerJun 6, 2022
d6a355d
Address review
AA-TurnerJun 6, 2022
a27b7bc
Merge remote-tracking branch 'illia-v/bpo-47016' into bpo-47016
AA-TurnerJun 6, 2022
5acf921
Merge pull request #1 from AA-Turner/bpo-47016
illia-vJun 7, 2022
7122121
Delete the shell script
illia-vJun 7, 2022
e1b276a
Mention Adam Turner in the news entry
illia-vJun 7, 2022
6492602
Corrupt the bundled pip wheel to test the updated workflow
illia-vJun 7, 2022
6625719
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-vJun 7, 2022
0226c29
Refactor the script to fix the test
illia-vJun 7, 2022
26cba98
Refactor the script even more
illia-vJun 8, 2022
0d3dfaf
Make `GITHUB_ACTIONS` a boolean
illia-vJun 17, 2022
fe4c423
Stop using `actions/setup-python`
illia-vJun 17, 2022
6786960
Corrupt the bundled pip wheel to test the updated workflow
illia-vJun 7, 2022
01d3386
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-vJun 7, 2022
7e283c3
Make changes to more files invoke the workflow
illia-vJun 20, 2022
a74629c
Make the workflow use `actions/setup-python` again
illia-vJun 20, 2022
66a91ac
Merge branch 'main' into bpo-47016
illia-vJun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions.github/workflows/verify-ensurepip-wheels.yml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
name: Verify bundled pip and setuptools

on:
workflow_dispatch:
push:
paths:
- 'Lib/ensurepip/_bundled/**'
- '.github/workflows/verify-ensurepip-wheels.yml'
- 'Tools/scripts/verify_ensurepip_wheels.py'
pull_request:
paths:
- 'Lib/ensurepip/_bundled/**'
- '.github/workflows/verify-ensurepip-wheels.yml'
- 'Tools/scripts/verify_ensurepip_wheels.py'

permissions:
contents: read

jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3'
- name: Compare checksums of bundled pip and setuptools to ones published on PyPI
run: ./Tools/scripts/verify_ensurepip_wheels.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
Create a GitHub Actions workflow for verifying bundled pip and setuptools.
Patch by Illia Volochii and Adam Turner.
98 changes: 98 additions & 0 deletionsTools/scripts/verify_ensurepip_wheels.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
#! /usr/bin/env python3

"""
Compare checksums for wheels in :mod:`ensurepip` against the Cheeseshop.

When GitHub Actions executes the script, output is formatted accordingly.
https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-a-notice-message
"""

import hashlib
import json
import os
import re
from pathlib import Path
from urllib.request import urlopen

PACKAGE_NAMES = ("pip", "setuptools")
ENSURE_PIP_ROOT = Path(__file__).parent.parent.parent / "Lib/ensurepip"
WHEEL_DIR = ENSURE_PIP_ROOT / "_bundled"
ENSURE_PIP_INIT_PY_TEXT = (ENSURE_PIP_ROOT / "__init__.py").read_text(encoding="utf-8")
GITHUB_ACTIONS = os.getenv("GITHUB_ACTIONS") == "true"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

A simpler check:

Suggested change
GITHUB_ACTIONS=os.getenv("GITHUB_ACTIONS")=="true"
GITHUB_ACTIONS="GITHUB_ACTIONS"inos.environ



def print_notice(file_path: str, message: str) -> None:
if GITHUB_ACTIONS:
message = f"::notice file={file_path}::{message}"
print(message, end="\n\n")


def print_error(file_path: str, message: str) -> None:
if GITHUB_ACTIONS:
message = f"::error file={file_path}::{message}"
print(message, end="\n\n")


def verify_wheel(package_name: str) -> bool:
# Find the package on disk
package_path = next(WHEEL_DIR.glob(f"{package_name}*.whl"), None)
if not package_path:
print_error("", f"Could not find a {package_name} wheel on disk.")
return False

print(f"Verifying checksum for {package_path}.")

# Find the version of the package used by ensurepip
package_version_match = re.search(
f'_{package_name.upper()}_VERSION = "([^"]+)', ENSURE_PIP_INIT_PY_TEXT
)
if not package_version_match:
print_error(
package_path,
f"No {package_name} version found in Lib/ensurepip/__init__.py.",
)
return False
package_version = package_version_match[1]

# Get the SHA 256 digest from the Cheeseshop
try:
raw_text = urlopen(f"https://pypi.org/pypi/{package_name}/json").read()
except (OSError, ValueError):
print_error(package_path, f"Could not fetch JSON metadata for {package_name}.")
return False

release_files = json.loads(raw_text)["releases"][package_version]
for release_info in release_files:
if package_path.name != release_info["filename"]:
continue
expected_digest = release_info["digests"].get("sha256", "")
break
else:
print_error(package_path, f"No digest for {package_name} found from PyPI.")
return False

# Compute the SHA 256 digest of the wheel on disk
actual_digest = hashlib.sha256(package_path.read_bytes()).hexdigest()

print(f"Expected digest: {expected_digest}")
print(f"Actual digest: {actual_digest}")

if actual_digest != expected_digest:
print_error(
package_path, f"Failed to verify the checksum of the {package_name} wheel."
)
return False

print_notice(
package_path,
f"Successfully verified the checksum of the {package_name} wheel.",
)
return True


if __name__ == "__main__":
exit_status = 0
for package_name in PACKAGE_NAMES:
if not verify_wheel(package_name):
exit_status = 1
raise SystemExit(exit_status)
[8]ページ先頭
©2009-2025 Movatter.jp