cryptography/release.py

# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

import getpass
import io
import os
import subprocess
import time
import typing
import urllib
import zipfile

import click
import requests


def run(*args: str) -> None:
    print("[running] {0}".format(list(args)))
    subprocess.check_call(list(args))


def wait_for_build_complete_github_actions(
    session: requests.Session, token: str, run_url: str
) -> None:
    while True:
        response = session.get(
            run_url,
            headers={
                "Content-Type": "application/json",
                "Authorization": "token {}".format(token),
            },
        )
        response.raise_for_status()
        if response.json()["conclusion"] is not None:
            break
        time.sleep(3)


def download_artifacts_github_actions(
    session: requests.Session, token: str, run_url: str
) -> typing.List[str]:
    response = session.get(
        run_url,
        headers={
            "Content-Type": "application/json",
            "Authorization": "token {}".format(token),
        },
    )
    response.raise_for_status()

    response = session.get(
        response.json()["artifacts_url"],
        headers={
            "Content-Type": "application/json",
            "Authorization": "token {}".format(token),
        },
    )
    response.raise_for_status()
    paths = []
    for artifact in response.json()["artifacts"]:
        response = session.get(
            artifact["archive_download_url"],
            headers={
                "Content-Type": "application/json",
                "Authorization": "token {}".format(token),
            },
        )
        with zipfile.ZipFile(io.BytesIO(response.content)) as z:
            for name in z.namelist():
                if not name.endswith(".whl") and not name.endswith(".tar.gz"):
                    continue
                p = z.open(name)
                out_path = os.path.join(
                    os.path.dirname(__file__),
                    "dist",
                    os.path.basename(name),
                )
                with open(out_path, "wb") as f:
                    f.write(p.read())
                paths.append(out_path)
    return paths


def fetch_github_actions_artifacts(
    token: str, version: str
) -> typing.List[str]:
    session = requests.Session()

    response = session.get(
        (
            f"https://api.github.com/repos/pyca/cryptography/actions"
            f"/workflows/wheel-builder.yml/runs?event=push&branch={version}"
        ),
        headers={
            "Content-Type": "application/json",
            "Authorization": "token {}".format(token),
        },
    )
    response.raise_for_status()
    run_url: str = response.json()["workflow_runs"][0]["url"]
    wait_for_build_complete_github_actions(session, token, run_url)
    return download_artifacts_github_actions(session, token, run_url)


def wait_for_build_complete_circleci(
    session: requests.Session, token: str, pipeline_id: str
) -> None:
    while True:
        response = session.get(
            f"https://circleci.com/api/v2/pipeline/{pipeline_id}/workflow",
            headers={
                "Circle-Token": token,
            },
        )
        response.raise_for_status()
        status = response.json()["items"][0]["status"]
        if status == "success":
            break
        elif status not in ("running", "on_hold", "not_run"):
            raise ValueError(f"CircleCI build failed with status {status}")
        time.sleep(3)


def download_artifacts_circleci(
    session: requests.Session, urls: typing.List[str]
) -> typing.List[str]:
    paths = []
    for url in urls:
        name = os.path.basename(urllib.parse.urlparse(url).path)
        response = session.get(url)
        out_path = os.path.join(
            os.path.dirname(__file__),
            "dist",
            os.path.basename(name),
        )
        with open(out_path, "wb") as f:
            f.write(response.content)
        paths.append(out_path)
    return paths


def fetch_circleci_artifacts(token: str, version: str) -> typing.List[str]:
    session = requests.Session()

    response = session.get(
        "https://circleci.com/api/v2/pipeline?org-slug=gh/pyca",
        headers={"Circle-Token": token},
    )
    response.raise_for_status()
    pipeline_id = None
    for item in response.json()["items"]:
        if item["project_slug"] == "gh/pyca/cryptography":
            if item["vcs"].get("tag", None) == version:
                pipeline_id = item["id"]
                break

    if pipeline_id is None:
        raise ValueError(f"Could not find a pipeline for version {version}")

    wait_for_build_complete_circleci(session, token, pipeline_id)
    urls = fetch_circleci_artifact_urls(session, token, pipeline_id)
    return download_artifacts_circleci(session, urls)


def fetch_circleci_artifact_urls(
    session: requests.Session, token: str, pipeline_id: str
) -> typing.List[str]:
    response = session.get(
        f"https://circleci.com/api/v2/pipeline/{pipeline_id}/workflow",
        headers={"Circle-Token": token},
    )
    response.raise_for_status()
    workflow_id = response.json()["items"][0]["id"]
    job_response = session.get(
        f"https://circleci.com/api/v2/workflow/{workflow_id}/job",
        headers={"Circle-Token": token},
    )
    job_response.raise_for_status()
    artifact_urls = []
    for job in job_response.json()["items"]:
        urls = fetch_circleci_artifact_url_from_job(
            session, token, job["job_number"]
        )
        artifact_urls.extend(urls)

    return artifact_urls


def fetch_circleci_artifact_url_from_job(
    session: requests.Session, token: str, job: str
) -> typing.List[str]:
    response = session.get(
        f"https://circleci.com/api/v2/project/gh/pyca/cryptography/"
        f"{job}/artifacts",
        headers={"Circle-Token": token},
    )
    response.raise_for_status()
    urls = []
    for item in response.json()["items"]:
        url = item.get("url", None)
        if url is not None:
            urls.append(url)

    return urls


@click.command()
@click.argument("version")
def release(version: str) -> None:
    """
    ``version`` should be a string like '0.4' or '1.0'.
    """
    print(
        f"Create a new GH PAT at: "
        f"https://github.com/settings/tokens/new?"
        f"description={version}&scopes=repo"
    )
    print(
        "Get a CircleCI token at: "
        "https://app.circleci.com/settings/user/tokens"
    )
    github_token = getpass.getpass("Github person access token: ")
    circle_token = getpass.getpass("CircleCI token: ")

    # Tag and push the tag (this will trigger the wheel builder in Actions)
    run("git", "tag", "-s", version, "-m", "{0} release".format(version))
    run("git", "push", "--tags")

    # Wait for Actions to complete and download the wheels
    github_actions_artifact_paths = fetch_github_actions_artifacts(
        github_token, version
    )
    # Download wheels from CircleCI
    circle_artifact_paths = fetch_circleci_artifacts(circle_token, version)

    artifact_paths = github_actions_artifact_paths + circle_artifact_paths

    # Upload wheels and sdist
    run("twine", "upload", *artifact_paths)


if __name__ == "__main__":
    release()
Update the license header for every source file, as well as the documentation. Fixes #1209 2014-11-16 17:08:42 +00:00			`# This file is dual licensed under the terms of the Apache License, Version`
			`# 2.0, and the BSD License. See the LICENSE file in the root of this repository`
			`# for complete details.`
Add newline for consistency 2014-07-06 09:51:26 +00:00
Refs #506 -- Trigger creation of wheels when doing a release 2014-02-19 22:01:06 +00:00			`import getpass`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`import io`
Download the windows wheels from jenkins 2014-02-20 15:48:46 +00:00			`import os`
Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00			`import subprocess`
Wait for the wheel job to finish building the windows wheels. Refs #506 2014-02-20 00:44:06 +00:00			`import time`
Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`import typing`
automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`import urllib`
Update release.py to use azure for wheel building (#4878) * Initial stab at this script * Convert to the old style artifact publish * Update script based on some testing * Remove this * Adapt release.py to combine azure and jenkins wheels 2019-05-25 15:11:49 +00:00			`import zipfile`

Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00			`import click`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`import requests`

Wait for the wheel job to finish building the windows wheels. Refs #506 2014-02-20 00:44:06 +00:00
Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`def run(*args: str) -> None:`
Fixes #3821 -- improve output during release.py (#3848) This should cause stdout/stderr for command we run to be displayed, and also print which commands we're running 2017-08-04 17:45:11 +00:00			`print("[running] {0}".format(list(args)))`
Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`subprocess.check_call(list(args))`
Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00

Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`def wait_for_build_complete_github_actions(`
			`session: requests.Session, token: str, run_url: str`
			`) -> None:`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`while True:`
Paint it Black by the Rolling Stones (#5324) 2020-07-20 18:06:29 +00:00			`response = session.get(`
			`run_url,`
			`headers={`
			`"Content-Type": "application/json",`
			`"Authorization": "token {}".format(token),`
			`},`
			`)`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`response.raise_for_status()`
			`if response.json()["conclusion"] is not None:`
			`break`
			`time.sleep(3)`


Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`def download_artifacts_github_actions(`
			`session: requests.Session, token: str, run_url: str`
			`) -> typing.List[str]:`
Paint it Black by the Rolling Stones (#5324) 2020-07-20 18:06:29 +00:00			`response = session.get(`
			`run_url,`
			`headers={`
			`"Content-Type": "application/json",`
			`"Authorization": "token {}".format(token),`
			`},`
			`)`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`response.raise_for_status()`

Paint it Black by the Rolling Stones (#5324) 2020-07-20 18:06:29 +00:00			`response = session.get(`
			`response.json()["artifacts_url"],`
			`headers={`
			`"Content-Type": "application/json",`
			`"Authorization": "token {}".format(token),`
			`},`
			`)`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`response.raise_for_status()`
			`paths = []`
			`for artifact in response.json()["artifacts"]:`
Paint it Black by the Rolling Stones (#5324) 2020-07-20 18:06:29 +00:00			`response = session.get(`
			`artifact["archive_download_url"],`
			`headers={`
			`"Content-Type": "application/json",`
			`"Authorization": "token {}".format(token),`
			`},`
			`)`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`with zipfile.ZipFile(io.BytesIO(response.content)) as z:`
			`for name in z.namelist():`
Build vectors and sdist artifacts in CI as well. (#7766) This is in preperation for ultimately uploading them from GHA once PyPI has OIDC integration. 2022-11-03 11:41:03 +00:00			`if not name.endswith(".whl") and not name.endswith(".tar.gz"):`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`continue`
			`p = z.open(name)`
			`out_path = os.path.join(`
new black, actually slightly different than the old black (#5429) 2020-08-27 02:59:43 +00:00			`os.path.dirname(__file__),`
			`"dist",`
			`os.path.basename(name),`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`)`
			`with open(out_path, "wb") as f:`
			`f.write(p.read())`
			`paths.append(out_path)`
			`return paths`


Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`def fetch_github_actions_artifacts(`
			`token: str, version: str`
			`) -> typing.List[str]:`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`session = requests.Session()`

			`response = session.get(`
			`(`
be careful to only publish wheels from the right CI run (#7865) 2022-12-01 01:40:48 +00:00			`f"https://api.github.com/repos/pyca/cryptography/actions"`
			`f"/workflows/wheel-builder.yml/runs?event=push&branch={version}"`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`),`
			`headers={`
			`"Content-Type": "application/json",`
			`"Authorization": "token {}".format(token),`
			`},`
			`)`
			`response.raise_for_status()`
Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`run_url: str = response.json()["workflow_runs"][0]["url"]`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`wait_for_build_complete_github_actions(session, token, run_url)`
			`return download_artifacts_github_actions(session, token, run_url)`


automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`def wait_for_build_complete_circleci(`
			`session: requests.Session, token: str, pipeline_id: str`
			`) -> None:`
			`while True:`
			`response = session.get(`
			`f"https://circleci.com/api/v2/pipeline/{pipeline_id}/workflow",`
			`headers={`
			`"Circle-Token": token,`
			`},`
			`)`
			`response.raise_for_status()`
			`status = response.json()["items"][0]["status"]`
			`if status == "success":`
			`break`
			`elif status not in ("running", "on_hold", "not_run"):`
			`raise ValueError(f"CircleCI build failed with status {status}")`
			`time.sleep(3)`


			`def download_artifacts_circleci(`
			`session: requests.Session, urls: typing.List[str]`
			`) -> typing.List[str]:`
			`paths = []`
			`for url in urls:`
			`name = os.path.basename(urllib.parse.urlparse(url).path)`
			`response = session.get(url)`
			`out_path = os.path.join(`
			`os.path.dirname(__file__),`
			`"dist",`
			`os.path.basename(name),`
			`)`
			`with open(out_path, "wb") as f:`
			`f.write(response.content)`
			`paths.append(out_path)`
			`return paths`


			`def fetch_circleci_artifacts(token: str, version: str) -> typing.List[str]:`
			`session = requests.Session()`

			`response = session.get(`
			`"https://circleci.com/api/v2/pipeline?org-slug=gh/pyca",`
			`headers={"Circle-Token": token},`
			`)`
			`response.raise_for_status()`
			`pipeline_id = None`
			`for item in response.json()["items"]:`
			`if item["project_slug"] == "gh/pyca/cryptography":`
			`if item["vcs"].get("tag", None) == version:`
			`pipeline_id = item["id"]`
			`break`

			`if pipeline_id is None:`
			`raise ValueError(f"Could not find a pipeline for version {version}")`

			`wait_for_build_complete_circleci(session, token, pipeline_id)`
			`urls = fetch_circleci_artifact_urls(session, token, pipeline_id)`
			`return download_artifacts_circleci(session, urls)`


			`def fetch_circleci_artifact_urls(`
			`session: requests.Session, token: str, pipeline_id: str`
			`) -> typing.List[str]:`
			`response = session.get(`
			`f"https://circleci.com/api/v2/pipeline/{pipeline_id}/workflow",`
			`headers={"Circle-Token": token},`
			`)`
			`response.raise_for_status()`
			`workflow_id = response.json()["items"][0]["id"]`
			`job_response = session.get(`
			`f"https://circleci.com/api/v2/workflow/{workflow_id}/job",`
			`headers={"Circle-Token": token},`
			`)`
			`job_response.raise_for_status()`
			`artifact_urls = []`
			`for job in job_response.json()["items"]:`
			`urls = fetch_circleci_artifact_url_from_job(`
			`session, token, job["job_number"]`
			`)`
			`artifact_urls.extend(urls)`

			`return artifact_urls`


			`def fetch_circleci_artifact_url_from_job(`
			`session: requests.Session, token: str, job: str`
			`) -> typing.List[str]:`
			`response = session.get(`
			`f"https://circleci.com/api/v2/project/gh/pyca/cryptography/"`
			`f"{job}/artifacts",`
			`headers={"Circle-Token": token},`
			`)`
			`response.raise_for_status()`
			`urls = []`
			`for item in response.json()["items"]:`
			`url = item.get("url", None)`
			`if url is not None:`
			`urls.append(url)`

			`return urls`


Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00			`@click.command()`
			`@click.argument("version")`
Type annotate release.py (#7951) 2023-01-02 00:38:57 +00:00			`def release(version: str) -> None:`
Write release automation software. Fixes #375 2014-01-06 20:04:53 +00:00			`"""`
			``version`` should be a string like '0.4' or '1.0'.
			`"""`
Provide a link to create a PAT in the release flow (#7406) 2022-07-06 21:46:17 +00:00			`print(`
			`f"Create a new GH PAT at: "`
			`f"https://github.com/settings/tokens/new?"`
			`f"description={version}&scopes=repo"`
			`)`
automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`print(`
			`"Get a CircleCI token at: "`
			`"https://app.circleci.com/settings/user/tokens"`
			`)`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`github_token = getpass.getpass("Github person access token: ")`
automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`circle_token = getpass.getpass("CircleCI token: ")`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00
update release.py (#6332) * update release.py * flake8 2021-09-30 00:38:28 +00:00			`# Tag and push the tag (this will trigger the wheel builder in Actions)`
Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00			`run("git", "tag", "-s", version, "-m", "{0} release".format(version))`
			`run("git", "push", "--tags")`
Write release automation software. Fixes #375 2014-01-06 20:04:53 +00:00
update release.py (#6332) * update release.py * flake8 2021-09-30 00:38:28 +00:00			`# Wait for Actions to complete and download the wheels`
Build vectors and sdist artifacts in CI as well. (#7766) This is in preperation for ultimately uploading them from GHA once PyPI has OIDC integration. 2022-11-03 11:41:03 +00:00			`github_actions_artifact_paths = fetch_github_actions_artifacts(`
Move wheel builer to github actions (#5147) 2020-03-21 19:14:46 +00:00			`github_token, version`
			`)`
automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`# Download wheels from CircleCI`
			`circle_artifact_paths = fetch_circleci_artifacts(circle_token, version)`

			`artifact_paths = github_actions_artifact_paths + circle_artifact_paths`
update release.py (#6332) * update release.py * flake8 2021-09-30 00:38:28 +00:00
Upload wheels before sdist at release (#7469) So that pypi pppulates the data available via the JSON API 2022-08-02 12:08:59 +00:00			`# Upload wheels and sdist`
automatically download and upload circleci wheels (#7949) 2023-01-02 02:22:32 +00:00			`run("twine", "upload", *artifact_paths)`
Replace release automation with click (#3557) * Replace release automation with click * Fix * fix 2017-05-20 21:37:40 +00:00

			`if __name__ == "__main__":`
			`release()`