Merge branch 'main' into main

.github/workflows/ci-argon2-cffi-bindings.yml → .github/workflows/ci.yml

@@ -1,5 +1,5 @@
 ---
-    name: CI w/ argon2-cffi-bindings
+    name: CI
 
     on:
       push:
@@ -32,3 +32,26 @@
             id: baipp
             with:
               path: hynek/argon2-cffi-bindings
+              skip-wheel: 'true'
+
+      check-structlog:
+        name: Build & verify the structlog package.
+        runs-on: ubuntu-latest
+
+        steps:
+          - uses: actions/checkout@v4
+            with:
+              repository: hynek/structlog
+              path: structlog
+
+          - uses: actions/checkout@v4
+            with:
+              path: action
+
+          - uses: ./action
+            id: baipp
+            with:
+              path: structlog
+              upload-name-suffix: "-structlog"
+
+          - run: echo Packages can be found at ${{ steps.baipp.outputs.dist }}

CHANGELOG.md

@@ -5,7 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
-## [2.0.0](https://github.com/hynek/build-and-inspect-python-package/compare/v1.5.4...2.0.0) - 2023-12-15
+## [UNRELEASED](https://github.com/hynek/build-and-inspect-python-package/compare/v2.0.2...main)
+
+### Added
+
+- New input: `skip-wheel` to skip building the wheel in addition to the source distribution.
+  This is useful if you need to build your wheels using advanced tools like [*cibuildwheel*](https://cibuildwheel.pypa.io/) anyway.
+  [#98](https://github.com/hynek/build-and-inspect-python-package/pull/98)
+
+- New input: `upload-name-suffix` allows to build more than one package in a single workflow by distinguishing the artifact names.
+  [#97](https://github.com/hynek/build-and-inspect-python-package/pull/97)
+
+
+### Changed
+
+- The action now uses [*uv*](https://github.com/astral-sh/uv) to install its tools to speed up your CI runs.
+  [#86](https://github.com/hynek/build-and-inspect-python-package/pull/86)
+
+
+## [2.0.2](https://github.com/hynek/build-and-inspect-python-package/compare/v2.0.1...v2.0.2) – 2024-03-16
+
+### Changed
+
+- Dependency updates for Metadata-Version 2.3 support (as used, for example, by [Hatchling 1.22.1](https://github.com/pypa/hatch/releases/tag/hatchling-v1.22.1)).
+
+
+## [2.0.1](https://github.com/hynek/build-and-inspect-python-package/compare/v2.0.0...v2.0.1) - 2024-01-25
+
+### Changed
+
+- Switched to `setup-python@v5` to avoid the "Node.js 16 actions are deprecated." deprecation warning.
+
+
+## [2.0.0](https://github.com/hynek/build-and-inspect-python-package/compare/v1.5.4...v2.0.0) - 2023-12-15
 
 ### Changed
 

README.md

@@ -1,6 +1,10 @@
-# Build and Inspect Python Packages
+<p align="center">
+  <img alt="build-and-inspect-python-package logo" width="250" src=".github/logo.png" />
+  <br/>
+  <em>Never upload a faulty Python package to PyPI again.</em>
+</p>
 
-This action provides the following functionality for GitHub Actions users that are maintaining Python packages:
+*build-and-inspect-python-package* provides the following functionality to GitHub Actions users who maintain Python packages:
 
 **Builds your package** using PyPA's [*build*](https://pypi.org/project/build/) (this works with any [PEP 517](https://peps.python.org/pep-0517/)-compatible build backend, including Hatch, Flit, Setuptools, PDM, or Poetry).
 [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/specs/source-date-epoch/) is set to the timestamp of the last commit, giving you reproducible builds with meaningful file timestamps.
@@ -23,6 +27,8 @@ If you package an **application** as a Python package, this action is useful to
 
 ## Usage
 
+This action only works on Linux runners:
+
 ```yaml
 jobs:
   check-package:
@@ -31,28 +37,39 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: hynek/build-and-inspect-python-package@v1
+      - uses: hynek/build-and-inspect-python-package@v2
 ```
 
 > [!CAUTION]
 > Internally, *build-and-inspect-python-package* uses [*actions/upload-artifact*](https://github.com/actions/upload-artifact) for storing the built artifacts that you can download with [*actions/download-artifact*](https://github.com/actions/download-artifact).
 >
 > Unfortunately, v4 of both [is incompatible](https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/) with previous versions, so you have to make sure that your *download-artifact* version matches the version that *build-and-inspect-python-package* uses for uploading.
 >
-> If you're using `download-artifact@v3`, you have to use `build-and-inspect-python-package@v1`.
-> If you're using `download-artifact@v4`, you have to use `build-and-inspect-python-package@v2`.
+> - If you're using `download-artifact@v3`, you have to use `build-and-inspect-python-package@v1`.
+> - If you're using `download-artifact@v4`, you have to use `build-and-inspect-python-package@v2`.
+
+While *build-and-inspect-python-package* will build a wheel for you by default, we recommend using [*cibuildwheel*] if your package contains compiled extensions.
 
 
 ### Inputs
 
 - `path`: the location of the Python package to build (*optional*, default: `.`).
+- `skip-wheel`: Whether to skip building the wheel in addition to the source distribution.
+  The only meaningful value is `'true'` (note the quotes – GitHub Actions only allow string inputs) and everything else is treated as falsey.
+
+  This is useful if you build your wheels using advanced tools like [*cibuildwheel*] anyway.
+  (*optional*, default: `'false'`).
+- `upload-name-suffix`: A suffix to append to the artifact names to make them unique for `upload-artifact@v4`.
+
+  Use this if you want to build multiple packages in one workflow.
+  (*optional*, default: `''`).
 
 
 ### Outputs
 
 - `dist`: the location with the built packages.
 
-  See for example how [*argon2-cffi-bindings*](https://github.com/hynek/argon2-cffi-bindings/blob/a9d295e577b271b1c7f6ca3929fe8b39ba8b689e/.github/workflows/ci.yml#L75-L85) uses this feature to check the built wheels don't break a dependency.
+  See, for example, how [*argon2-cffi-bindings*](https://github.com/hynek/argon2-cffi-bindings/blob/daff9ceb693312ab8257c60db4cd1c13cd866a35/.github/workflows/ci.yml#L83-L97) uses this feature to check the built wheels don't break a package that depends on it.
 
 
 ### Artifacts
@@ -65,13 +82,16 @@ After a successful run, you'll find multiple artifacts in the run's Summary view
 - **PyPI README**: the extracted PyPI README, exactly how it would be used by PyPI as your project's landing page.
   [PEP 621](https://peps.python.org/pep-0621/) calls it `readme`, in classic *setuptools* it's `long_description`.
 
----
 
-[Our CI](.github/workflows/) uses all inputs and outputs, if you want to see them in action.
+### Examples
+
+[Our CI](.github/workflows/ci.yml) uses all inputs and outputs, if you want to see them in action.
 
 
 ## License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE).
 
 [automated]: https://github.com/python-attrs/attrs/blob/main/.github/workflows/pypi-package.yml
+
+[*cibuildwheel*]: https://cibuildwheel.pypa.io/

action.yml

@@ -11,6 +11,14 @@ inputs:
     description: Where to look for the Python package to inspect.
     required: false
     default: .
+  skip-wheel:
+    description: Only build the source distribution.
+    required: false
+    default: 'false'
+  upload-name-suffix:
+    description: Suffix to append to the artifact names.
+    required: false
+    default: ""
 outputs:
   dist:
     description: The location of the built packages.
@@ -33,25 +41,48 @@ runs:
         python-version: ">=3.8"
         update-environment: false
 
+    - name: Install uv
+      run: curl -LsSf https://astral.sh/uv/install.sh | sh
+      shell: bash
+      if: runner.os != 'Windows'
+
+    - name: Find uv cache
+      run: echo "UV_CACHE=$(uv cache dir)" >>$GITHUB_ENV
+      shell: bash
+
+    - name: Cache uv
+      uses: actions/cache@v4
+      with:
+        path: ${{ env.UV_CACHE }}
+        key: ${{ runner.os }}-uv
+
     - name: Create venv for tools
-      run: ${{ steps.python-baipp.outputs.python-path }} -Im venv /tmp/baipp
+      run: >
+        uv venv
+        /tmp/baipp
+        --python ${{ steps.python-baipp.outputs.python-path }}
       shell: bash
 
     - name: Install our tools
       run: >
-        /tmp/baipp/bin/python
-        -Im pip
-        --disable-pip-version-check
-        --no-python-version-warning
-        install -r ${{ github.action_path }}/requirements/tools.txt
+        uv pip sync
+        ${{ github.action_path }}/requirements/tools.txt
       shell: bash
+      env:
+        VIRTUAL_ENV: /tmp/baipp
 
-    # Build SDist, then build wheel out of it.
+    # Build SDist, then build wheel out of it if the user didn't forbid it.
     # Set 'SOURCE_DATE_EPOCH' based on the last commit for build
     # reproducibility.
-    - run: >
-        SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
-        /tmp/baipp/bin/python -m build --outdir /tmp/baipp/dist
+    - name: Build package
+      run: |
+        export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
+
+        if [[ "${{ inputs.skip-wheel }}" == "true" ]]; then
+          /tmp/baipp/bin/python -m build --sdist --outdir /tmp/baipp/dist
+        else
+          /tmp/baipp/bin/python -m build --outdir /tmp/baipp/dist
+        fi
       shell: bash
       working-directory: ${{ inputs.path }}
 
@@ -68,10 +99,14 @@ runs:
     - name: Upload built artifacts.
       uses: actions/upload-artifact@v4
       with:
-        name: Packages
+        name: Packages${{ inputs.upload-name-suffix }}
         path: /tmp/baipp/dist/*
 
-    - run: /tmp/baipp/bin/check-wheel-contents /tmp/baipp/dist/*.whl
+    - name: Check wheel contents if one was built
+      run: |
+        if [[ "${{ inputs.skip-wheel }}" != 'true' ]]; then
+          /tmp/baipp/bin/check-wheel-contents /tmp/baipp/dist/*.whl
+        fi
       shell: bash
       working-directory: ${{ inputs.path }}
 
@@ -84,23 +119,26 @@ runs:
         --strict
         /tmp/baipp/dist/*
 
-    - name: Show wheel & SDist contents hierarchically, including metadata.
+    - name: Show package contents hierarchically, including metadata.
       shell: bash
       working-directory: ${{ inputs.path }}
       run: |
         cd /tmp/baipp/dist
         mkdir -p out/sdist
-        mkdir -p out/wheels
-        /tmp/baipp/bin/python -m wheel unpack --dest out/wheels *.whl
         tar xf *.tar.gz -C out/sdist
 
         echo -e '\n<details><summary>SDist contents</summary>\n' >> $GITHUB_STEP_SUMMARY
         (cd /tmp/baipp/dist/out/sdist && tree -Da --timefmt="%Y-%m-%dT%H:%M:%SZ" * | sed 's/^/    /' | tee -a $GITHUB_STEP_SUMMARY)
         echo -e '\n</details>\n' >> $GITHUB_STEP_SUMMARY
 
-        echo -e '\n<details><summary>Wheel contents</summary>\n' >> $GITHUB_STEP_SUMMARY
-        (cd /tmp/baipp/dist/out/wheels && tree -Da --timefmt="%Y-%m-%dT%H:%M:%SZ" * | sed 's/^/    /' | tee -a $GITHUB_STEP_SUMMARY)
-        echo -e '\n</details>\n' >> $GITHUB_STEP_SUMMARY
+        if [[ "${{ inputs.skip-wheel }}" != 'true' ]]; then
+            mkdir -p out/wheels
+            /tmp/baipp/bin/python -m wheel unpack --dest out/wheels *.whl
+
+            echo -e '\n<details><summary>Wheel contents</summary>\n' >> $GITHUB_STEP_SUMMARY
+            (cd /tmp/baipp/dist/out/wheels && tree -Da --timefmt="%Y-%m-%dT%H:%M:%SZ" * | sed 's/^/    /' | tee -a $GITHUB_STEP_SUMMARY)
+            echo -e '\n</details>\n' >> $GITHUB_STEP_SUMMARY
+        fi
 
         echo ----- Metadata Follows -----
         echo -e '\n<details><summary>Metadata</summary>\n' >> $GITHUB_STEP_SUMMARY
@@ -111,7 +149,7 @@ runs:
     - name: Upload metadata
       uses: actions/upload-artifact@v4
       with:
-        name: Package Metadata
+        name: Package Metadata${{ inputs.upload-name-suffix }}
         path: /tmp/baipp/dist/out/sdist/*/PKG-INFO
 
     - name: Extract PyPI README
@@ -134,7 +172,7 @@ runs:
     - name: Upload PyPI README
       uses: actions/upload-artifact@v4
       with:
-        name: PyPI README
+        name: PyPI README${{ inputs.upload-name-suffix }}
         path: /tmp/baipp/dist/out/sdist/PyPI-README.*
 
     - name: >