Fixes and improvements to the upload-pypi Task.

I added support for TaskRunResults for this task. This change adds four results: - the sha256 hash of the bdist package and the sdist package. - the package name - the package version I also fixed a permission issue in the sample - I could not get this to run as a non-root user (even without my change). The git repo is cloned correctly, but the default user of the twine image does not have write permissions in this directory.
2024-11-22 06:02:51 +00:00 · 2020-07-23 12:52:16 -05:00 · 2020-07-23 12:52:16 -05:00 · 6ae766ddb0
commit 6ae766ddb0
parent 2998778fed
3 changed files with 41 additions and 1 deletions
--- a/task/upload-pypi/0.1/README.md
+++ b/task/upload-pypi/0.1/README.md
@ -49,3 +49,23 @@ spec:
 ```

 In this example, the Git repo being used is expected to have a `setup.py` file at the root of the repository. [setup.py](https://packaging.python.org/tutorials/packaging-projects/#creating-setup-py) is build script for [setuptools](https://pypi.org/project/setuptools/)
+
+This TaskRun outputs several `Results`:
+
+- A `sha256` hash for each uploaded file (the bdist and the sdist packages).
+- The name of the uploaded package
+- The version of the uploaded package
+
+This looks like:
+
+```
+  taskResults:
+  - name: bdist_sha
+    value: 97dd35b7097443b6896734d979a1a52c64023f17474e4027d69d2df0b9acb797  dist/foo.whl
+  - name: package_name
+    value: foo
+  - name: package_version
+    value: 2.24.4
+  - name: sdist_sha
+    value: 8fda69bc68ece690d135d0091ebdd10a8c15db477c2eafce0d0a65bc9712f5bf  dist/foo.tar.gz
+```
--- a/task/upload-pypi/0.1/samples/run.yaml
+++ b/task/upload-pypi/0.1/samples/run.yaml
@ -54,6 +54,10 @@ kind: PipelineRun
 metadata:
  name: publish-package-pipeline-run
 spec:
+  podTemplate:
+    securityContext:
+      runAsNonRoot: false
+      runAsUser: 0
  pipelineRef:
    name: publish-package-pipeline
  workspaces:
--- a/task/upload-pypi/0.1/upload-pypi.yaml
+++ b/task/upload-pypi/0.1/upload-pypi.yaml
@ -49,4 +49,20 @@ spec:
          name: pypi-secret
          key: password
    script: |
-      twine upload dist/*
+      twine upload --disable-progress-bar dist/*
+      # Now write out all our results, stripping newlines.
+      # sdist files are .tar.gz's
+      sha256sum dist/*.tar.gz | tr -d '\n' | tee $(results.sdist_sha.path)
+      # bdist files are .whls's
+      sha256sum dist/*.whl | tr -d '\n' | tee $(results.bdist_sha.path)
+      python setup.py --name | tr -d '\n' | tee $(results.package_name.path)
+      python setup.py --version | tr -d '\n' | tee $(results.package_version.path)
+  results:
+  - name: sdist_sha
+    description: sha256 (and filename) of the sdist package
+  - name: bdist_sha
+    description: sha256 (and filename) of the bdist package
+  - name: package_name
+    description: name of the uploaded package
+  - name: package_version
+    description: version of the uploaded package