From 6ae766ddb0572193368aa6050b9448509404e638 Mon Sep 17 00:00:00 2001
From: Dan Lorenc <lorenc.d@gmail.com>
Date: Thu, 23 Jul 2020 12:52:16 -0500
Subject: [PATCH] Fixes and improvements to the upload-pypi Task.

I added support for TaskRunResults for this task. This change adds four results:
- the sha256 hash of the bdist package and the sdist package.
- the package name
- the package version

I also fixed a permission issue in the sample - I could not get this to run as a non-root
user (even without my change). The git repo is cloned correctly, but the default user of the
twine image does not have write permissions in this directory.
---
 task/upload-pypi/0.1/README.md        | 20 ++++++++++++++++++++
 task/upload-pypi/0.1/samples/run.yaml |  4 ++++
 task/upload-pypi/0.1/upload-pypi.yaml | 18 +++++++++++++++++-
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/task/upload-pypi/0.1/README.md b/task/upload-pypi/0.1/README.md
index 311e9528..d9f5b0fd 100644
--- a/task/upload-pypi/0.1/README.md
+++ b/task/upload-pypi/0.1/README.md
@@ -49,3 +49,23 @@ spec:
 ```
 
 In this example, the Git repo being used is expected to have a `setup.py` file at the root of the repository. [setup.py](https://packaging.python.org/tutorials/packaging-projects/#creating-setup-py) is build script for [setuptools](https://pypi.org/project/setuptools/)
+
+This TaskRun outputs several `Results`:
+
+- A `sha256` hash for each uploaded file (the bdist and the sdist packages).
+- The name of the uploaded package
+- The version of the uploaded package
+
+This looks like:
+
+```
+  taskResults:
+  - name: bdist_sha
+    value: 97dd35b7097443b6896734d979a1a52c64023f17474e4027d69d2df0b9acb797  dist/foo.whl
+  - name: package_name
+    value: foo
+  - name: package_version
+    value: 2.24.4
+  - name: sdist_sha
+    value: 8fda69bc68ece690d135d0091ebdd10a8c15db477c2eafce0d0a65bc9712f5bf  dist/foo.tar.gz
+```
diff --git a/task/upload-pypi/0.1/samples/run.yaml b/task/upload-pypi/0.1/samples/run.yaml
index 55d761be..8c748522 100644
--- a/task/upload-pypi/0.1/samples/run.yaml
+++ b/task/upload-pypi/0.1/samples/run.yaml
@@ -54,6 +54,10 @@ kind: PipelineRun
 metadata:
   name: publish-package-pipeline-run
 spec:
+  podTemplate:
+    securityContext:
+      runAsNonRoot: false
+      runAsUser: 0
   pipelineRef:
     name: publish-package-pipeline
   workspaces:
diff --git a/task/upload-pypi/0.1/upload-pypi.yaml b/task/upload-pypi/0.1/upload-pypi.yaml
index 380b850a..420dbd76 100644
--- a/task/upload-pypi/0.1/upload-pypi.yaml
+++ b/task/upload-pypi/0.1/upload-pypi.yaml
@@ -49,4 +49,20 @@ spec:
           name: pypi-secret
           key: password
     script: |
-      twine upload dist/*
+      twine upload --disable-progress-bar dist/*
+      # Now write out all our results, stripping newlines.
+      # sdist files are .tar.gz's
+      sha256sum dist/*.tar.gz | tr -d '\n' | tee $(results.sdist_sha.path)
+      # bdist files are .whls's
+      sha256sum dist/*.whl | tr -d '\n' | tee $(results.bdist_sha.path)
+      python setup.py --name | tr -d '\n' | tee $(results.package_name.path)
+      python setup.py --version | tr -d '\n' | tee $(results.package_version.path)
+  results:
+  - name: sdist_sha
+    description: sha256 (and filename) of the sdist package
+  - name: bdist_sha
+    description: sha256 (and filename) of the bdist package
+  - name: package_name
+    description: name of the uploaded package
+  - name: package_version
+    description: version of the uploaded package