when: - event: [push, pull_request, manual] variables: - &uv_image "ghcr.io/astral-sh/uv:python3.12-bookworm-slim" steps: install: image: *uv_image commands: - uv sync --all-extras --frozen lint: image: *uv_image commands: - | uv sync --all-extras --frozen uv run ruff check src/ tests/ uv run ruff format --check src/ tests/ depends_on: - install typecheck: image: *uv_image commands: - | uv sync --all-extras --frozen uv run mypy src/ depends_on: - install security-bandit: image: *uv_image commands: - | uv sync --all-extras --frozen uv run bandit -r src/ -f screen --skip B311 depends_on: - install security-audit: image: *uv_image commands: - | uv sync --all-extras --frozen uv run pip-audit depends_on: - install test: image: *uv_image commands: - | uv sync --all-extras --frozen uv run pytest --cov=src/mosaicstack_telemetry --cov-report=term-missing --cov-fail-under=85 depends_on: - install publish: image: *uv_image environment: GITEA_USER: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | uv sync --all-extras --frozen uv pip install twine BASE_VERSION=$$(uv run python3 -c "import tomllib; print(tomllib.load(open('pyproject.toml','rb'))['project']['version'])") if [ -n "$$CI_COMMIT_TAG" ] || [ "$$CI_COMMIT_BRANCH" = "main" ]; then VERSION="$$BASE_VERSION" echo "Release build: $$VERSION" elif [ "$$CI_COMMIT_BRANCH" = "develop" ]; then TIMESTAMP=$$(date -u +%Y%m%d%H%M%S) VERSION="$${BASE_VERSION}.dev$${TIMESTAMP}" echo "Dev build: $$VERSION" sed -i "s/version = \"$$BASE_VERSION\"/version = \"$$VERSION\"/" pyproject.toml fi uv build if [ "$$CI_COMMIT_BRANCH" = "develop" ]; then echo "Publishing dev version $$VERSION..." uv run twine upload \ --repository-url "https://git.mosaicstack.dev/api/packages/mosaic/pypi" \ --username "$$GITEA_USER" \ --password "$$GITEA_TOKEN" \ dist/* echo "Published mosaicstack-telemetry $$VERSION" else echo "Checking if release $$VERSION is already published..." INDEX_PAGE=$$(curl -sf "https://git.mosaicstack.dev/api/packages/mosaic/pypi/simple/mosaicstack-telemetry/" 2>/dev/null || echo "") if echo "$$INDEX_PAGE" | grep -q "mosaicstack_telemetry-$$VERSION"; then echo "Version $$VERSION already published, skipping upload" else echo "Publishing release $$VERSION..." uv run twine upload \ --repository-url "https://git.mosaicstack.dev/api/packages/mosaic/pypi" \ --username "$$GITEA_USER" \ --password "$$GITEA_TOKEN" \ dist/* echo "Published mosaicstack-telemetry $$VERSION" fi fi when: - branch: [main, develop] event: [push, manual, tag] depends_on: - lint - typecheck - security-bandit - security-audit - test link-package: image: alpine:3 environment: GITEA_TOKEN: from_secret: gitea_token commands: - apk add --no-cache curl - sleep 5 - | set -e for attempt in 1 2 3; do STATUS=$$(curl -s -o /dev/null -w "%{http_code}" -X POST \ -H "Authorization: token $$GITEA_TOKEN" \ "https://git.mosaicstack.dev/api/v1/packages/mosaic/pypi/mosaicstack-telemetry/-/link/telemetry-client-py") if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then echo "Package linked to repository" exit 0 elif [ "$$STATUS" = "400" ]; then echo "Package already linked (OK)" exit 0 elif [ $$attempt -lt 3 ]; then echo "Package not found yet, retrying in 5s (attempt $$attempt/3)..." sleep 5 else echo "Failed to link package (status $$STATUS)" exit 1 fi done when: - branch: [main, develop] event: [push, manual, tag] depends_on: - publish