From c9d2984d18b5b092260ab55d482ecf83985b0e69 Mon Sep 17 00:00:00 2001 From: Guillaume Campagna Date: Thu, 12 Feb 2026 11:54:01 -0500 Subject: [PATCH 1/2] Migrate publishing from public PyPI to GCP Artifact Registry - Switch runner to self-hosted for GCP access - Add id-token permission for Workload Identity Federation - Add GCP auth step using org-level variables - Replace PYPI_API_TOKEN with OAuth2 access token auth - Publish to transit-images/private-pypi Artifact Registry Co-Authored-By: Claude Opus 4.5 --- .github/workflows/publish.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a7d7a4e..cf5f356 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,9 +6,10 @@ on: jobs: publish: - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, ci-transitapp] permissions: contents: write + id-token: write steps: - uses: actions/checkout@v4 @@ -30,14 +31,25 @@ jobs: echo "changed=false" >> $GITHUB_OUTPUT fi + - name: Authenticate to Google Cloud + if: steps.version_check.outputs.changed == 'true' + id: auth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} + token_format: access_token + - name: Build package if: steps.version_check.outputs.changed == 'true' run: uv build - - name: Publish to PyPI + - name: Publish to Artifact Registry if: steps.version_check.outputs.changed == 'true' env: - UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }} + UV_PUBLISH_URL: https://us-east1-python.pkg.dev/transit-images/private-pypi/ + UV_PUBLISH_USERNAME: oauth2accesstoken + UV_PUBLISH_PASSWORD: ${{ steps.auth.outputs.access_token }} run: uv publish - name: Create GitHub Release From b8c1e2e0e5ddc8bcc1ea891ab2c3b8b13e4911c7 Mon Sep 17 00:00:00 2001 From: Guillaume Campagna Date: Wed, 25 Mar 2026 14:14:10 -0400 Subject: [PATCH 2/2] Use shared release workflow, SHA-pin actions, bump to 0.3.2 Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/publish.yml | 64 +++--------------------------- .github/workflows/pull-request.yml | 26 +++++------- pyproject.toml | 2 +- 3 files changed, 15 insertions(+), 77 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf5f356..3f82a79 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,64 +1,10 @@ -name: Publish to PyPI +name: Release and Deploy on: push: - branches: [ main ] + branches: [main] + workflow_dispatch: {} jobs: - publish: - runs-on: [self-hosted, linux, ci-transitapp] - permissions: - contents: write - id-token: write - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 2 - - - name: Install uv - uses: astral-sh/setup-uv@v5 - - - name: Check if version changed - id: version_check - run: | - VERSION=$(grep -E '^version = ' pyproject.toml | cut -d'"' -f2) - echo "version=$VERSION" >> $GITHUB_OUTPUT - - if git diff HEAD^ HEAD -- pyproject.toml | grep -q 'version ='; then - echo "changed=true" >> $GITHUB_OUTPUT - else - echo "changed=false" >> $GITHUB_OUTPUT - fi - - - name: Authenticate to Google Cloud - if: steps.version_check.outputs.changed == 'true' - id: auth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} - service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - token_format: access_token - - - name: Build package - if: steps.version_check.outputs.changed == 'true' - run: uv build - - - name: Publish to Artifact Registry - if: steps.version_check.outputs.changed == 'true' - env: - UV_PUBLISH_URL: https://us-east1-python.pkg.dev/transit-images/private-pypi/ - UV_PUBLISH_USERNAME: oauth2accesstoken - UV_PUBLISH_PASSWORD: ${{ steps.auth.outputs.access_token }} - run: uv publish - - - name: Create GitHub Release - if: steps.version_check.outputs.changed == 'true' - env: - GH_TOKEN: ${{ github.token }} - run: | - VERSION=${{ steps.version_check.outputs.version }} - gh release create "v$VERSION" \ - --title "v$VERSION" \ - --generate-notes \ - dist/* + release: + uses: TransitApp/actions/.github/workflows/python-release.yml@master diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index b15dc21..6be74fc 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,32 +1,24 @@ -# This workflow will install Python dependencies, run tests and lint with a variety of Python versions -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions - name: Build on pull request on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] jobs: build-and-test: - runs-on: [ubuntu-latest] + runs-on: ubuntu-latest strategy: matrix: python-version: ['3.10', 'pypy3.10'] - steps: - - uses: actions/checkout@v2 - - name: Install uv - uses: astral-sh/setup-uv@v5 - - name: Set up Python ${{ matrix.python-version }} - run: uv python install ${{ matrix.python-version }} - - name: Install dependencies - run: uv sync --all-extras --dev - - name: Lint with flake8 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 + - run: uv python install ${{ matrix.python-version }} + - run: uv sync --all-extras --dev + - name: Lint run: | uv run flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics --exclude=.venv uv run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --exclude=.venv - - name: Test with pytest - run: uv run pytest . + - run: uv run pytest . diff --git a/pyproject.toml b/pyproject.toml index 0b31242..d51093f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "py-gtfs-loader" -version = "0.3.1" +version = "0.3.2" description = "Load GTFS" readme = "README.md" authors = [