Release v0.10 (#349)

* workflows: Construct GH release changelog with awk Get the GH release chnagelog from docs/CHANGLEOG.md. This is copied from python-tuf. * awk is used to find get the changelog entries for this release only * The upload artifact now contains two paths (dist dir and changelog snippet file) * This changes how the artifact is formed so download-artifact has to change as well * Bump versions for 0.10.0, add changlog entry
theupdateframework · May 27, 2024 · a486e2d · a486e2d
1 parent 8c503d9
commit a486e2d
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 14 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -22,14 +22,18 @@ jobs:
       - name: Install build dependencies
         run: python3 -m pip install -c build/build-constraints.txt build
 
-      - name: Build binary wheel and source tarball
-        run: PIP_CONSTRAINT=build/build-constraints.txt python3 -m build --sdist --wheel --outdir dist/ signer/
+      - name: Build release changelog, signer wheel & source tarball
+        run: |
+          PIP_CONSTRAINT=build/build-constraints.txt python3 -m build --sdist --wheel --outdir dist/ signer/
+          awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog
 
       - name: Store build artifacts
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
-          name: signer-artifacts
-          path: dist
+          name: build-artifacts
+          path: |
+            dist
+            changelog
 
   release-pypi:
     name: Release Signer on PyPI
@@ -42,8 +46,7 @@ jobs:
       - name: Fetch build artifacts
         uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
-          name: signer-artifacts
-          path: dist
+          name: build-artifacts
 
       - name: Publish binary wheel and source tarball on PyPI
         if: github.repository == 'theupdateframework/tuf-on-ci'
@@ -59,8 +62,7 @@ jobs:
       - name: Fetch build artifacts
         uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
-          name: signer-artifacts
-          path: dist
+          name: build-artifacts
 
       - name: Make a GitHub release
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
@@ -72,9 +74,7 @@ jobs:
               repo: context.repo.repo,
               name: '${{ github.ref_name }}',
               tag_name: '${{ github.ref }}',
-              body: 'See [CHANGELOG.md](https://github.com/' +
-                     context.repo.owner + '/' + context.repo.repo +
-                    '/blob/${{ github.ref_name }}/docs/CHANGELOG.md) for details.'
+              body: fs.readFileSync('changelog', 'utf8'),
             })
             fs.readdirSync('dist/').forEach(file => {
               github.rest.repos.uploadReleaseAsset({

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -2,6 +2,36 @@
 
 ## Unreleased
 
+## v0.10.0
+
+Release includes several new features. It also fixes an issue with TUF keyids,
+see issue #292 (note that existing keyids are not automatically made compliant:
+`tuf-on-ci-delegate --force-compliant-keyids` can be used in a signing event to
+make that happen).
+
+GitHub workflows require no changes (but you may want to add a
+`.github/TUF_ON_CI_TEMPLATE/failure.md` file, see below).
+
+**Changes**
+
+* Artifact directories can now be up to 5 levels deep (#238)
+* actions: All action requirements are now version pinned (#248)
+* actions: `.github/TUF_ON_CI_TEMPLATE/failure.md` can now be used to
+  define custom content for workflow failure issues (#270)
+* `build-repository` action: A human readable repository description
+  is generated in index.html in the published metadata dir (#313)
+
+**Fixes**
+
+* signer: keyid generation was fixed to be specification compliant (#294)
+  * A feature was added to fix noncompliant keyids in repositories
+    where they non-compliant keyids already present (#338)
+* `test-repository` action: Use a better default artifact-url (#275),
+  handle a initial root in more cases (#346)
+* `build-repository` action: Delegation tree is now used to decide which
+  metadata to include in published repo (#344)
+* tuf minimum dependency is now correctly set to 3.1 (#329)
+
 ## v0.9.0
 
 GitHub Actions users are adviced to upgrade for safer dependency

diff --git a/docs/RELEASE.md b/docs/RELEASE.md
@@ -3,7 +3,7 @@
 1. Ensure `docs/CHANGELOG.md` contains a summary of notable changes since the
    prior release. Check that all required changes to workflows that
    call our actions are clearly documented.
-2. Update version number in `signer/pyproject.toml` and `repo/pyproject.toml`
+2. Update version number in `signer/tuf_on_ci_sign/__init__.py` and `repo/tuf_on_ci/_version.py`
 3. Create a PR with the updated CHANGELOG and version bumps.
 4. Once the PR is merged, create a signed tag for the version number on the merge commit
   `git tag --sign vA.B.C -m "vA.B.C"`

diff --git a/repo/tuf_on_ci/_version.py b/repo/tuf_on_ci/_version.py
@@ -1 +1 @@
-__version__ = "0.9.0"
+__version__ = "0.10.0"
diff --git a/signer/tuf_on_ci_sign/__init__.py b/signer/tuf_on_ci_sign/__init__.py
@@ -2,6 +2,6 @@
 from tuf_on_ci_sign.import_repo import import_repo
 from tuf_on_ci_sign.sign import sign
 
-__version__ = "0.9.0"
+__version__ = "0.10.0"
 
 __all__ = ["delegate", "import_repo", "sign"]