Use uv in CI (#310)

btschwertfeger · Nov 25, 2024 · be01e9e · be01e9e
1 parent 9ec6267
commit be01e9e
Show file tree

Hide file tree

Showing 20 changed files with 276 additions and 137 deletions.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -38,18 +38,18 @@ issues - you can also filter for specific `labels`.
 
 ### Make Changes
 
-1. Fork the repository
+1. Fork the repository and clone your fork locally.
 
 ```bash
-git clone https://github.com/btschwertfeger/python-kraken-sdk.git
+git clone https://github.com/<username>/python-kraken-sdk.git
 ```
 
 2. Install the provided [pre-commit](https://pre-commit.com/) hooks within the
    repository and make sure that all hooks run through, before pushing changes.
 
 ```bash
+cd python-kraken-sdk
 python-kraken-sdk~$: pre-commit install
-python-kraken-sdk~$: pre-commit run -a
 ```
 
 3. Create a new branch and start implementing your changes.

diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
@@ -33,6 +33,7 @@ jobs:
           allowed-endpoints: >
             files.pythonhosted.org:443
             github.com:443
+            objects.githubusercontent.com:443
             pypi.org:443
 
       - name: Checkout repository
@@ -45,10 +46,8 @@ jobs:
         with:
           python-version: ${{ inputs.python-version }}
 
-      - name: Install dependencies
-        run: |
-          python -m pip install --user --upgrade pip
-          python -m pip install --user build
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
 
       - name: Check git status (not Windows)
         if: runner.os != 'Windows'
@@ -74,36 +73,35 @@ jobs:
 
       - name: Build Linux
         if: runner.os == 'linux'
-        run: python -m build
-
-      - name: Store the distribution packages
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        # upload artifacts with the oldest supported version
-        if: runner.os == 'linux' && inputs.python-version == '3.11'
-        with:
-          name: python-package-distributions
-          path: dist/
+        run: |
+          uv build .
+          uv tool install dist/python_kraken_sdk*.whl
+          uv run kraken --version
 
       - name: Build macOS
         if: runner.os == 'macOS'
-        run: python -m build
+        run: |
+          uv build .
+          uv tool install dist/python_kraken_sdk*.whl
+          uv run kraken --version
 
       - name: Build Windows
-        if: runner.os == 'Windows'
-        # put it here to avoid more filtering
-        run: python -m build -o .
-
-      - name: Install the package on Linux or MacOS
-        if: runner.os != 'Windows'
-        run: python -m pip install --user dist/python_kraken_sdk*.whl
-
-      - name: Install the package on Windows
         if: runner.os == 'Windows'
         run: |
+          uv build .
           try {
-              $WHEEL = Get-ChildItem -Path . -Filter "python_kraken_sdk*.whl" -ErrorAction Stop
-              python -m pip install --user $WHEEL
+              $WHEEL = Get-ChildItem -Path ./dist -Filter "python_kraken_sdk*.whl" -ErrorAction Stop
+              uv tool install $WHEEL#
+              uv run kraken --version
           } catch {
-              Write-Error "Error: .whl file not found in the current directory."
+              Write-Error "Error: .whl file not found in .\dist."
               exit 1
           }
+
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        # upload artifacts with the oldest supported version
+        if: runner.os == 'linux' && inputs.python-version == '3.11'
+        with:
+          name: python-package-distributions
+          path: dist/
diff --git a/.github/workflows/_build_doc.yaml b/.github/workflows/_build_doc.yaml
@@ -37,13 +37,18 @@ jobs:
         with:
           python-version: ${{ inputs.python-version }}
 
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
       - name: Install dependencies
         run: |
           sudo apt update
           DEBIAN_FRONTEND=noninteractive sudo apt install -y pandoc
-          python -m pip install --user -r doc/requirements.txt
-          python -m pip install --user --upgrade pip
-          python -m pip install --user .
+          uv venv
+          source .venv/bin/activate
+          echo ${GITHUB_WORKSPACE}/.venv/bin >> $GITHUB_PATH
+          uv pip install -r doc/requirements.txt
+          uv pip install .
 
       - name: Build the documentation
         run: make doc
diff --git a/.github/workflows/_codecov.yaml b/.github/workflows/_codecov.yaml
@@ -59,6 +59,7 @@ jobs:
             files.pythonhosted.org:443
             futures.kraken.com:443
             github.com:443
+            objects.githubusercontent.com:443
             pypi.org:443
             storage.googleapis.com:443
             ws-auth.kraken.com:443
@@ -72,11 +73,15 @@ jobs:
         with:
           python-version: ${{ inputs.python-version }}
 
-      - name: Install dependencies
-        run: python -m pip install --upgrade pip
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
 
       - name: Install package
-        run: python -m pip install ".[dev,test]"
+        run: |
+          uv venv
+          source .venv/bin/activate
+          echo ${GITHUB_WORKSPACE}/.venv/bin >> $GITHUB_PATH
+          uv pip install ".[test,dev]"
 
       - name: Generate coverage report
         env:

diff --git a/.github/workflows/_codeql.yaml b/.github/workflows/_codeql.yaml
@@ -22,23 +22,24 @@ jobs:
       contents: read
       security-events: write
 
-    # strategy:
-    #   fail-fast: false
-    #   matrix:
-    #     language: ["python"]
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["python"]
     # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
     # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          egress-policy: audit
-          # disable-sudo: true
-          # egress-policy: block
-          # allowed-endpoints: >
-          #   api.github.com:443
-          #   github.com:443
+          # egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            uploads.github.com:443
 
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -57,7 +58,7 @@ jobs:
           # Prefix the list here with "+" to use these queries and those in the config file.
 
           # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality
+          queries: security-extended,security-and-quality
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)

diff --git a/.github/workflows/_pypi_publish.yaml b/.github/workflows/_pypi_publish.yaml
@@ -29,15 +29,25 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            ghcr.io
+            test.pypi.org
+            tuf-repo-cdn.sigstore.dev
+            fulcio.sigstore.dev
+            rekor.sigstore.dev
+            github.com:443
+            uploads.github.com:443
+            pkg-containers.githubusercontent.com:443
 
       - name: Download all the distributions
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: python-package-distributions
           path: dist/
 
-      - name: Publish package distributions to PyPI (optional - testpypi)
+      - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1
         with:
           password: ${{ secrets.API_TOKEN }}

diff --git a/.github/workflows/_pypi_test_publish.yaml b/.github/workflows/_pypi_test_publish.yaml
@@ -29,15 +29,25 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            ghcr.io
+            test.pypi.org
+            tuf-repo-cdn.sigstore.dev
+            fulcio.sigstore.dev
+            rekor.sigstore.dev
+            github.com:443
+            uploads.github.com:443
+            pkg-containers.githubusercontent.com:443
 
       - name: Download all the distributions
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: python-package-distributions
           path: dist/
 
-      - name: Publish package distributions to PyPI (optional - testpypi)
+      - name: Publish package distributions to Test PyPI
         uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1
         with:
           password: ${{ secrets.API_TOKEN }}

diff --git a/.github/workflows/_test_futures_private.yaml b/.github/workflows/_test_futures_private.yaml
@@ -38,6 +38,9 @@ jobs:
     name: Test ${{ inputs.os }} ${{ inputs.python-version }}
     runs-on: ${{ inputs.os }}
     timeout-minutes: 7
+    concurrency:
+      group: test_futures_private
+      cancel-in-progress: true
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -49,6 +52,7 @@ jobs:
             files.pythonhosted.org:443
             futures.kraken.com:443
             github.com:443
+            objects.githubusercontent.com:443
             pypi.org:443
 
       - name: Checkout repository
@@ -59,15 +63,25 @@ jobs:
         with:
           python-version: ${{ inputs.python-version }}
 
-      - name: Update Pip
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Install package (Linux or macOS)
+        if: runner.os != 'Windows'
         run: |
-          python -m pip install --user --upgrade pip
+          uv venv
+          source .venv/bin/activate
+          echo ${GITHUB_WORKSPACE}/.venv/bin >> $GITHUB_PATH
+          uv pip install ".[test]"
 
-      - name: Install package
-        run: python -m pip install --user ".[test]"
+      - name: Install package (Windows)
+        if: runner.os == 'Windows'
+        run: |
+          uv venv
+          .venv\Scripts\activate.ps1
+          echo "$env:GITHUB_WORKSPACE\.venv\Scripts" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          uv pip install ".[test]"
 
-      ##    Unit tests of the private Futures REST clients and endpoints
-      ##
       - name: Testing Futures REST endpoints
         env:
           FUTURES_API_KEY: ${{ secrets.FUTURES_API_KEY }}
@@ -76,8 +90,6 @@ jobs:
           FUTURES_SANDBOX_SECRET: ${{ secrets.FUTURES_SANDBOX_SECRET }}
         run: pytest -vv -m "futures_auth and not futures_websocket and not flaky" tests
 
-      ##    Unit tests of the Futures websocket client
-      ##
       - name: Testing Futures websocket client
         env:
           FUTURES_API_KEY: ${{ secrets.FUTURES_API_KEY }}

diff --git a/.github/workflows/_test_futures_public.yaml b/.github/workflows/_test_futures_public.yaml
@@ -38,6 +38,7 @@ jobs:
             files.pythonhosted.org:443
             futures.kraken.com:443
             github.com:443
+            objects.githubusercontent.com:443
             pypi.org:443
 
       - name: Checkout repository
@@ -48,14 +49,24 @@ jobs:
         with:
           python-version: ${{ inputs.python-version }}
 
-      - name: Update Pip
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Install package (Linux or macOS)
+        if: runner.os != 'Windows'
         run: |
-          python -m pip install --user --upgrade pip
+          uv venv
+          source .venv/bin/activate
+          echo ${GITHUB_WORKSPACE}/.venv/bin >> $GITHUB_PATH
+          uv pip install ".[test]"
 
-      - name: Install package
-        run: python -m pip install --user ".[test]"
+      - name: Install package (Windows)
+        if: runner.os == 'Windows'
+        run: |
+          uv venv
+          .venv\Scripts\activate.ps1
+          echo "$env:GITHUB_WORKSPACE\.venv\Scripts" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          uv pip install ".[test]"
 
-      ##    Unit tests of the public Futures REST clients and endpoints
-      ##
       - name: Testing Futures REST endpoints
         run: pytest -vv -m "futures and not futures_auth and not futures_websocket" tests