Merge pull request #6 from Gandi/features/uv

Features/uv

Author: mardiros

.github/workflows/build-artifacts.yml

@@ -0,0 +1,51 @@
+# Build envsub tarballs for supported python.
+
+name: "Build artifact"
+
+on:
+  workflow_call:
+    inputs:
+      release-version:
+        required: true
+        type: string
+      dry-run:
+        required: true
+        type: boolean
+      python-version:
+        required: true
+        type: string
+  pull_request:
+    paths:
+      # When we change pyproject.toml, we want to ensure that the maturin builds still work.
+      - pyproject.toml
+      # And when we change this workflow itself...
+      - .github/workflows/build-artifacts.yml
+
+concurrency:
+  group: sdist-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  sdist:
+    name: Build artifact for ${{ inputs.release-version }} ${{ inputs.dry-run && '(dry-run)' || '' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ inputs.python-version }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+
+      - name: Install the project
+        run: uv sync
+
+      - name: Build tarball
+        run: uv build
+
+      - name: "Upload sdist"
+        uses: actions/upload-artifact@v4
+        with:
+          name: pypi_files
+          path: dist/*

.github/workflows/main.yml

@@ -0,0 +1,30 @@
+name: Doc
+
+on:
+  workflow_call:
+    inputs:
+      release-version:
+        required: true
+        type: string
+      dry-run:
+        required: true
+        type: boolean
+
+  workflow_dispatch:
+
+jobs:
+  pages:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    permissions:
+      pages: write # Grants write access for GitHub Pages
+      id-token: write # Enables id-token for OIDC tokens
+    steps:
+      - id: deployment
+        uses: sphinx-notes/pages@v3
+        with:
+          documentation_path: docs/source
+          publish: ${{ !inputs.dry-run }}
+          python_version: 3.12

.github/workflows/publish-doc.yml

@@ -0,0 +1,35 @@
+# Publish a release to PyPI.
+#
+name: "Publish to PyPI"
+
+on:
+  workflow_call:
+    inputs:
+      release-version:
+        required: true
+        type: string
+      dry-run:
+        required: true
+        type: boolean
+
+jobs:
+  pypi-publish:
+    name: Upload to PyPI ${{ inputs.release-version }} ${{ inputs.dry-run && '(dry-run)' || '' }}
+    runs-on: ubuntu-latest
+    if: ${{ !inputs.dry-run }}
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: pypi_files
+          path: dist
+          merge-multiple: true
+
+      - uses: pdm-project/setup-pdm@v4
+        with:
+          python-version: 3.12
+
+      - name: Publish package distributions to PyPI
+        run: pdm publish --no-build

.github/workflows/publish-pypi.yml

@@ -0,0 +1,41 @@
+name: tests artifacts
+
+# Controls when the workflow will run
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_call:
+    inputs:
+      release-version:
+        required: true
+        type: string
+        description: "release number"
+      dry-run:
+        required: true
+        type: boolean
+        description: "blank run means that the release will not be pushed"
+
+jobs:
+  test-sdist:
+    name: test tarball archive of ${{ inputs.release-version }} ${{ inputs.dry-run && '(dry-run)' || '' }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
+    steps:
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: pypi_files
+          path: dist
+          merge-multiple: true
+
+      - name: "Install"
+        run: |
+          pip install dist/wagtail-oauth2-*.whl --force-reinstall
+
+      - name: "Test sdist"
+        run: |
+          python -c "from wagtail_oauth2 import __version__; print(__version__, end='')"

.github/workflows/tests-artifacts.yml

@@ -0,0 +1,54 @@
+name: Django CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: chartboost/ruff-action@v1
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+
+      - name: Install the project
+        run: uv sync --group dev
+
+      - name: Run tests
+        run: |
+          uv run pytest tests  --junitxml=junit/test-results-${{ matrix.python-version }}.xml --cov=wagtail_oauth2 --cov-report=xml --cov-report=html
+
+      - name: Upload pytest test results
+        uses: actions/upload-artifact@v4
+        with:
+          name: pytest-results-${{ matrix.python-version }}
+          path: junit/test-results-${{ matrix.python-version }}.xml
+
+      # FIXME = I don't see wagtail-oauth2 on codecov ( the token is now mandatory )
+      # - name: Upload test results to Codecov
+      #   if: ${{ !cancelled() }} && matrix.python-version == '3.12' && github.event_name != 'workflow_dispatch'
+      #   uses: codecov/test-results-action@v1
+      #   with:
+      #     token: ${{ secrets.CODECOV_TOKEN }}
+      #     files: junit/test-results-${{ matrix.python-version }}.xml
+
+      # - name: Codecov
+      #   if: matrix.python-version == '3.12' && github.event_name != 'workflow_dispatch'
+      #   uses: codecov/codecov-action@v4
+      #   with:
+      #     token: ${{ secrets.CODECOV_TOKEN }}
+      #     files: coverage.xml

.github/workflows/tests.yml

@@ -0,0 +1,57 @@
+package := 'wagtail_oauth2'
+default_test_suite := 'tests'
+
+install:
+    uv sync --group dev --frozen
+
+update:
+    uv sync --group dev
+
+upgrade:
+    uv sync --group dev --upgrade
+
+doc:
+    uv sync --group dev --group doc
+    cd docs && uv run make html
+    xdg-open docs/build/html/index.html
+
+cleandoc:
+    cd docs && uv run make clean
+
+lint:
+    uv run ruff check .
+
+test: lint unittest
+
+unittest test_suite=default_test_suite:
+    uv run pytest -sxv {{test_suite}}
+
+lf:
+    uv run pytest -sxvvv --lf
+
+cov test_suite=default_test_suite:
+    rm -f .coverage
+    rm -rf htmlcov
+    uv run pytest --cov-report=html --cov={{package}} {{test_suite}}
+    xdg-open htmlcov/index.html
+
+fmt:
+    uv run ruff check --fix .
+    uv run ruff format src
+
+release major_minor_patch: test && changelog
+    uvx --with=pdm,pdm-bump --python-preference system pdm bump {{major_minor_patch}}
+    uv sync --group dev --frozen
+
+changelog:
+    uv run python scripts/write_changelog.py
+    cat CHANGELOG.rst >> CHANGELOG.rst.new
+    rm CHANGELOG.rst
+    mv CHANGELOG.rst.new CHANGELOG.rst
+    $EDITOR CHANGELOG.rst
+
+publish:
+    git commit -am "Release $(uv run scripts/get_version.py)"
+    git tag "v$(uv run scripts/get_version.py)"
+    git push
+    git push origin "v$(uv run scripts/get_version.py)"

Justfile

@@ -6,16 +6,11 @@ Wagtail OAuth2
    :target: https://wagtail-oauth2.readthedocs.io/en/latest/?badge=latest
    :alt: Documentation Status
 
-.. image:: https://github.com/Gandi/wagtail-oauth2/actions/workflows/main.yml/badge.svg
-   :target: https://github.com/Gandi/wagtail-oauth2/actions/workflows/main.yml
+.. image:: https://github.com/Gandi/wagtail-oauth2/actions/workflows/tests.yml/badge.svg
+   :target: https://github.com/Gandi/wagtail-oauth2/actions/workflows/tests.yml
    :alt: Build Status
 
 
-.. image:: https://codecov.io/gh/Gandi/wagtail-oauth2/branch/main/graph/badge.svg?token=VN14GVV3Y0
-   :target: https://codecov.io/gh/Gandi/wagtail-oauth2
-   :alt: Coverage
-
-
 Plugin to replace Wagtail default login by an OAuth2.0 Authorization Server.
 
 What is wagtail-oauth2
@@ -34,4 +29,4 @@ Read More
 You can read the `full documentation of this library here`_.
 
 
-.. _`full documentation of this library here`: https://wagtail-oauth2.readthedocs.io/en/latest/
+.. _`full documentation of this library here`: https://wagtail-oauth2.readthedocs.io/en/latest/

README.rst

@@ -12,6 +12,7 @@
 #
 import os
 import sys
+
 import tomlkit
 
 sys.path.insert(0, os.path.abspath("../../src"))

docs/source/conf.py

@@ -47,7 +47,7 @@ The settings `OAUTH2_LOAD_USERINFO` is a function that takes an `access_token` i
 and builds a python dict or raises a `PermissionDenied` error.
 
 Basically, this method is about fetching some information on the user loaded using
-OAuth2.0 API and deciding to grant the user to log in, and to get the role of 
+OAuth2.0 API and deciding to grant the user to log in, and to get the role of
 that user.
 
 The userinfo dict contains the following keys:
@@ -87,11 +87,11 @@ Exemple of settings
 
    def load_userinfo(access_token):
       try:
-         # Real code consume an api with a header 
+         # Real code consume an api with a header
          # f"Authorization: Bearer {access_token}"
          return USERS[access_token]
-      except KeyError:
-         raise PermissionDenied
+      except KeyError as exc:
+         raise PermissionDenied from exc
 
 
    OAUTH2_LOAD_USERINFO = load_userinfo