diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index fb89afb..3c7c856 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -9,26 +9,28 @@ on: jobs: test: runs-on: haskelseed - strategy: - matrix: - python-version: ["3.10", "3.12"] steps: - name: Check out source - uses: actions/checkout@v4 - - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} + env: + PACKAGE_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + run: | + git clone --depth 1 \ + "https://tegwick:${PACKAGE_TOKEN}@gitea.coulomb.social/coulomb/kaizen-agentic.git" \ + repo + cd repo + git checkout "${{ gitea.sha }}" - name: Install package and dev tools - run: python -m pip install --upgrade pip && python -m pip install -e ".[dev]" + run: | + cd repo + python3 -m pip install --upgrade pip + python3 -m pip install -e ".[dev]" - name: Format check (black) - run: black --check src tests + run: cd repo && black --check src tests - name: Lint (flake8) - run: pip install flake8 && flake8 src/ --max-line-length=100 + run: cd repo && flake8 src/ --max-line-length=100 - name: Run tests - run: pytest tests/ -q --ignore=tests/test_cli_error_handling.py + run: cd repo && pytest tests/ -q --ignore=tests/test_cli_error_handling.py diff --git a/.gitea/workflows/publish-python-package.yml b/.gitea/workflows/publish-python-package.yml index 5923dba..e1529c3 100644 --- a/.gitea/workflows/publish-python-package.yml +++ b/.gitea/workflows/publish-python-package.yml @@ -11,27 +11,24 @@ jobs: runs-on: haskelseed steps: - name: Check out source - uses: actions/checkout@v4 + env: + PACKAGE_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + run: | + git clone --depth 1 \ + "https://tegwick:${PACKAGE_TOKEN}@gitea.coulomb.social/coulomb/kaizen-agentic.git" \ + repo + cd repo + git checkout "${{ gitea.sha }}" - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - - name: Install packaging tools - run: python -m pip install --upgrade build twine - - - name: Build distributions - run: python -m build - - - name: Validate distributions - run: python -m twine check dist/* - - - name: Upload to Gitea PyPI + - name: Build and publish env: TWINE_USERNAME: ${{ secrets.PACKAGE_USER }} TWINE_PASSWORD: ${{ secrets.PACKAGE_TOKEN }} - run: >- - python -m twine upload - --repository-url https://gitea.coulomb.social/api/packages/coulomb/pypi - dist/* + run: | + cd repo + python3 -m pip install --upgrade pip build twine + python3 -m build + python3 -m twine check dist/* + python3 -m twine upload \ + --repository-url https://gitea.coulomb.social/api/packages/coulomb/pypi \ + dist/* diff --git a/docs/PACKAGE_RELEASE.md b/docs/PACKAGE_RELEASE.md index 7093519..094de82 100644 --- a/docs/PACKAGE_RELEASE.md +++ b/docs/PACKAGE_RELEASE.md @@ -64,7 +64,8 @@ Configure in Gitea: **Repository → Settings → Actions → Secrets**. | `PACKAGE_TOKEN` | Gitea API token with `write:package` scope | Gitea rejects secret names prefixed with `GITEA_` — use `PACKAGE_USER` / `PACKAGE_TOKEN` -(not `GITEA_PACKAGE_USER`). +(not `GITEA_PACKAGE_USER`). Workflows use `runs-on: haskelseed` and native `git clone` +(no GitHub Marketplace actions). The publish workflow fails at the upload step when either secret is missing or invalid. Do not commit tokens to the repository.