pywbem
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 223 additions & 0 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 223 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 98 additions & 12 deletions b/‎Makefile‎
Lines changed: 98 additions & 12 deletions
diff --git a/‎changes/.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎changes/.gitignore‎
Lines changed: 2 additions & 0 deletions
@@ -0,0 +1,223 @@
+# This GitHub workflow will publish the package to Pypi and create a new stable branch when releasing the master branch.
+# For more information see:
+# https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+
+name: publish
+
+on:
+  push:  # When pushing a tag
+    tags:
+    - "*"
+    - "!*a0"  # Exclude initial tag for a new version
+
+jobs:
+  publish:
+    name: Build and publish to PyPI
+    if: startsWith(github.ref, 'refs/tags')
+    runs-on: ubuntu-latest
+    # This workflow uses Pypi trusted publishing, see https://docs.pypi.org/trusted-publishers/
+    # Requirements:
+    # - On the Pypi project, the GitHub repo must be defined as a trusted publisher
+    # - On the GitHub repo, an environment 'pypi' must exist
+    environment: pypi  # For Pypi trusted publishing
+    permissions:
+      id-token: write  # For Pypi trusted publishing
+      contents: write  # For creating GitHub release
+    steps:
+
+    #-------- Info gathering and checks
+    - name: Set pushed tag
+      id: set-tag
+      uses: actions/github-script@v8
+      with:
+        result-encoding: string
+        script: |
+          const result = "${{ github.ref }}".match("refs/tags/(.*)$")[1]
+          console.log(result)
+          return result
+    - name: Check validity of pushed tag
+      run: |
+        if [[ ${{ steps.set-tag.outputs.result }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          echo "Pushed tag '${{ steps.set-tag.outputs.result }}' is valid";
+        else
+          echo "Pushed tag '${{ steps.set-tag.outputs.result }}' is invalid (must be 'M.N.U')";
+          false;
+        fi
+    - name: Determine whether releasing the master branch
+      id: set-is-master-branch
+      uses: actions/github-script@v8
+      with:
+        result-encoding: string
+        script: |
+          const resp = await github.rest.git.getRef({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            ref: "heads/master",
+          })
+          const result = (resp.data.object.sha == "${{ github.sha }}")
+          console.log(result)
+          return result
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Determine name of stable branch for pushed tag
+      id: set-stable-branch
+      uses: actions/github-script@v8
+      with:
+        result-encoding: string
+        script: |
+          const result = "stable_"+"${{ steps.set-tag.outputs.result }}".match("([0-9]+\.[0-9]+)\.")[1]
+          console.log(result)
+          return result
+    - name: Determine whether releasing stable branch for pushed tag
+      id: set-is-stable-branch
+      uses: actions/github-script@v8
+      with:
+        result-encoding: string
+        script: |
+          var resp
+          try {
+            resp = await github.rest.git.getRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: "heads/${{ steps.set-stable-branch.outputs.result }}",
+            })
+          }
+          catch(err) {
+            console.log("false (stable branch does not exist: "+err+")")
+            return false
+          }
+          const result = (resp.data.object.sha == "${{ github.sha }}")
+          console.log(result)
+          return result
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Check released commit to be master branch or stable branch for pushed tag
+      run: |
+        if [[ ${{ steps.set-is-master-branch.outputs.result }} == 'false' && ${{ steps.set-is-stable-branch.outputs.result }} == 'false' ]]; then
+          echo "Released commit is not 'master' or '${{ steps.set-stable-branch.outputs.result }}' branch";
+          false;
+        fi
+    - name: Set update version
+      id: set-update-version
+      uses: actions/github-script@v8
+      with:
+        result-encoding: string
+        script: |
+          const result = "${{ steps.set-tag.outputs.result }}".match("[0-9]+\.[0-9]+\.([0-9]+)")[1]
+          console.log(result)
+          return result
+    - name: Check update version to be 0 when releasing master branch
+      if: ${{ steps.set-is-master-branch.outputs.result == 'true' }}
+      run: |
+        if [[ ${{ steps.set-update-version.outputs.result }} != '0' ]]; then
+          echo "Update version '${{ steps.set-update-version.outputs.result }}' in tag '${{ steps.set-tag.outputs.result }}' is invalid (must be 0 when releasing master branch)";
+          false;
+        fi
+    - name: Check update version to be non-0 when releasing stable branch for pushed tag
+      if: ${{ steps.set-is-stable-branch.outputs.result == 'true' }}
+      run: |
+        if [[ ${{ steps.set-update-version.outputs.result }} == '0' ]]; then
+          echo "Update version '${{ steps.set-update-version.outputs.result }}' in tag '${{ steps.set-tag.outputs.result }}' is invalid (must be non-0 when releasing stable branch for pushed tag)";
+          false;
+        fi
+
+    #-------- Setup of work environment
+    - name: Checkout repo
+      uses: actions/checkout@v5
+      with:
+        # fetch-depth 0 checks out all history for all branches and tags.
+        # This is needed to get the authors from git.
+        fetch-depth: 0
+    - name: Set up Python
+      uses: actions/setup-python@v6
+      with:
+        python-version: "3.13"
+    - name: Development setup
+      run: |
+        make develop
+    - name: Display Python packages
+      run: |
+        pip list
+
+    #-------- Publishing of package
+    - name: Build the distribution
+      run: |
+        make build
+    - name: Display the distribution directory
+      run: |
+        ls -l dist
+    - name: Publish distribution to PyPI
+      if: startsWith(github.ref, 'refs/tags')
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        packages_dir: dist
+        # Pypi trusted publishing requires to have no password
+
+    #-------- Creation of Github release
+    - name: Determine whether release on Github exists for the pushed tag
+      id: set-release-exists
+      uses: octokit/request-action@v2.x
+      with:
+        route: GET /repos/${{ github.repository }}/releases/tags/${{ steps.set-tag.outputs.result }}
+      continue-on-error: true
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Create release on Github for the pushed tag if it does not exist
+      if: ${{ steps.set-release-exists.outputs.status == 404 }}
+      uses: octokit/request-action@v2.x
+      with:
+        route: POST /repos/${{ github.repository }}/releases
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        INPUT_TAG_NAME: ${{ steps.set-tag.outputs.result }}
+        INPUT_NAME: "Release ${{ steps.set-tag.outputs.result }}"
+        INPUT_BODY: "Change log https://pywbem.readthedocs.io/en/${{ steps.set-tag.outputs.result }}/changes.html"
+
+    #-------- Creation of stable branch
+    # Note: This does not seem to depend on the disablement of the "Restrict pushes
+    # that create matching branches" setting in the branch protection rules for stable_*.
+    # It is possible that this fails with HTTP 422, for unknown reasons.
+    - name: Create new stable branch when releasing master branch
+      if: steps.set-is-master-branch.outputs.result == 'true'
+      id: create-stable-branch
+      uses: actions/github-script@v8
+      with:
+        script: |
+          github.rest.git.createRef({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            ref: "refs/heads/${{ steps.set-stable-branch.outputs.result }}",
+            sha: "${{ github.sha }}",
+          })
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true
+    - name: Wait some time if HTTP error 422
+      if: steps.set-is-master-branch.outputs.result == 'true' && steps.create-stable-branch.outputs.status == 422
+      run: |
+        sleep 10
+    - name: Retry create new stable branch when releasing master branch if HTTP error 422
+      if: steps.set-is-master-branch.outputs.result == 'true' && steps.create-stable-branch.outputs.status == 422
+      id: create-stable-branch-2
+      uses: actions/github-script@v8
+      with:
+        script: |
+          github.rest.git.createRef({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            ref: "refs/heads/${{ steps.set-stable-branch.outputs.result }}",
+            sha: "${{ github.sha }}",
+          })
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true
+    - name: Handle HTTP error 422 from creating the new stable branch
+      if: steps.set-is-master-branch.outputs.result == 'true' && steps.create-stable-branch-2.outputs.status == 422
+      run: |
+        echo "Error: Creating the new stable branch ${{ steps.set-stable-branch.outputs.result }} failed twice, but the publish still succeeded. Create the new stable branch manually:"
+        echo "git checkout master"
+        echo "git pull"
+        echo "git checkout -b ${{ steps.set-stable-branch.outputs.result }}"
+        echo "git push --set-upstream origin ${{ steps.set-stable-branch.outputs.result }}"
+        false
@@ -22,6 +22,7 @@
 *.log
 *.tmp
 tmp.*
+tmp_*
 *~
 .*~
 *.py,cover
 
@@ -271,7 +271,7 @@ dist_dependent_files := \
 done_dir := done
 
 # Packages whose dependencies are checked using pip-missing-reqs
-check_reqs_packages := pytest coverage coveralls flake8 pylint twine safety sphinx
+check_reqs_packages := pytest coverage coveralls flake8 pylint twine safety sphinx towncrier
 
 .PHONY: help
 help:
@@ -293,8 +293,11 @@ help:
 	@echo "  doclinkcheck - Run Sphinx linkcheck on the documentation"
 	@echo "  authors    - Generate AUTHORS.md file from git log"
 	@echo "  all        - Do all of the above"
+	@echo "  release_branch - Create a release branch when releasing a version (requires VERSION and optionally BRANCH to be set)"
+	@echo "  release_publish - Publish to PyPI when releasing a version (requires VERSION and optionally BRANCH to be set)"
+	@echo "  start_branch - Create a start branch when starting a new version (requires VERSION and optionally BRANCH to be set)"
+	@echo "  start_tag - Create a start tag when starting a new version (requires VERSION and optionally BRANCH to be set)"
 	@echo "  install    - Install $(package_name) as standalone and its dependent packages"
-	@echo "  upload     - build + upload the distribution archive files to PyPI"
 	@echo "  clean      - Remove any temporary files"
 	@echo "  clobber    - Remove everything created to ensure clean start"
 	@echo "  pip_list   - Display the installed Python packages as seen by make"
@@ -320,6 +323,8 @@ help:
 	@echo "      Optional, defaults to 'python'."
 	@echo "  PIP_CMD - Pip command to be used. Useful for Python 3 in some envs."
 	@echo "      Optional, defaults to 'pip'."
+	@echo "  VERSION=... - M.N.U version to be released or started"
+	@echo "  BRANCH=... - Name of branch to be released or started (default is derived from VERSION)"
 
 .PHONY: platform
 platform:
@@ -395,6 +400,96 @@ mypy: $(done_dir)/mypy_$(pymn)_$(PACKAGE_LEVEL).done
 all: develop check_reqs build builddoc check pylint mypy installtest test doclinkcheck authors
 	@echo "Makefile: $@ done."
 
+.PHONY: release_branch
+release_branch:
+	@bash -c 'if [ -z "$(VERSION)" ]; then echo ""; echo "Error: VERSION env var is not set"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git status -s)" ]; then echo ""; echo "Error: Local git repo has uncommitted files:"; echo ""; git status; false; fi'
+	git fetch origin
+	@bash -c 'if [ -z "$$(git tag -l $(VERSION)a0)" ]; then echo ""; echo "Error: Release start tag $(VERSION)a0 does not exist (the version has not been started)"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git tag -l $(VERSION))" ]; then echo ""; echo "Error: Release tag $(VERSION) already exists (the version has already been released)"; echo ""; false; fi'
+	@bash -c 'if [[ -n "$${BRANCH}" ]]; then echo $${BRANCH} >branch.tmp; elif [[ "$${VERSION#*.*.}" == "0" ]]; then echo "master" >branch.tmp; else echo "stable_$${VERSION%.*}" >branch.tmp; fi'
+	@bash -c 'if [ -z "$$(git branch --contains $(VERSION)a0 $$(cat branch.tmp))" ]; then echo ""; echo "Error: Release start tag $(VERSION)a0 is not in target branch $$(cat branch.tmp), but in:"; echo ""; git branch --contains $(VERSION)a0;. false; fi'
+	@echo "==> This will start the release of $(package_name) version $(VERSION) to PyPI using target branch $$(cat branch.tmp)"
+	@echo -n '==> Continue? [yN] '
+	@bash -c 'read answer; if [ "$$answer" != "y" ]; then echo "Aborted."; false; fi'
+	bash -c 'git checkout $$(cat branch.tmp)'
+	git pull
+	@bash -c 'if [ -z "$$(git branch -l release_$(VERSION))" ]; then echo "Creating release branch release_$(VERSION)"; git checkout -b release_$(VERSION); fi'
+	git checkout release_$(VERSION)
+	make authors
+	towncrier build --version $(VERSION) --yes
+	@bash -c 'if ls changes/*.rst >/dev/null 2>/dev/null; then echo ""; echo "Error: There are incorrectly named change fragment files that towncrier did not use:"; ls -1 changes/*.rst; echo ""; false; fi'
+	git commit -asm "Release $(VERSION)"
+	git push --set-upstream origin release_$(VERSION)
+	rm -f branch.tmp
+	@echo "Done: Pushed the release branch to GitHub - now go there and create a PR."
+	@echo "Makefile: $@ done."
+
+.PHONY: release_publish
+release_publish:
+	@bash -c 'if [ -z "$(VERSION)" ]; then echo ""; echo "Error: VERSION env var is not set"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git status -s)" ]; then echo ""; echo "Error: Local git repo has uncommitted files:"; echo ""; git status; false; fi'
+	git fetch origin
+	@bash -c 'if [ -n "$$(git tag -l $(VERSION))" ]; then echo ""; echo "Error: Release tag $(VERSION) already exists (the version has already been released)"; echo ""; false; fi'
+	@bash -c 'if [[ -n "$${BRANCH}" ]]; then echo $${BRANCH} >branch.tmp; elif [[ "$${VERSION#*.*.}" == "0" ]]; then echo "master" >branch.tmp; else echo "stable_$${VERSION%.*}" >branch.tmp; fi'
+	@bash -c 'if [ "$$(git log --format=format:%s origin/$$(cat branch.tmp)~..origin/$$(cat branch.tmp))" != "Release $(VERSION)" ]; then echo ""; echo "Error: Release PR for $(VERSION) has not been merged yet"; echo ""; false; fi'
+	@echo "==> This will publish $(package_name) version $(VERSION) to PyPI using target branch $$(cat branch.tmp)"
+	@echo -n '==> Continue? [yN] '
+	@bash -c 'read answer; if [ "$$answer" != "y" ]; then echo "Aborted."; false; fi'
+	bash -c 'git checkout $$(cat branch.tmp)'
+	git pull
+	git tag -f $(VERSION)
+	git push -f --tags
+	git branch -D release_$(VERSION)
+	git branch -D -r origin/release_$(VERSION)
+	rm -f branch.tmp
+	@echo "Done: Triggered the publish workflow - now wait for it to finish and verify the publishing."
+	@echo "Makefile: $@ done."
+
+.PHONY: start_branch
+start_branch:
+	@bash -c 'if [ -z "$(VERSION)" ]; then echo ""; echo "Error: VERSION env var is not set"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git status -s)" ]; then echo ""; echo "Error: Local git repo has uncommitted files:"; echo ""; git status; false; fi'
+	git fetch origin
+	@bash -c 'if [ -n "$$(git tag -l $(VERSION))" ]; then echo ""; echo "Error: Release tag $(VERSION) already exists (the version has already been released)"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git tag -l $(VERSION)a0)" ]; then echo ""; echo "Error: Release start tag $(VERSION)a0 already exists (the new version has alreay been started)"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git branch -l start_$(VERSION))" ]; then echo ""; echo "Error: Start branch start_$(VERSION) already exists (the start of the new version is already underway)"; echo ""; false; fi'
+	@bash -c 'if [[ -n "$${BRANCH}" ]]; then echo $${BRANCH} >branch.tmp; elif [[ "$${VERSION#*.*.}" == "0" ]]; then echo "master" >branch.tmp; else echo "stable_$${VERSION%.*}" >branch.tmp; fi'
+	@echo "==> This will start new version $(VERSION) using target branch $$(cat branch.tmp)"
+	@echo -n '==> Continue? [yN] '
+	@bash -c 'read answer; if [ "$$answer" != "y" ]; then echo "Aborted."; false; fi'
+	bash -c 'git checkout $$(cat branch.tmp)'
+	git pull
+	git checkout -b start_$(VERSION)
+	echo "Dummy change for starting new version $(VERSION)" >changes/noissue.$(VERSION).notshown.rst
+	git add changes/noissue.$(VERSION).notshown.rst
+	git commit -asm "Start $(VERSION)"
+	git push --set-upstream origin start_$(VERSION)
+	rm -f branch.tmp
+	@echo "Done: Pushed the start branch to GitHub - now go there and create a PR."
+	@echo "Makefile: $@ done."
+
+.PHONY: start_tag
+start_tag:
+	@bash -c 'if [ -z "$(VERSION)" ]; then echo ""; echo "Error: VERSION env var is not set"; echo ""; false; fi'
+	@bash -c 'if [ -n "$$(git status -s)" ]; then echo ""; echo "Error: Local git repo has uncommitted files:"; echo ""; git status; false; fi'
+	git fetch origin
+	@bash -c 'if [ -n "$$(git tag -l $(VERSION)a0)" ]; then echo ""; echo "Error: Release start tag $(VERSION)a0 already exists (the new version has alreay been started)"; echo ""; false; fi'
+	@bash -c 'if [[ -n "$${BRANCH}" ]]; then echo $${BRANCH} >branch.tmp; elif [[ "$${VERSION#*.*.}" == "0" ]]; then echo "master" >branch.tmp; else echo "stable_$${VERSION%.*}" >branch.tmp; fi'
+	@bash -c 'if [ "$$(git log --format=format:%s origin/$$(cat branch.tmp)~..origin/$$(cat branch.tmp))" != "Start $(VERSION)" ]; then echo ""; echo "Error: Start PR for $(VERSION) has not been merged yet"; echo ""; false; fi'
+	@echo "==> This will complete the start of new version $(VERSION) using target branch $$(cat branch.tmp)"
+	@echo -n '==> Continue? [yN] '
+	@bash -c 'read answer; if [ "$$answer" != "y" ]; then echo "Aborted."; false; fi'
+	bash -c 'git checkout $$(cat branch.tmp)'
+	git pull
+	git tag -f $(VERSION)a0
+	git push -f --tags
+	git branch -D start_$(VERSION)
+	git branch -D -r origin/start_$(VERSION)
+	rm -f branch.tmp
+	@echo "Done: Pushed the release start tag and cleaned up the release start branch."
+	@echo "Makefile: $@ done."
+
 .PHONY: clobber
 clobber: clean
 	@echo "Makefile: Removing everything for a fresh start"
@@ -416,15 +511,6 @@ clean:
 	@echo "Makefile: Done removing temporary build products"
 	@echo "Makefile: $@ done."
 
-.PHONY: upload
-upload: $(dist_files)
-	@echo "Makefile: Checking files before uploading to PyPI"
-	twine check $(dist_files)
-	@echo "Makefile: Uploading to PyPI: $(package_name) $(package_version)"
-	twine upload $(dist_files)
-	@echo "Makefile: Done uploading to PyPI"
-	@echo "Makefile: $@ done."
-
 $(done_dir)/base_$(pymn)_$(PACKAGE_LEVEL).done: Makefile base-requirements.txt minimum-constraints-develop.txt minimum-constraints-install.txt
 	-$(call RM_FUNC,$@)
 	@echo "Makefile: Installing/upgrading base packages with PACKAGE_LEVEL=$(PACKAGE_LEVEL)"
@@ -480,7 +566,7 @@ docchanges: $(done_dir)/develop_$(pymn)_$(PACKAGE_LEVEL).done
 .PHONY: doclinkcheck
 doclinkcheck: $(done_dir)/develop_$(pymn)_$(PACKAGE_LEVEL).done
 	@echo "Makefile: Creating the doc link errors file"
-	$(doc_cmd) -b linkcheck $(doc_opts) $(doc_build_dir)/linkcheck
+	-$(doc_cmd) -b linkcheck $(doc_opts) $(doc_build_dir)/linkcheck
 	@echo
 	@echo "Makefile: Done creating the doc link errors file: $(doc_build_dir)/linkcheck/output.txt"
 	@echo "Makefile: $@ done."
 
@@ -0,0 +1,2 @@
+# Keep this directory in git even if empty
+!.gitignore
-Original file line number
+Diff line change
 *.log
 *.tmp
 tmp.*
 +tmp_*
 *~
 .*~
 *.py,cover
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Keep this directory in git even if empty`
	`2`	`+!.gitignore`