Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crank up all of the ruff lints #214

Merged
merged 1 commit into from
Dec 29, 2023
Merged

Crank up all of the ruff lints #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions gpg_sign.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def set_output(*, name: str, value: str) -> None:
"""

if github_output := os.getenv("GITHUB_OUTPUT"):
with open(github_output, "a") as out:
with Path(github_output).open("a") as out:
print(f"{name}={value}", file=out)


Expand Down Expand Up @@ -110,7 +110,7 @@ def gpg_sign_artifact(*, artifact: Path, release_name: str) -> Path:
with log_group(f"Create GPG signature [{artifact.name}]"):
with suppress(FileNotFoundError):
shutil.rmtree(stage)
os.makedirs(stage, exist_ok=True)
stage.mkdir(parents=True)

asc = stage.joinpath(f"{artifact.name}.asc")
run_command_with_merged_output(
Expand Down Expand Up @@ -194,8 +194,6 @@ def main() -> int:
validate(artifact=args.artifact, asc=signature)

set_output(name="signature", value=str(signature))

return 0
except subprocess.CalledProcessError as e:
print("Error: failed to invoke command", file=sys.stderr)
print(f" Command: {e.cmd}", file=sys.stderr)
Expand All @@ -217,6 +215,8 @@ def main() -> int:
print(f"Error: {e}", file=sys.stderr)
print(traceback.format_exc(), file=sys.stderr)
return 1
else:
return 0


if __name__ == "__main__":
Expand Down
45 changes: 30 additions & 15 deletions macos_sign_and_notarize.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@

MACOS_SIGN_AND_NOTARIZE_VERSION = "0.5.0"

MACOS_MONTEREY_MAJOR_VERSION = 12


@dataclass(frozen=True, kw_only=True)
class Args:
Expand All @@ -32,10 +34,27 @@ class Args:
release: str


class NotaryToolException(Exception):
class NotaryToolError(Exception):
pass


class MissingNotarizePasswordError(Exception):
def __init__(self: "MissingNotarizePasswordError") -> None:
super().__init__("MACOS_NOTARIZE_APP_PASSWORD environment variable is required")


class MissingCodeSigningCertificateError(Exception):
def __init__(self: "MissingCodeSigningCertificateError") -> None:
super().__init__("MACOS_CERTIFICATE environment variable is required")


class MissingCodeSigningCertificatePassphraseError(Exception):
def __init__(self: "MissingCodeSigningCertificatePassphraseError") -> None:
super().__init__(
"MACOS_CERTIFICATE_PASSPHRASE environment variable is required"
)


def run_notarytool(
command: list[str], *, retries: int = 3, backoff_s: float = 5.0
) -> str:
Expand Down Expand Up @@ -78,7 +97,7 @@ def run_notarytool(

attempt += 1

raise NotaryToolException(" ".join(command))
raise NotaryToolError(" ".join(command))


def run_command_with_merged_output(command: list[str], *, max_retries: int = 3) -> None:
Expand Down Expand Up @@ -131,7 +150,7 @@ def set_output(*, name: str, value: str) -> None:
"""

if github_output := os.getenv("GITHUB_OUTPUT"):
with open(github_output, "a") as out:
with Path(github_output).open("a") as out:
print(f"{name}={value}", file=out)


Expand Down Expand Up @@ -184,8 +203,6 @@ def get_image_size(image: Path) -> int:
https://github.com/create-dmg/create-dmg/blob/412e99352bacef0f05f9abe6cc4348a627b7ac56/create-dmg#L306-L315
"""

MACOS_MONTEREY_MAJOR_VERSION = 12

proc = subprocess.run(
["/usr/bin/sw_vers", "-productVersion"],
check=True,
Expand Down Expand Up @@ -289,7 +306,7 @@ def notarization_app_specific_password() -> str:

if app_specific_password := os.getenv("MACOS_NOTARIZE_APP_PASSWORD"):
return app_specific_password
raise Exception("MACOS_NOTARIZE_APP_PASSWORD environment variable is required")
raise MissingNotarizePasswordError


def notarization_team_id() -> str:
Expand Down Expand Up @@ -491,18 +508,16 @@ def import_codesigning_certificate() -> None:
with log_group("Import codesigning certificate"):
encoded_certificate = os.getenv("MACOS_CERTIFICATE")
if not encoded_certificate:
raise Exception("MACOS_CERTIFICATE environment variable is required")
raise MissingCodeSigningCertificateError

try:
certificate = base64.b64decode(encoded_certificate, validate=True)
except binascii.Error as exc:
raise Exception("MACOS_CERTIFICATE must be base64 encoded") from exc
raise MissingCodeSigningCertificateError from exc

certificate_password = os.getenv("MACOS_CERTIFICATE_PASSPHRASE")
if not certificate_password:
raise Exception(
"MACOS_CERTIFICATE_PASSPHRASE environment variable is required"
)
raise MissingCodeSigningCertificatePassphraseError

with TemporaryDirectory() as tempdirname:
cert = Path(tempdirname).joinpath("certificate.p12")
Expand Down Expand Up @@ -633,7 +648,7 @@ def create_notarization_bundle(
dmg.unlink(missing_ok=True)
with suppress(FileNotFoundError):
shutil.rmtree(stage)
os.makedirs(stage, exist_ok=True)
stage.mkdir(parents=True)

for binary in binaries:
shutil.copy(binary, stage)
Expand Down Expand Up @@ -742,7 +757,7 @@ def notarize_bundle(*, bundle: Path) -> None:
notarization_request = line.strip().removeprefix("id: ")

if not notarization_request:
raise Exception("Notarization request did not return an id on success")
raise NotaryToolError("Notarization request did not return an id on success")

# xcrun notarytool log \
# 2efe2717-52ef-43a5-96dc-0797e4ca1041 \
Expand Down Expand Up @@ -916,8 +931,6 @@ def main() -> int:
validate(bundle=bundle, binary_names=[binary.name for binary in args.binaries])
set_output(name="asset", value=str(bundle))
set_output(name="content_type", value="application/x-apple-diskimage")

return 0
except subprocess.CalledProcessError as e:
print("Error: failed to invoke command", file=sys.stderr)
print(f" Command: {e.cmd}", file=sys.stderr)
Expand All @@ -939,6 +952,8 @@ def main() -> int:
print(f"Error: {e}", file=sys.stderr)
print(traceback.format_exc(), file=sys.stderr)
return 1
else:
return 0
finally:
# Purge keychain.
delete_keychain()
Expand Down
35 changes: 5 additions & 30 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ dev = [

[tool.black]
line-length = 88
target-version = ['py311']
target-version = ['py312']
include = '\.pyi?$'

[tool.isort]
Expand All @@ -27,7 +27,7 @@ line_length = 88
skip_gitignore = true

[tool.mypy]
python_version = "3.11"
python_version = "3.12"
strict = true
show_error_codes = true
pretty = true
Expand All @@ -41,31 +41,6 @@ module = ["validators.*"]
ignore_missing_imports = true

[tool.ruff]
select = [
"E",
"F",
"I",
"UP",
"YTT",
"ANN",
"S",
"BLE",
"FBT",
"B",
"C4",
"T10",
"ISC",
"ICN",
"RET",
"SIM",
"ARG",
"ERA",
"PLC",
"PLE",
"PLR",
"PLW",
"PIE",
"RUF",
]

ignore = ["S603", "UP007"]
target-version = "py312"
select = ["ALL"]
ignore = ["COM812", "D", "EM", "S603", "T201", "TRY003", "UP007"]