add validation step for pypi permissions
Projects that are going to try to upload releases to PyPI need to have given openstackci permission to do that. Change-Id: I8e5e60ea6bf2842e834d2352134a11b1f9fe02b9 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This commit is contained in:
parent
4fc9741ad3
commit
1bb935477a
@ -524,6 +524,48 @@ def validate_tarball_base(deliverable_info,
|
|||||||
action, expected, sdist))
|
action, expected, sdist))
|
||||||
|
|
||||||
|
|
||||||
|
def validate_pypi_permissions(deliverable_info, zuul_projects, workdir,
|
||||||
|
mk_warning, mk_error):
|
||||||
|
|
||||||
|
header('Validate PyPI Permissions')
|
||||||
|
|
||||||
|
for repo in deliverable_info['repository-settings'].keys():
|
||||||
|
|
||||||
|
job_templates = zuul_projects.get(repo, {}).get('templates', [])
|
||||||
|
|
||||||
|
# Look for jobs that appear to be talking about publishing to
|
||||||
|
# PyPI. There are variations.
|
||||||
|
pypi_jobs = [
|
||||||
|
j
|
||||||
|
for j in job_templates
|
||||||
|
if 'pypi' in j
|
||||||
|
]
|
||||||
|
|
||||||
|
if not pypi_jobs:
|
||||||
|
print('rule does not apply to repos not publishing to PyPI')
|
||||||
|
continue
|
||||||
|
|
||||||
|
print('{} publishes to PyPI via {}'.format(repo, pypi_jobs))
|
||||||
|
|
||||||
|
try:
|
||||||
|
sdist = pythonutils.get_sdist_name(workdir, repo)
|
||||||
|
except Exception as err:
|
||||||
|
mk_warning(
|
||||||
|
'Could not determine the sdist name '
|
||||||
|
'for {} to check PyPI permissions: {}'.format(
|
||||||
|
repo, err)
|
||||||
|
)
|
||||||
|
continue
|
||||||
|
|
||||||
|
uploaders = pythonutils.get_pypi_uploaders(sdist)
|
||||||
|
if 'openstackci' not in uploaders:
|
||||||
|
mk_error(
|
||||||
|
'openstackci does not have permission to upload packages '
|
||||||
|
'for {}. Current owners include: {}'.format(
|
||||||
|
sdist, ', '.join(sorted(uploaders)))
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def validate_releases(deliverable_info, zuul_projects,
|
def validate_releases(deliverable_info, zuul_projects,
|
||||||
series_name,
|
series_name,
|
||||||
workdir,
|
workdir,
|
||||||
@ -1260,6 +1302,13 @@ def main():
|
|||||||
mk_warning,
|
mk_warning,
|
||||||
mk_error,
|
mk_error,
|
||||||
)
|
)
|
||||||
|
validate_pypi_permissions(
|
||||||
|
deliverable_info,
|
||||||
|
zuul_projects,
|
||||||
|
workdir,
|
||||||
|
mk_warning,
|
||||||
|
mk_error,
|
||||||
|
)
|
||||||
validate_gitreview(deliverable_info, workdir, mk_warning, mk_error)
|
validate_gitreview(deliverable_info, workdir, mk_warning, mk_error)
|
||||||
validate_releases(
|
validate_releases(
|
||||||
deliverable_info,
|
deliverable_info,
|
||||||
|
@ -16,6 +16,7 @@ import json
|
|||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
|
import xmlrpc.client
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
@ -71,3 +72,14 @@ def get_pypi_info(dist_name):
|
|||||||
return requests.get(url).json()
|
return requests.get(url).json()
|
||||||
except json.decoder.JSONDecodeError:
|
except json.decoder.JSONDecodeError:
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
||||||
|
def get_pypi_uploaders(dist_name):
|
||||||
|
client = xmlrpc.client.ServerProxy('https://pypi.python.org/pypi')
|
||||||
|
roles = client.package_roles(dist_name)
|
||||||
|
uploaders = set(
|
||||||
|
acct
|
||||||
|
for role, acct in roles
|
||||||
|
if role in ('Owner', 'Maintainer')
|
||||||
|
)
|
||||||
|
return uploaders
|
||||||
|
Loading…
Reference in New Issue
Block a user