From 7d1e7bbc656df3d156bbd9f4edb732983d86149d Mon Sep 17 00:00:00 2001
From: Hynek Schlawack <hs@ox.cx>
Date: Thu, 8 Aug 2024 07:44:56 +0200
Subject: [PATCH] Dedup using baipp, add uv (#83)

* Dedup using baipp, add uv

* Ensure reinstall in Nox

* Add missing uv

* Attest packages

* We need PyPI workflow only on main
---
 .github/workflows/ci.yml           | 65 +++++++++++++-----------------
 .github/workflows/pypi-package.yml |  5 ++-
 pyproject.toml                     |  4 ++
 3 files changed, 34 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d835933..40b1aa9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -40,6 +40,12 @@ jobs:
           fetch-depth: 0
 
       - uses: hynek/build-and-inspect-python-package@v2
+        id: baipp
+
+    outputs:
+      # Used to define the matrix for tests below. The value is based on
+      # packaging metadata (trove classifiers).
+      supported-python-versions: ${{ steps.baipp.outputs.supported_python_classifiers_json_array }}
 
   tests:
     name: Tests on ${{ matrix.python-version }}
@@ -49,18 +55,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version:
-          # [[[cog
-          # for line in open("pyproject.toml"):
-          #     if "Programming Language :: Python :: " in line:
-          #         cog.outl(f'- "{line.rsplit(" ")[-1][:-3]}"')
-          # ]]]
-          - "3.8"
-          - "3.9"
-          - "3.10"
-          - "3.11"
-          - "3.12"
-          # [[[end]]]
+        # Created by the build-and-inspect-python-package action above.
+        python-version: ${{ fromJson(needs.build-package.outputs.supported-python-versions) }}
 
     steps:
       - name: Download pre-built packages
@@ -68,14 +64,15 @@ jobs:
         with:
           name: Packages
           path: dist
-      - run: tar xf dist/*.tar.gz --strip-components=1
+      - run: |
+          tar xf dist/*.tar.gz --strip-components=1
+          rm -rf src  # ensure we run against wheel
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           allow-prereleases: true
-          cache: pip
-
-      - run: python -Im pip install --upgrade wheel nox
+      - uses: hynek/setup-cached-uv@v2
+      - run: uv pip install --system nox
 
       - name: Run tests
         run: |
@@ -99,11 +96,16 @@ jobs:
     if: always()
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Download pre-built packages
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+      - run: tar xf dist/*.tar.gz --strip-components=1
       - uses: actions/setup-python@v5
         with:
-          cache: pip
           python-version-file: .python-version-default
+      - uses: hynek/setup-cached-uv@v2
 
       - uses: actions/download-artifact@v4
         with:
@@ -112,7 +114,7 @@ jobs:
 
       - name: Combine coverage & fail if it's <100%.
         run: |
-          python -Im pip install --upgrade coverage[toml]
+          uv pip install --system coverage[toml]
 
           python -Im coverage combine
           python -Im coverage html --skip-covered --skip-empty
@@ -137,18 +139,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version:
-          # [[[cog
-          # for line in open("pyproject.toml"):
-          #     if "Programming Language :: Python :: " in line:
-          #         cog.outl(f'- "{line.rsplit(" ")[-1][:-3]}"')
-          # ]]]
-          - "3.8"
-          - "3.9"
-          - "3.10"
-          - "3.11"
-          - "3.12"
-          # [[[end]]]
+        # Created by the build-and-inspect-python-package action above.
+        python-version: ${{ fromJson(needs.build-package.outputs.supported-python-versions) }}
 
     steps:
       - name: Download pre-built packages
@@ -157,15 +149,13 @@ jobs:
           name: Packages
           path: dist
       - run: tar xf dist/*.tar.gz --strip-components=1
-
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           allow-prereleases: true
-          cache: pip
-
-      - run: python -Im pip install --upgrade wheel nox
+      - uses: hynek/setup-cached-uv@v2
 
+      - run: uv pip install --system nox
       - run: python -Im nox --session mypy
 
   docs:
@@ -180,10 +170,8 @@ jobs:
           name: Packages
           path: dist
       - run: tar xf dist/*.tar.gz --strip-components=1
-
       - uses: actions/setup-python@v5
         with:
-          cache: pip
           # [[[cog
           # import yaml
           # with open(".readthedocs.yaml") as f:
@@ -192,8 +180,9 @@ jobs:
           # ]]]
           python-version: "3.12"
           # [[[end]]]
-      - run: python -Im pip install --upgrade wheel nox
+      - uses: hynek/setup-cached-uv@v2
 
+      - run: uv pip install --system nox
       - run: python -Im nox --session docs
 
   install-dev:
diff --git a/.github/workflows/pypi-package.yml b/.github/workflows/pypi-package.yml
index b90edf0..d533852 100644
--- a/.github/workflows/pypi-package.yml
+++ b/.github/workflows/pypi-package.yml
@@ -5,15 +5,14 @@ on:
   push:
     branches: [main]
     tags: ["*"]
-  pull_request:
   release:
     types:
       - published
   workflow_dispatch:
 
 permissions:
+  attestations: write
   contents: read
-  # Needed for trusted publishing.
   id-token: write
 
 jobs:
@@ -28,6 +27,8 @@ jobs:
           fetch-depth: 0
 
       - uses: hynek/build-and-inspect-python-package@v2
+        with:
+          attest-build-provenance-github: 'true'
 
   # Upload to Test PyPI on every commit on main.
   release-test-pypi:
diff --git a/pyproject.toml b/pyproject.toml
index ace8f05..1a76b46 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -57,6 +57,10 @@ source = "vcs"
 raw-options = { local_scheme = "no-local-version" }
 
 
+[tool.uv]
+reinstall-package = ["environ-config"]
+
+
 [tool.pytest.ini_options]
 addopts = ["-ra", "--strict-markers", "--strict-config"]
 xfail_strict = true