apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: pypi
  namespace: gitops-ci
  labels:
    app.kubernetes.io/version: "0.2"
  annotations:
    tekton.dev/pipelines.minVersion: "0.12.1"
    tekton.dev/categories: Publishing
    tekton.dev/tags: build
    tekton.dev/displayName: "pypi"
    tekton.dev/platforms: "linux/amd64"
spec:
  description: >-
    This Task publishes Python packages to PyPI index using Twine utility module.

    It provides build system independent uploads of source and binary distribution
    artifacts for both new and existing projects.

  params:
  - name: TWINE_REPOSITORY_URL
    description: The repository (package index) to upload the package to.
    default: "https://upload.pypi.org/legacy/"
    type: string
  - name: SECRET_NAME
    description: Name of the secret containing the username & password used to upload the package.
    default: "pypi-secret"
    type: string
  - name: SECRET_USERNAME_KEY
    description: Name of the secret key containing the username.
    default: "username"
    type: string
  - name: SECRET_PASSWORD_KEY
    description: Name of the secret key containing the password.
    default: "password"
    type: string
  - name: PREBUILD_SCRIPT
    description: Script to execute prior to running setup.py.
    type: string
    default: ''
  - name: BUILDER_IMAGE
    description: Image to use for building the package
    type: string
    default: 'python:3.9'

  workspaces:
  - name: source

  steps:
  - name: build-package
    image: $(params.BUILDER_IMAGE)
    workingDir: $(workspaces.source.path)
    script: |
      $(params.PREBUILD_SCRIPT)

      python setup.py sdist bdist_wheel
  - name: upload-package
    image: quay.io/thoth-station/twine:v0.0.2 #tag: v0.0.2
    workingDir: $(workspaces.source.path)
    env:
    - name: TWINE_REPOSITORY_URL
      value: $(params.TWINE_REPOSITORY_URL)
    - name: TWINE_USERNAME
      valueFrom:
        secretKeyRef:
          name: $(params.SECRET_NAME)
          key: $(params.SECRET_USERNAME_KEY)
    - name: TWINE_PASSWORD
      valueFrom:
        secretKeyRef:
          name: $(params.SECRET_NAME)
          key: $(params.SECRET_PASSWORD_KEY)
    script: |
      twine upload --disable-progress-bar dist/*
      # Now write out all our results, stripping newlines.
      # sdist files are .tar.gz's
      sha256sum dist/*.tar.gz | tr -d '\n' | tee $(results.sdist_sha.path)
      # bdist files are .whls's
      sha256sum dist/*.whl | tr -d '\n' | tee $(results.bdist_sha.path)
      python setup.py --name | tr -d '\n' | tee $(results.package_name.path)
      python setup.py --version | tr -d '\n' | tee $(results.package_version.path)
  results:
  - name: sdist_sha
    description: sha256 (and filename) of the sdist package
  - name: bdist_sha
    description: sha256 (and filename) of the bdist package
  - name: package_name
    description: name of the uploaded package
  - name: package_version
    description: version of the uploaded package