CI: fix container tag

.forgejo/workflows/build.yaml

@@ -19,7 +19,7 @@ jobs:
       - name: Install the latest version of uv
         uses: astral-sh/setup-uv@v4
         with:
-          version: "0.5.16"
+          version: "0.6.9"
 
       - name: Install
         run: uv sync
@@ -27,34 +27,26 @@ jobs:
       - name: Run tests (API call)
         run: .venv/bin/pytest -s tests/basic.py
 
-      - name: Get version with git describe
+      - name: Get version
-        id: version
+        run: echo "VERSION=$(.venv/bin/dunamai from any --style semver)" >> $GITHUB_ENV
-        run: |
-          echo "version=$(git describe)" >> $GITHUB_OUTPUT
-          echo "$VERSION"
 
-      - name: Check if the container should be built
+      - name: Version
-        id: builder
+        run: echo $VERSION
-        env:
-          RUN: ${{ toJSON(inputs.build || !contains(steps.version.outputs.version, '-')) }}
-        run: |
-          echo "run=$RUN" >> $GITHUB_OUTPUT
-          echo "Run build: $RUN"
 
-      - name: Set the version in pyproject.toml (workaround for uv not supporting dynamic version)
+      - name: Get distance from tag
-        if: fromJSON(steps.builder.outputs.run)
+        run: echo "DISTANCE=$(.venv/bin/dunamai from any --format '{distance}')" >> $GITHUB_ENV
-        env:
+
-          VERSION: ${{ steps.version.outputs.version }}
+      - name: Distance
-        run: sed "s/0.0.0/$VERSION/" -i pyproject.toml
+        run: echo $DISTANCE
 
       - name: Workaround for bug of podman-login
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         run: |
           mkdir -p $HOME/.docker
           echo "{ \"auths\": {} }" > $HOME/.docker/config.json
 
       - name: Log in to the container registry (with another workaround)
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         uses: actions/podman-login@v1
         with:
           registry: ${{ vars.REGISTRY }}
@@ -63,30 +55,30 @@ jobs:
           auth_file_path: /tmp/auth.json
 
       - name: Build the container image
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         uses: actions/buildah-build@v1
         with:
           image: oidc-fastapi-test
           oci: true
           labels: oidc-fastapi-test
-          tags: latest ${{ steps.version.outputs.version }}
+          tags: "latest ${{ env.VERSION }}"
           containerfiles: |
             ./Containerfile
 
       - name: Push the image to the registry
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         uses: actions/push-to-registry@v2
         with:
           registry: "docker://${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}"
           image: oidc-fastapi-test
-          tags: latest ${{ steps.version.outputs.version }}
+          tags: "latest ${{ env.VERSION }}"
 
       - name: Build wheel
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         run: uv build --wheel
 
       - name: Publish Python package (home)
-        if: fromJSON(steps.builder.outputs.run)
+        if: env.DISTANCE == '0'
         env:
           LOCAL_PYPI_TOKEN: ${{ secrets.LOCAL_PYPI_TOKEN }}
         run: uv publish --publish-url https://code.philo.ydns.eu/api/packages/philorg/pypi --token $LOCAL_PYPI_TOKEN

.forgejo/workflows/test.yaml

@@ -19,7 +19,7 @@ jobs:
       - name: Install the latest version of uv
         uses: astral-sh/setup-uv@v4
         with:
-          version: "0.5.16"
+          version: "0.6.3"
 
       - name: Install
         run: uv sync

Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/python:alpine
+FROM docker.io/library/python:latest
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
 

pyproject.toml

@@ -24,11 +24,7 @@ dependencies = [
 oidc-test = "oidc_test.main:main"
 
 [dependency-groups]
-dev = [
+dev = ["dunamai>=1.23.0", "ipdb>=0.13.13", "pytest>=8.3.4"]
-    "dunamai>=1.23.0",
-    "ipdb>=0.13.13",
- "pytest>=8.3.4",
-]
 
 [build-system]
 requires = ["hatchling", "uv-dynamic-versioning"]
@@ -39,6 +35,10 @@ source = "uv-dynamic-versioning"
 
 [tool.hatch.build.targets.wheel]
 packages = ["src/oidc_test"]
+package = true
+
+[tool.uv-dynamic-versioning]
+style = "semver"
 
 [tool.uv]
 package = true

src/oidc_test/__init__.py

@@ -0,0 +1,11 @@
+import importlib.metadata
+
+try:
+    from dunamai import Version, Style
+
+    __version__ = Version.from_git().serialize(style=Style.SemVer, dirty=True)
+except ImportError:
+    # __name__ could be used if the package name is the same
+    # as the directory - not the case here
+    # __version__ = importlib.metadata.version(__name__)
+    __version__ = importlib.metadata.version("oidc-fastapi-test")

src/oidc_test/auth/provider.py

@@ -61,28 +61,34 @@ class Provider(AuthProviderSettings):
             if self.info_url is not None:
                 try:
                     provider_info = await client.get(self.info_url)
-                except Exception:
+                except Exception as err:
+                    logger.debug("Provider_info: cannot connect")
+                    logger.exception(err)
                     raise NoPublicKey
                 try:
                     self.info = provider_info.json()
                 except JSONDecodeError:
+                    logger.debug("Provider_info: cannot decode json response")
                     raise NoPublicKey
                 if "public_key" in self.info:
                     # For Keycloak
                     try:
                         public_key = str(self.info["public_key"])
                     except KeyError:
+                        logger.debug("Provider_info: cannot get public_key")
                         raise NoPublicKey
                 elif "keys" in self.info:
                     # For Forgejo/Gitea
                     try:
                         public_key = str(self.info["keys"][0]["n"])
                     except KeyError:
+                        logger.debug("Provider_info: cannot get key 0.n")
                         raise NoPublicKey
             if self.public_key_url is not None:
                 resp = await client.get(self.public_key_url)
                 public_key = resp.text
             if public_key is None:
+                logger.debug("Provider_info: cannot determine public key")
                 raise NoPublicKey
             self.public_key = "\n".join(
                 ["-----BEGIN PUBLIC KEY-----", public_key, "-----END PUBLIC KEY-----"]

src/oidc_test/main.py

@@ -29,6 +29,7 @@ from authlib.oauth2.rfc6749 import OAuth2Token
 # from fastapi.security import OpenIdConnect
 # from pkce import generate_code_verifier, generate_pkce_pair
 
+from oidc_test import __version__
 from oidc_test.registry import registry
 from oidc_test.auth.provider import NoPublicKey, Provider
 from oidc_test.auth.utils import (
@@ -108,6 +109,7 @@ async def home(
         "show_token": settings.show_token,
         "user": user,
         "now": datetime.now(),
+        "__version__": __version__,
     }
     if provider is None or token is None:
         context["providers"] = providers

src/oidc_test/static/styles.css

@@ -21,6 +21,12 @@ hr {
 .hidden {
   display: none;
 }
+.version {
+  position: absolute;
+  font-size: 75%;
+  top: 0.3em;
+  right: 0.3em;
+}
 .center {
   text-align: center;
 }

src/oidc_test/templates/base.html

@@ -5,6 +5,7 @@
     <script src="{{ url_for('static', path='/utils.js') }}"></script>
   </head>
   <body onload="checkPerms('links-to-check', '{{ access_token }}', '{{ auth_provider.id }}')">
+    <div class="version">v. {{ __version__}}</div>
     <h1>OIDC-test - FastAPI client</h1>
     {% block content %}
     {% endblock %}