Merge pull request #66 from modeseven-lfreleng-actions/update-action

ModeSevenIndustrialSolutions · web-flow · commit d54ca0172525 · 2025-12-10T08:34:57.000Z
Feat: Add artefact_name input to filter build artefact downloads
diff --git a/.github/workflows/testing.yaml b/.github/workflows/testing.yaml
@@ -42,7 +42,7 @@ jobs:
       # Build sample Python project
       - name: "Build Python Project"
         # yamllint disable-line rule:line-length
-        uses: lfreleng-actions/python-build-action@3552106f5c8bfedebe4c38116abf3b9c289359ea # v0.1.22
+        uses: lfreleng-actions/python-build-action@e74a56d61b59b55516ee05037303528423d8ed5a # v1.0.0
         with:
           path_prefix: "test-python-project/"
           tox_build: false
@@ -72,7 +72,7 @@ jobs:
       # Rebuild sample Python project
       - name: "Rebuild Python Project"
         # yamllint disable-line rule:line-length
-        uses: lfreleng-actions/python-build-action@3552106f5c8bfedebe4c38116abf3b9c289359ea # v0.1.22
+        uses: lfreleng-actions/python-build-action@e74a56d61b59b55516ee05037303528423d8ed5a # v1.0.0
         with:
           path_prefix: "test-python-project/"
           tox_build: false
@@ -105,3 +105,39 @@ jobs:
           path_prefix: "test-python-project/"
           # Override failure
           permit_fail: true
+
+  ### Test custom artefact_name support ###
+  tests-custom-artefact-name:
+    name: "Test Custom Artefact Name"
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    timeout-minutes: 12
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+      - name: "Checkout sample project repository"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          repository: "lfreleng-actions/test-python-project"
+          path: "test-python-project"
+
+      # Build with custom artefact name
+      - name: "Build Python project with custom artefact name"
+        id: build-custom
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/python-build-action@e74a56d61b59b55516ee05037303528423d8ed5a # v1.0.0
+        with:
+          path_prefix: "test-python-project/"
+          artefact_name: "test-python-project-x64"
+          tox_build: false
+
+      # Audit with custom artefact name
+      # Will fail if artefact download does not work
+      - name: "Run action with custom artefact_name"
+        uses: ./
+        with:
+          python_version: "${{ env.build_python }}"
+          path_prefix: "test-python-project/"
+          artefact_name: "test-python-project-x64"
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ Below is a sample matrix job configuration for this action:
     runs-on: "ubuntu-24.04"
     needs:
       - python-build
-    # Matrix job
+    # Matrix job
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
@@ -38,6 +38,45 @@ Below is a sample matrix job configuration for this action:
 
 Before the audit shown above, a Python build job has run (not shown).
 
+### Multi-Architecture Example
+
+When auditing builds for different architectures, use the `artefact_name` input
+to download the correct architecture-specific artefacts:
+
+<!-- markdownlint-disable MD046 -->
+
+```yaml
+  python-audit-x64:
+    name: "Python Audit x64"
+    runs-on: "ubuntu-latest"
+    needs: python-build-x64
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.python-build-x64.outputs.matrix_json) }}
+    steps:
+      - name: "Audit project dependencies"
+        uses: lfreleng-actions/python-audit-action@main
+        with:
+          python_version: ${{ matrix.python-version }}
+          artefact_name: my-package-x64
+
+  python-audit-arm64:
+    name: "Python Audit ARM64"
+    runs-on: "ubuntu-24.04-arm"
+    needs: python-build-arm64
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.python-build-arm64.outputs.matrix_json) }}
+    steps:
+      - name: "Audit project dependencies"
+        uses: lfreleng-actions/python-audit-action@main
+        with:
+          python_version: ${{ matrix.python-version }}
+          artefact_name: my-package-arm64
+```
+
+<!-- markdownlint-enable MD046 -->
+
 ## Usage Examples
 
 ```yaml
@@ -75,14 +114,15 @@ To ignore specific vulnerabilities:
 
 <!-- markdownlint-disable MD013 -->
 
-| Variable Name   | Required | Default   | Description                                                 |
-| --------------- | -------- | --------- | ----------------------------------------------------------- |
-| python_versions | True     | N/A       | Matrix job Python version                                   |
-| permit_fail     | False    | False     | Continue/pass even when the audit fails                     |
-| artefact_path   | False    | "dist"    | Stores the test coverage report bundle as an artefact       |
-| summary         | False    | True      | Whether pypa/gh-action-pip-audit generates summary output   |
-| path_prefix     | False    | ""        | Path/directory to Python project code                       |
-| ignore_vulns    | False    | See below | Vulnerability IDs to ignore (whitespace separated)          |
+| Variable Name  | Required | Default   | Description                                                                                                                                                  |
+| -------------- | -------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| python_version | True     | N/A       | Matrix job Python version                                                                                                                                    |
+| artefact_name  | False    |           | Custom name for downloaded artefacts (defaults to project name). Useful when building for different platforms/architectures to avoid artefact name conflicts |
+| permit_fail    | False    | False     | Continue/pass even when the audit fails                                                                                                                      |
+| artefact_path  | False    | "dist"    | Path/location to build artefacts                                                                                                                             |
+| summary        | False    | True      | Whether pypa/gh-action-pip-audit generates summary output                                                                                                    |
+| path_prefix    | False    | ""        | Path/directory to Python project code                                                                                                                        |
+| ignore_vulns   | False    | See below | Vulnerability IDs to ignore (whitespace separated)                                                                                                           |
 
 <!-- markdownlint-enable MD013 -->
 
diff --git a/action.yaml b/action.yaml
@@ -12,6 +12,12 @@ inputs:
     description: 'Python version used to perform audit'
     required: true
   # Optional
+  artefact_name:
+    # Useful when building for multiple platforms/architectures
+    # Can be used to avoid downloading artefacts with conflicting names
+    description: 'Artefact name to download (defaults to project name)'
+    required: false
+    # type: string
   permit_fail:
     description: 'Continue/pass even when the audit fails'
     required: false
@@ -52,7 +58,8 @@ runs:
       # yamllint disable-line rule:line-length
       uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
       with:
-        name: "${{ env.python_project_name }}"
+        # yamllint disable-line rule:line-length
+        name: "${{ inputs.artefact_name || env.python_project_name }}"
         path: "${{ inputs.artefact_path }}"
 
     - name: "Setup Python ${{ inputs.python_version }}"
@@ -72,27 +79,30 @@ runs:
           .tox
         # yamllint disable rule:line-length
         key: >-
-          python-${{ runner.os }}-${{ inputs.python_version }}-
+          python-${{ runner.os }}-${{ runner.arch }}-${{ inputs.python_version }}-
           ${{ hashFiles('**/requirements*.txt', '**/pyproject.toml', '**/poetry.lock', '**/Pipfile*', '**/setup.py', '**/setup.cfg') }}
         restore-keys: |
-          python-${{ runner.os }}-${{ inputs.python_version }}-
-          python-${{ runner.os }}-
+          python-${{ runner.os }}-${{ runner.arch }}-${{ inputs.python_version }}-
+          python-${{ runner.os }}-${{ runner.arch }}-
         # yamllint enable rule:line-length
 
     - name: 'Install build products/dependencies'
       shell: bash
       run: |
         # Install build products/dependencies
+        path_prefix="${{ inputs.path_prefix }}"
         echo 'Upgrading: pip, setuptools'
         python -m pip install --disable-pip-version-check \
           -q --upgrade pip setuptools
         echo 'Installing built package(s) and dependencies'
         for wheel in ${{ inputs.artefact_path }}/*.whl; do
                 pip install -q "$wheel"
         done
-        if [ -f 'requirements.txt' ]; then
-          echo 'Installing dependencies from: requirements.txt'
-          pip install -q -r requirements.txt
+        # Check for requirements.txt in path_prefix if provided
+        req_file="${path_prefix:+$path_prefix/}requirements.txt"
+        if [ -f "$req_file" ]; then
+          echo "Installing dependencies from: $req_file"
+          pip install -q -r "$req_file"
         fi
 
     - name: 'Auditing with: pypa/gh-action-pip-audit'
