Files
wehub-resource-sync 09e9f3545f
Test / Code Quality (push) Has been cancelled
Test / Test (macos-latest, Python 3.10) (push) Has been cancelled
Test / Test (macos-latest, Python 3.11) (push) Has been cancelled
Test / Test (macos-latest, Python 3.12) (push) Has been cancelled
Test / Test (macos-latest, Python 3.13) (push) Has been cancelled
Test / Test (macos-latest, Python 3.14) (push) Has been cancelled
Test / Test (ubuntu-latest, Python 3.10) (push) Has been cancelled
Test / Test (ubuntu-latest, Python 3.11) (push) Has been cancelled
Test / Test (ubuntu-latest, Python 3.12) (push) Has been cancelled
Test / Test (ubuntu-latest, Python 3.13) (push) Has been cancelled
Test / Test (ubuntu-latest, Python 3.14) (push) Has been cancelled
Test / Test (windows-latest, Python 3.10) (push) Has been cancelled
Test / Test (windows-latest, Python 3.11) (push) Has been cancelled
Test / Test (windows-latest, Python 3.12) (push) Has been cancelled
Test / Test (windows-latest, Python 3.13) (push) Has been cancelled
Test / Test (windows-latest, Python 3.14) (push) Has been cancelled
CodeQL / Analyze (push) Has been cancelled
dependency-audit / pip-audit (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:30:13 +08:00

200 lines
7.7 KiB
YAML

name: Verify Package
on:
workflow_dispatch:
inputs:
source:
description: 'Package source'
required: true
default: 'testpypi'
type: choice
options:
- testpypi
- pypi
permissions:
contents: read
jobs:
verify:
name: Verify from ${{ inputs.source }}
runs-on: ubuntu-latest
# Secret-bearing job (steps below reference secrets.NOTEBOOKLM_AUTH_JSON
# + secrets.NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID for the live E2E pass). The
# workflow is workflow_dispatch-only, so every run is human-initiated;
# this `protected-readonly` environment requires a maintainer to approve
# the dispatch before any secret is exposed. Non-maintainer dispatches
# block at the approval prompt rather than acquiring tokens.
# See docs/development.md → "Workflow secret gates".
environment: protected-readonly
steps:
- uses: actions/checkout@v7
with:
persist-credentials: false
- name: Set up Python 3.12
uses: actions/setup-python@v6
with:
python-version: "3.12"
cache: 'pip'
- name: Install uv
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # @ v7.0.0
- name: Get version from pyproject.toml
id: version
run: |
VERSION=$(python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])")
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Sync locked deps + non-cookies extras
# Pull every runtime + tooling dep from `uv.lock` (the same lockfile
# contributors install from) so the verify step exercises the full
# non-cookies dep tree rather than whatever pip happens to resolve at
# smoke time. `cookies` stays excluded because rookiepy has Python
# 3.13+ install issues.
# The published wheel itself is force-reinstalled in the next step.
run: >
uv sync --frozen
--extra browser
--extra dev
--extra markdown
--extra mcp
--extra server
- name: Install published wheel from TestPyPI (--no-deps)
if: inputs.source == 'testpypi'
shell: bash
run: |
# --no-deps proves the wheel was actually uploaded to TestPyPI — the
# previous `--extra-index-url https://pypi.org/simple/` fallback would
# silently succeed by resolving an older published version from PyPI
# when the TestPyPI upload itself was broken or missing.
# --reinstall replaces the editable install left behind by `uv sync`
# with the actual built wheel under test. --no-cache + --only-binary
# ensure we test the freshly-uploaded wheel, never a cached sdist.
#
# `uv pip install --python .venv/bin/python` is load-bearing: a
# `source .venv/bin/activate && pip install …` chain falls back to
# the runner's system pip when uv has not seeded pip into `.venv`,
# which then writes outside the venv and leaves the editable install
# in place — masking a broken/missing TestPyPI upload.
uv pip install --python .venv/bin/python \
--no-deps --reinstall --no-cache --only-binary=:all: \
--index-url https://test.pypi.org/simple/ \
"notebooklm-py==${{ steps.version.outputs.version }}"
- name: Install published wheel from PyPI (--no-deps)
if: inputs.source == 'pypi'
shell: bash
run: |
# Symmetric with the TestPyPI step: --no-deps + --reinstall swaps the
# locked editable install for the actual PyPI wheel without
# disturbing the dep tree resolved from `uv.lock`. See the TestPyPI
# step above for why `uv pip install --python .venv/bin/python` is
# used instead of activating the venv and calling bare `pip`.
uv pip install --python .venv/bin/python \
--no-deps --reinstall --no-cache --only-binary=:all: \
"notebooklm-py==${{ steps.version.outputs.version }}"
- name: Verify version
shell: bash
run: |
source .venv/bin/activate
INSTALLED=$(python -c "from notebooklm import __version__; print(__version__)")
EXPECTED="${{ steps.version.outputs.version }}"
if [ "$INSTALLED" != "$EXPECTED" ]; then
echo "Version mismatch: installed=$INSTALLED expected=$EXPECTED"
exit 1
fi
echo "Version verified: $INSTALLED"
- name: Verify CLI
shell: bash
run: |
source .venv/bin/activate
notebooklm --version
notebooklm --help
- name: Verify imports
shell: bash
run: |
source .venv/bin/activate
python -c "from notebooklm import NotebookLMClient, Notebook, Source, Artifact"
echo "Core imports verified"
- name: Install Playwright browsers
shell: bash
run: |
source .venv/bin/activate
# Test deps come from the non-cookies extras installed via
# `uv sync --frozen` above. Just need to provision the Chromium browser
# binary + Linux system libs.
playwright install chromium
playwright install-deps chromium
- name: Run unit tests
shell: bash
run: |
source .venv/bin/activate
pytest tests/unit -v
- name: Run integration tests
shell: bash
run: |
source .venv/bin/activate
pytest tests/integration -v
- name: Skip E2E tests (fork)
if: github.repository != 'teng-lin/notebooklm-py'
run: |
echo "::warning::E2E tests skipped - secrets not available in fork repositories"
echo "## E2E Tests Skipped" >> $GITHUB_STEP_SUMMARY
echo "E2E tests were not run because this workflow is executing on a fork." >> $GITHUB_STEP_SUMMARY
- name: Run E2E tests
id: e2e
if: github.repository == 'teng-lin/notebooklm-py'
# Don't fail the job here — the retry step below gets a 10-min cool-down
# shot at any failures, and its exit code is what marks the job red.
continue-on-error: true
shell: bash
env:
NOTEBOOKLM_AUTH_JSON: ${{ secrets.NOTEBOOKLM_AUTH_JSON }}
NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID: ${{ secrets.NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID }}
run: |
source .venv/bin/activate
if [ -z "$NOTEBOOKLM_AUTH_JSON" ]; then
echo "::error::NOTEBOOKLM_AUTH_JSON secret is not configured"
exit 1
fi
if [ -z "$NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID" ]; then
echo "::error::NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID secret is not configured"
exit 1
fi
# --reruns 1 --reruns-delay 30 catches sub-minute network blips;
# longer chat-throttle recovery is handled by the cool-down retry below.
pytest tests/e2e -m "not variants" --reruns 1 --reruns-delay 30 -v
- name: Retry failed E2E tests after 10-min cool-down
# Tests still throttled after the cool-down become skips via the
# _install_chat_rate_limit_skip fixture in tests/e2e/conftest.py.
if: steps.e2e.outcome == 'failure'
shell: bash
env:
NOTEBOOKLM_AUTH_JSON: ${{ secrets.NOTEBOOKLM_AUTH_JSON }}
NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID: ${{ secrets.NOTEBOOKLM_READ_ONLY_NOTEBOOK_ID }}
run: |
source .venv/bin/activate
# Missing lastfailed after a failed e2e step means pytest crashed
# before writing the cache (import error, OOM, etc.) — fail the job
# rather than silently going green.
if [ ! -f .pytest_cache/v/cache/lastfailed ]; then
echo "::error::No lastfailed cache from previous step; pytest likely crashed before running tests."
exit 1
fi
echo "Initial E2E run failed. Sleeping 600s before retrying failed tests."
sleep 600
uv run pytest tests/e2e --last-failed --last-failed-no-failures=none -s -v --tb=short