-
Notifications
You must be signed in to change notification settings - Fork 7
141 lines (128 loc) · 4.29 KB
/
release.yml
File metadata and controls
141 lines (128 loc) · 4.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "vulncheck_sdk/**"
permissions:
contents: write
jobs:
build:
name: Build distribution 📦
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Poetry
uses: abatilo/actions-poetry@v2
with:
poetry-version: "2.2.1"
- name: Install testing requirements
run: poetry add requests==2.32.5
- name: Install dependencies
run: make deps
- name: Test with pytest
env:
VULNCHECK_API_TOKEN: ${{ secrets.VULNCHECK_API_TOKEN }}
run: make test
- name: Build Module
run: make build
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
publish-to-pypi:
name: >-
Publish Python 🐍 distribution 📦 to PyPI
needs:
- build
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/vulncheck-sdk
permissions:
id-token: write
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
create-release:
name: Create release
needs:
- build
- publish-to-pypi
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: generate_token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Check out HEAD ref
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
path: head
fetch-tags: true
- name: Get versions
id: versions
working-directory: head
run: |
CURRENT_VERSION=$(yq e '.additionalProperties.packageVersion' python-generator-config.yaml)
echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "All available tags:"
git tag -l
LATEST_TAG=$(git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n1)
if [ -z "$LATEST_TAG" ]; then
echo "No valid version tags found"
exit 1
fi
echo "Found latest tag: $LATEST_TAG"
echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
- name: Check out previous release
uses: actions/checkout@v6
with:
fetch-depth: 0
path: previous
ref: ${{ steps.versions.outputs.latest_tag }}
fetch-tags: true
- name: Make temp openapi-diff file
run: touch ${{ github.workspace }}/head/openapi-diff.md
- name: Run openapi-diff
uses: docker://openapitools/openapi-diff:latest
with:
args: previous/openapi.json head/openapi.json --markdown head/openapi-diff.md
- name: Check if tag exists
id: check_tag
working-directory: head
run: |
if git ls-remote --exit-code --tags origin "refs/tags/v${{ steps.versions.outputs.current_version }}"; then
echo "Tag v${{ steps.versions.outputs.current_version }} already exists, skipping release"
echo "exists=true" >> $GITHUB_OUTPUT
else
echo "exists=false" >> $GITHUB_OUTPUT
fi
- name: Create and push tag
if: steps.check_tag.outputs.exists == 'false'
working-directory: head
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
git config --global url."https://x-access-token:${GH_TOKEN}@github.com/".insteadOf "https://github.com/"
git tag -f v${{ steps.versions.outputs.current_version }}
git push --force origin v${{ steps.versions.outputs.current_version }}
- name: Release
if: steps.check_tag.outputs.exists == 'false'
uses: softprops/action-gh-release@v3
with:
body_path: ${{ github.workspace }}/head/openapi-diff.md
tag_name: v${{ steps.versions.outputs.current_version }}
token: ${{ steps.generate_token.outputs.token }}