From cdb3cadcd8b3bed855e765a24dee7f1788f27adf Mon Sep 17 00:00:00 2001 From: Mathew Payne Date: Mon, 2 Sep 2024 10:52:05 +0100 Subject: [PATCH 1/4] feat: Release actions --- .github/workflows/release.yml | 46 ++++++++++++++++++++++++++++++ .github/workflows/self-release.yml | 45 +++++++++++++++++++++++++++++ .release.yml | 10 +++++++ 3 files changed, 101 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/self-release.yml create mode 100644 .release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c8e21f0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,46 @@ +# GitHub Releasing Workflow +name: GitHub - Release + +on: + push: + workflow_call: + inputs: + version: + description: "The version to release" + required: true + type: string + +permissions: + contents: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + # https://github.com/peter-murray/semver-data-action + - name: Parse SemVer + id: version + uses: peter-murray/semver-action@v1 + with: + version: ${{ inputs.version }} + + # Tags :: ${Full}, v${Major}, v${Major}.${Minor}, v${Major}.${Minor}.${Patch} + - name: "GitHub Release" + env: + GH_TOKEN: ${{ github.token }} + run: | + git config user.name github-actions + git config user.email github-actions@github.com + + git tag "${{ steps.version.outputs.version }}" --force + git tag "v${{ steps.version.outputs.major }}" --force + git tag "v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}" --force + git tag "v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}.${{ steps.version.outputs.patch }}" --force + + git push origin ${{ github.ref_name }} + git push origin --tags --force + + gh release create --latest --generate-notes \ + --title "v${{ steps.version.outputs.version }}" \ + "${{ steps.version.outputs.version }}" + \ No newline at end of file diff --git a/.github/workflows/self-release.yml b/.github/workflows/self-release.yml new file mode 100644 index 0000000..96f909c --- /dev/null +++ b/.github/workflows/self-release.yml @@ -0,0 +1,45 @@ +name: "Self - Release" + +on: + push: + branches: ["main"] + +permissions: + contents: write + +jobs: + fetch-release: + runs-on: ubuntu-latest + outputs: + release: ${{ steps.version-changes.outputs.release }} + version: ${{ steps.version-changes.outputs.version }} + steps: + - name: "Checkout" + uses: actions/checkout@v4 + + - name: "Fetch Release" + id: version-changes + run: | + set -e + + pip install yq + + current_version=$(cat .release.yml | yq -r ".version") + released_version=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/:owner/:repo/releases/latest | jq -r ".tag_name") + + if [[ "$current_version" == "NA" || "$current_version" == "$released_version" ]]; then + echo "No new release found" + echo "release=false" >> "$GITHUB_OUTPUT" + else + echo "New release found" + echo "version=$current_version" >> "$GITHUB_OUTPUT" + echo "release=true" >> "$GITHUB_OUTPUT" + fi + + release: + uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.1.0 + needs: [ fetch-release ] + if: ${{ needs.fetch-release.outputs.release == 'true' }} + secrets: inherit + with: + version: ${{ needs.fetch-release.outputs.version }} diff --git a/.release.yml b/.release.yml new file mode 100644 index 0000000..27c11aa --- /dev/null +++ b/.release.yml @@ -0,0 +1,10 @@ +name: "reusable-workflows" +version: "0.1.0" + +locations: + - name: "Actions Versions" + paths: + - '.github/workflows/*.yml' + patterns: + # Actions + - 'advanced-security/reusable-workflows/.github/workflows/.*\.yml@v([0-9]\.[0-9]\.[0-9])' From 5f25e73f24d041bf5d50abb308c1ada7e41a5757 Mon Sep 17 00:00:00 2001 From: Mathew Payne Date: Mon, 2 Sep 2024 10:54:20 +0100 Subject: [PATCH 2/4] feat: Update other workflows --- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/self-dependency-review.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 2340f31..58a2f6b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -38,7 +38,7 @@ jobs: echo "No local configuration file found" echo "Using configuration file from advanced-security/reusable-workflows repository" - echo "config=advanced-security/reusable-workflows/.github/dependency-review.yml@main" >> $GITHUB_STATE + echo "config=advanced-security/reusable-workflows/.github/dependency-review.yml@v0.1.0" >> $GITHUB_STATE fi @@ -46,6 +46,6 @@ jobs: uses: actions/dependency-review-action@v4 with: # this value can also be hardcoded to a remote repository - # Example: advanced-security/reusable-workflows/.github/dependency-review.yml@main + # Example: advanced-security/reusable-workflows/.github/dependency-review.yml@v0.1.0 config-file: ${{ steps.config.outputs.config }} comment-summary-in-pr: "always" diff --git a/.github/workflows/self-dependency-review.yml b/.github/workflows/self-dependency-review.yml index 98cf940..85ed486 100644 --- a/.github/workflows/self-dependency-review.yml +++ b/.github/workflows/self-dependency-review.yml @@ -19,5 +19,5 @@ permissions: jobs: dependency-review: - uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@v0.1.0 secrets: inherit From 148e73267b56aa9f61784e4ccf319c4677a9f431 Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Thu, 5 Sep 2024 15:14:38 +0000 Subject: [PATCH 3/4] feat: Update docs and python workflows to new version --- .github/workflows/python-release.yml | 2 +- .github/workflows/python.yml | 8 ++++---- .release.yml | 1 + wiki/Build-Container.md | 4 ++-- wiki/Build-Python.md | 4 ++-- wiki/Linting-Markdown.md | 2 +- wiki/RepoMang-Labeler.md | 2 +- wiki/Security-DepReview.md | 2 +- 8 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index ccbc234..d565dd4 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -57,7 +57,7 @@ jobs: fi github-release: - uses: advanced-security/reusable-workflows/.github/workflows/release.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.1.0 needs: [ version-changes ] if: ${{ needs.version-changes.outputs.release == 'true' }} secrets: inherit diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index b9b7602..c130890 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -26,14 +26,14 @@ on: jobs: # Run the tests on all supported versions of Python testing: - uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@v0.1.0 secrets: inherit with: versions: ${{ inputs.versions }} # Run linters on the codebase linting: - uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@v0.1.0 needs: [ testing ] secrets: inherit with: @@ -41,7 +41,7 @@ jobs: # Vendor the dependencies into the repository if needed vendoring: - uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@v0.1.0 needs: [ testing, linting ] if: ${{ inputs.vendor == 'true' }} secrets: inherit @@ -51,7 +51,7 @@ jobs: # Release a new version of the package release: - uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@main + uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@v0.1.0 needs: [ testing, linting ] secrets: inherit with: diff --git a/.release.yml b/.release.yml index 27c11aa..e744c94 100644 --- a/.release.yml +++ b/.release.yml @@ -5,6 +5,7 @@ locations: - name: "Actions Versions" paths: - '.github/workflows/*.yml' + - 'wiki/*.md' patterns: # Actions - 'advanced-security/reusable-workflows/.github/workflows/.*\.yml@v([0-9]\.[0-9]\.[0-9])' diff --git a/wiki/Build-Container.md b/wiki/Build-Container.md index a437c54..e4b17db 100644 --- a/wiki/Build-Container.md +++ b/wiki/Build-Container.md @@ -15,7 +15,7 @@ This workflow does the following: **Simple:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/container.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.1.0 secrets: inherit with: # This is used for tagging the container image. @@ -26,7 +26,7 @@ with: **With Settings:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/container.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.1.0 secrets: inherit with: # This is used for tagging the container image diff --git a/wiki/Build-Python.md b/wiki/Build-Python.md index 0d21c87..30fbc13 100644 --- a/wiki/Build-Python.md +++ b/wiki/Build-Python.md @@ -15,13 +15,13 @@ The Action will try to determine how to install, build, test, and lint your proj **Simple:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/python.yml@v0.1.0 ``` **With Settings:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@v0.1.0 with: install: true # Install dependencies (default is true) build: false # Build the project diff --git a/wiki/Linting-Markdown.md b/wiki/Linting-Markdown.md index bf2f291..381c661 100644 --- a/wiki/Linting-Markdown.md +++ b/wiki/Linting-Markdown.md @@ -9,6 +9,6 @@ Lint markdown files in your repository. **Simple:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/markdown-lint.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/markdown-lint.yml@v0.1.0 secrets: inherit ``` diff --git a/wiki/RepoMang-Labeler.md b/wiki/RepoMang-Labeler.md index 8b2cfd4..bb924f4 100644 --- a/wiki/RepoMang-Labeler.md +++ b/wiki/RepoMang-Labeler.md @@ -11,6 +11,6 @@ Automatically label pull requests based on the paths that were modified. **Simple:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/labeler.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/labeler.yml@v0.1.0 secrets: inherit ``` diff --git a/wiki/Security-DepReview.md b/wiki/Security-DepReview.md index af95d8c..cbd358a 100644 --- a/wiki/Security-DepReview.md +++ b/wiki/Security-DepReview.md @@ -9,6 +9,6 @@ Making Dependency Review easy for your projects to use and maintain. **Simple:** ```yaml -uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@main +uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@v0.1.0 secrets: inherit ``` From 2750903ca3622666c9451485cb31a072777c0101 Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Thu, 5 Sep 2024 16:48:40 +0000 Subject: [PATCH 4/4] feat: Add workflow dispatch --- .github/workflows/release.yml | 38 ++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c8e21f0..8611bb9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,16 @@ name: GitHub - Release on: - push: + workflow_distach: + inputs: + bump: + type: choice + description: "The type of version bump to perform" + options: + - patch + - minor + - major + workflow_call: inputs: version: @@ -14,8 +23,35 @@ permissions: contents: write jobs: + release-next: + runs-on: ubuntu-latest + # If the workflow was triggered by workflow_dispatch + if: ${{ github.event_name == 'workflow_dispatch' }} + steps: + - name: "Checkout" + uses: actions/checkout@v3 + + - name: "Patch Release Me" + uses: 42ByteLabs/patch-release-me@0.3.0 + with: + mode: ${{ github.event.inputs.bump }} + + - name: "Create Release" + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ github.token }} + commit-message: "[chore]: Create release for ${{ github.event.inputs.version }}" + title: "[chore]: Create release for ${{ github.event.inputs.version }}" + branch: chore-release-${{ github.event.inputs.version }} + base: ${{ github.event.before }} + labels: version + body: | + This is an automated PR to create a new release. The release will be created once this PR is merged. + release: runs-on: ubuntu-latest + # If the workflow was triggered by a workflow call and the version is not null + if: ${{ github.event_name == 'workflow_call' && github.event.inputs.version != null }} steps: # https://github.com/peter-murray/semver-data-action - name: Parse SemVer