chore(deps): update dependency requests to v2.32.4 [security] (#202) #29
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| TARGET_BRANCH: main | |
| CHARMCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true | |
| ROCKCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true | |
| jobs: | |
| prepare-version: | |
| # TODO: reject action if the push is from content system bot | |
| name: Determine and prepare next version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
| new_release_version: ${{ steps.semantic.outputs.new_release_version }} | |
| new_release_git_tag: ${{ steps.semantic.outputs.new_release_git_tag }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Semantic Release | |
| uses: cycjimmy/semantic-release-action@v4 | |
| id: semantic | |
| with: | |
| dry_run: true | |
| branch: ${{ env.TARGET_BRANCH }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Display next version | |
| if: steps.semantic.outputs.new_release_published == 'true' | |
| run: | | |
| echo "## π¦ Next Release Version" >> $GITHUB_STEP_SUMMARY | |
| echo "**Version:** ${{ steps.semantic.outputs.new_release_version }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Git Tag:** ${{ steps.semantic.outputs.new_release_git_tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Will Publish:** ${{ steps.semantic.outputs.new_release_published }}" >> $GITHUB_STEP_SUMMARY | |
| pack-rock: | |
| name: Build and Pack Rock | |
| needs: prepare-version | |
| if: needs.prepare-version.outputs.new_release_published == 'true' | |
| runs-on: ubuntu-latest | |
| env: | |
| ROCK_BUILD_NAME: cs-canonical-com-${{ needs.prepare-version.outputs.new_release_git_tag }}.rock | |
| outputs: | |
| rock: ${{ steps.set_rock.outputs.rock }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v3 | |
| - name: Build Assets | |
| run: | | |
| yarn install | |
| yarn run build | |
| - name: Setup LXD | |
| uses: canonical/setup-lxd@main | |
| - name: Create repositories directory | |
| run: | | |
| mkdir -m 777 repositories | |
| mkdir -m 777 tree-cache | |
| - name: Setup Rockcraft | |
| run: sudo snap install rockcraft --classic --channel=latest/edge | |
| - name: Pack Rock | |
| run: rockcraft pack | |
| - name: Upload Rock | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.ROCK_BUILD_NAME }} | |
| path: ./*.rock | |
| - name: Set rock | |
| id: set_rock | |
| run: echo "rock=${{ env.ROCK_BUILD_NAME }}" >> $GITHUB_OUTPUT | |
| pack-charm: | |
| name: Build and Pack Charm | |
| needs: prepare-version | |
| if: needs.prepare-version.outputs.new_release_published == 'true' | |
| runs-on: ubuntu-latest | |
| env: | |
| CHARM_BUILD_NAME: cs-canonical-com-${{ needs.prepare-version.outputs.new_release_git_tag }}.charm | |
| outputs: | |
| charm: ${{ steps.set_charm.outputs.charm }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Setup LXD | |
| uses: canonical/setup-lxd@main | |
| - name: Setup Charmcraft | |
| run: sudo snap install charmcraft --classic --channel=latest/edge | |
| - name: Pack charm | |
| run: | | |
| cd charm | |
| charmcraft pack -v --project-dir ./ | |
| - name: Upload charm | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.CHARM_BUILD_NAME }} | |
| path: ./charm/*.charm | |
| - name: Set charm | |
| id: set_charm | |
| run: echo "charm=${{ env.CHARM_BUILD_NAME }}" >> $GITHUB_OUTPUT | |
| publish-image: | |
| runs-on: ubuntu-latest | |
| needs: [prepare-version, pack-rock] | |
| if: needs.prepare-version.outputs.new_release_published == 'true' | |
| outputs: | |
| image_url: ${{ steps.set_image_url.outputs.image_url }} | |
| steps: | |
| - name: Get Rock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ needs.pack-rock.outputs.rock }} | |
| - name: Set image URL | |
| id: set_image_url | |
| run: | | |
| IMAGE_URL=ghcr.io/${{ github.repository }}:${{ needs.prepare-version.outputs.new_release_git_tag }} | |
| echo -e "> [!NOTE]\n> Rockcraft OCI image: $IMAGE_URL" >> $GITHUB_STEP_SUMMARY | |
| echo $DOCKERHUB_MIRROR | |
| echo "ghcr_image_url=$IMAGE_URL" >> $GITHUB_OUTPUT | |
| echo "image_url=$IMAGE_URL" >> $GITHUB_OUTPUT | |
| - name: Push to GHCR | |
| run: skopeo --insecure-policy copy oci-archive:$(ls *.rock) docker://${{ steps.set_image_url.outputs.ghcr_image_url }} --dest-creds "canonical:${{ secrets.GITHUB_TOKEN }}" | |
| release: | |
| name: Rollout Release | |
| runs-on: ubuntu-latest | |
| needs: [prepare-version, pack-rock, publish-image, pack-charm] | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| if: needs.prepare-version.outputs.new_release_published == 'true' | |
| env: | |
| CHARM_BUILD_NAME: cs-canonical-com-${{ needs.prepare-version.outputs.new_release_git_tag }}.charm | |
| ROCK_BUILD_NAME: cs-canonical-com-${{ needs.prepare-version.outputs.new_release_git_tag }}.rock | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download Charm artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.CHARM_BUILD_NAME }} | |
| - name: Download Rock artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.ROCK_BUILD_NAME }} | |
| - name: Setup Semantic Release | |
| uses: cycjimmy/semantic-release-action@v4 | |
| id: semantic | |
| with: | |
| branch: ${{ env.TARGET_BRANCH }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Display release summary | |
| if: needs.prepare-version.outputs.new_release_published == 'true' | |
| run: | | |
| echo "## π Release Published Successfully!" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Version:** v${{ needs.prepare-version.outputs.new_release_version }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Git Tag:** ${{ needs.prepare-version.outputs.new_release_git_tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### π¦ Release Assets" >> $GITHUB_STEP_SUMMARY | |
| echo "- πͺ¨ **Rock:** \`${{ env.ROCK_BUILD_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- β‘ **Charm:** \`${{ env.CHARM_BUILD_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### π Links" >> $GITHUB_STEP_SUMMARY | |
| echo "- [π View Release](https://github.com/${{ github.repository }}/releases/tag/${{ needs.prepare-version.outputs.new_release_git_tag }})" >> $GITHUB_STEP_SUMMARY | |
| echo "- [π Version Update Commit](https://github.com/${{ github.repository }}/commit/$(git rev-parse HEAD))" >> $GITHUB_STEP_SUMMARY | |
| deploy: | |
| name: Deploy Application | |
| needs: [prepare-version, release] | |
| uses: ./.github/workflows/deploy.yaml | |
| secrets: inherit | |
| with: | |
| release_tag: ${{ needs.prepare-version.outputs.new_release_git_tag }} |