Merge pull request #121 from Santandersecurityresearch/develop

Bug fix, process to automatically release new versions documented and dependency versions updated
Santandersecurityresearch · May 20, 2020 · 625e564 · 625e564
2 parents d121e6b + df04a7d
commit 625e564
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 153 deletions.
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -46,11 +46,11 @@ jobs:
       - name: BumpVersion if PR 'to-branch' is master
         if: github.base_ref == 'master'
         run: |
-          grep -i 'current_version = ' setup.cfg |  tr -d 'current_version = '
+          grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
-          bumpversion minor
-          grep -i 'current_version = ' setup.cfg |  tr -d 'current_version = '
+          bump2version minor
+          grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
 
       - name: Push changes if PR 'to-branch' is master
         if: github.base_ref == 'master'

diff --git a/Pypi_description.md b/Pypi_description.md
diff --git a/RELEASING.md b/RELEASING.md
@@ -0,0 +1,41 @@
+# Releasing
+
+Our approach to releasing new versions is quite simple. A new version will be released everytime there's a push to master branch. 
+
+We've managed to have all the process to bump version for next release in the different files fully automated by using [github actions](https://github.com/features/actions). 
+
+We currently have 2 github actions configured in this repo, which will be triggered when:
+
+* There's a pull request.
+    * If the PR is to a non master branch, this action will run standard checks like nosetests, flake8, bandit and safety to ensure everything is good with the code.
+    * If the PR is to the master branch, this action will run standard checks, automatically bump release version number in appropriate files and commit those changes to the pull request branch.
+* There are changes pushed to master branch.
+    * This action will run standard checks, create the wheel, the release/tag using the version previously bumped and publish the artefact to Pypi
+
+To bump version in files prior to release, we use [bump2version](https://github.com/c4urself/bump2version). The configuration for it to know what is the current version, what files need to have the version bumped up and what is the next version is in `setup.cfg`. 
+
+```ini
+[bumpversion]
+current_version = 1.2.2
+commit = True
+tag = False
+new_version = 2.0.0
+
+[bumpversion:file:setup.py]
+search = version='{current_version}'
+replace = version='{new_version}'
+
+[bumpversion:file:setup.cfg]
+search = current_version = '{current_version}'
+replace = current_version = '{new_version}'
+
+[bumpversion:file:drheader/__init__.py]
+search = __version__ = '{current_version}'
+replace = __version__ = '{new_version}'
+
+...
+```
+
+With this configuration, we are specifying that only those three files need to have the version bumped before release. By default, `bump2version` bumps a minor version (ie . from 1.2.2 to 1.3.0), but if we want it to be a major version or a patch bump, we only need to specify the `new_version` attribute in the configuration with the version we want to use for the release. 
+
+**Note**: Master and develop branches are protected. It means that we require commits to be pushed through pull requests, status checks to pass before merging and restrict who can push to those branches. We aimed to have the release process fully automated, but because issues described [here](https://github.community/t5/GitHub-Actions/How-to-push-to-protected-branches-in-a-GitHub-Action/td-p/29609) or [here](https://github.community/t5/GitHub-Actions/Automatic-version-update-in-protected-branch/m-p/56469#M9895) when using github actions for this, we decided that disabling this protection in **develop** branch just when a PR from develop to master is submitted would be a good approach for us, so that the action that bumps the versions and commits the changes back can complete successfuly. 
diff --git a/drheader/__init__.py b/drheader/__init__.py
@@ -2,6 +2,6 @@
 
 """Top-level package for drHEADer core."""
 
-__version__ = '1.2.2'
+__version__ = '1.3.0'
 
 from drheader.core import Drheader  # noqa
diff --git a/requirements.txt b/requirements.txt
@@ -1,8 +1,8 @@
-requests==2.22.0
+requests>=2.22.0
 jsonschema==3.1.1
 jsonschema[format]
 Click>=7.0
-validators==0.14.0
+validators>=0.14.0
 tabulate==0.8.3
 pyyaml==5.3.1
 junit-xml==1.9
diff --git a/requirements_dev.txt b/requirements_dev.txt
@@ -1,4 +1,3 @@
-bumpversion==0.5.3
 bump2version==1.0.0
 wheel==0.32.1
 watchdog==0.9.0
@@ -13,7 +12,7 @@ bandit==1.6.2
 flake8==3.6.0
 safety==1.8.6
 nose>=1.3.6
-validators==0.14.0
+validators>=0.14.0
 unittest2==1.1.0
 xmlunittest==0.5.0
 junit-xml==1.9

diff --git a/setup.cfg b/setup.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.2.2
+current_version = 1.3.0
 commit = True
 tag = False
 
@@ -9,7 +9,7 @@ replace = version='{new_version}'
 
 [bumpversion:file:setup.cfg]
 search = current_version = '{current_version}'
-replace = version='{new_version}'
+replace = current_version = '{new_version}'
 
 [bumpversion:file:drheader/__init__.py]
 search = __version__ = '{current_version}'

diff --git a/setup.py b/setup.py
@@ -62,6 +62,6 @@
     test_suite='tests',
     tests_require=test_requirements, 
     url='https://github.com/santandersecurityresearch/drheader',
-    version='1.2.2',
+    version='1.3.0',
     zip_safe=False,
 )