Add bump-version and tag-version scripts (#32)

Co-authored-by: Andreas Braun <[email protected]>
mongodb-labs · Jun 11, 2024 · e796a48 · e796a48
1 parent 1e0af6f
commit e796a48
Show file tree

Hide file tree

Showing 6 changed files with 170 additions and 65 deletions.
diff --git a/README.md b/README.md
@@ -51,8 +51,7 @@ The action requires `id-token: write` permissions.
 
 ## Signing tools
 
-The actions in the `garasign` folder are used to sign artifacts using the team's
-GPG key.
+These actions are used to sign artifacts using the team's GPG key.
 
 ### git-sign
 
@@ -75,6 +74,34 @@ Use this action to create signed git artifacts:
     command: "git tag -m 'Tag' -s --local-user=${{ env.GPG_KEY_ID }} -a <tag>"
 ```
 
+### bump-version
+
+This is a convenience action to bump the version, create a signed commit, and
+push the commit unless `push_commit` is disabled.  You can override the commit message
+format if desired.  The version bump script should accept a new version as
+an argument and update the version accordingly.
+
+```yaml
+- name: Bump version
+  uses: mongodb-labs/drivers-github-tools/bump-version@v2
+  with:
+    version: ${{ inputs.version }}
+    version_bump_script: "bash ./my-bump-version-script.sh"
+```
+
+### tag-version
+
+This is a convenience action to create a signed tag, optionally verify the tag,
+and push the tag unless `push_tag` is disabled.  You can override the tag format and the
+tag message format if desired.
+
+```yaml
+- name: Tag version
+  uses: mongodb-labs/drivers-github-tools/tag-version@v2
+  with:
+    version: ${{ inputs.version }}
+```
+
 ### gpg-sign
 
 This action is used to create detached signatures for files:

diff --git a/bump-version/action.yml b/bump-version/action.yml
@@ -0,0 +1,46 @@
+name: Bump Version
+description: Bump the version and push if not a dry-run
+inputs:
+  version:
+    description: The new version
+    required: true
+  version_bump_script:
+    description: The version bump script
+    required: true
+  commit_template:
+    description: The template for the git commit message
+    default: "BUMP ${VERSION}"
+  push_commit:
+    description: Whether to push the commit
+    default: "true"
+  artifactory_image:
+    description: "Image to use for artifactory"
+    default: release-tools-container-registry-local/garasign-git
+
+runs:
+  using: composite
+  steps:
+    - name: Set new version
+      shell: bash -eux {0}
+      run: |
+        ${{ inputs.version_bump_script }} ${{ inputs.version }}
+    - name: Get the commit message
+      shell: bash -eux {0}
+      run: |
+        export VERSION=${{inputs.version}}
+        export COMMIT_MESSAGE=$(echo "${{inputs.commit_template}}" | envsubst)
+        echo "COMMIT_MESSAGE=$COMMIT_MESSAGE" >> $GITHUB_ENV
+    - name: Commit the version bump
+      uses: mongodb-labs/drivers-github-tools/git-sign@v2
+      with:
+        command: git commit -a -m \"${{env.COMMIT_MESSAGE}}\" -s --gpg-sign=${{ env.GPG_KEY_ID }}
+        artifactory_image: ${{inputs.artifactory_image}}
+    - name: Push the commit to the source branch
+      shell: bash -eux {0}
+      run: |
+        if [ ${{ inputs.push_commit }} == "true" ]; then
+          git push origin
+          echo "### Pushed version bump: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY
+        else
+          echo "### Created version bump (no push): ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY
+        fi
diff --git a/python/bump-and-tag/action.yml b/python/bump-and-tag/action.yml
diff --git a/python/pre-release/action.yml b/python/pre-release/action.yml
@@ -0,0 +1,30 @@
+name: Python Pre-Release
+description: Perform pre-release operations for Python Libraries
+inputs:
+  version:
+    description: The published version
+    required: true
+  version_bump_script:
+    description: The version bump script
+    required: true
+  dry_run:
+    description: Whether this is a dry run
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+    - name: Set version
+      uses: blink1073/drivers-github-tools/bump-version@bump-version
+      with:
+        version: ${{ inputs.version }}
+        version_bump_script: ${{ inputs.version_bump_script }}
+        dry_run: ${{ inputs.dry_run }}
+    - name: Tag version
+      uses: blink1073/drivers-github-tools/tag-version@bump-version
+      with:
+        version: ${{ inputs.version }}
+        dry_run: ${{ inputs.dry_run }}
diff --git a/python/publish/action.yml b/python/publish/action.yml
@@ -68,20 +68,14 @@ runs:
     - name: Publish distribution 📦 to PyPI
       if: inputs.dry_run == 'false'
       uses: pypa/gh-action-pypi-publish@release/v1
-    - name: Set following version
+    - name: Ensure a clean repo
       shell: bash -eux {0}
       run: |
         git clean -dffx
-        bash ${{ inputs.version_bump_script }} ${{ inputs.version }}
-    - name: Commit the version bump
-      uses: mongodb-labs/drivers-github-tools/git-sign@v2
+        git pull origin ${{ github.ref }}
+    - name: Set following version
+      uses: blink1073/drivers-github-tools/bump-version@bump-version
       with:
-        command: git commit -a -m \"BUMP ${{ inputs.following_version }}\" -s --gpg-sign=${{ env.GPG_KEY_ID }}
-    - name: Push the commit to the source branch
-      shell: bash -eux {0}
-      run: |
-        if [ ${{ inputs.dry_run }} != "true" ]; then
-          git push origin --tags
-        else
-          echo "Not pushing the following_version tag since it is a dry run"
-        fi
+          version: ${{ inputs.following_version }}
+          version_bump_script: ${{ inputs.version_bump_script }}
+          dry_run: ${{ inputs.dry_run }}
diff --git a/tag-version/action.yml b/tag-version/action.yml
@@ -0,0 +1,58 @@
+name: Bump Version
+description: Bump the version and push if not a dry-run
+inputs:
+  version:
+    description: The new version
+    required: true
+  tag_template:
+    description: The template for the git tag
+    default: "${VERSION}"
+  tag_message_template:
+    description: The template for the git tag message
+    default: "BUMP ${VERSION}"
+  push_tag:
+    description: Whether to push the tag
+    default: "true"
+  artifactory_image:
+    description: "Image to use for artifactory"
+    default: release-tools-container-registry-local/garasign-git
+
+runs:
+  using: composite
+  steps:
+    - name: Get the tag
+      shell: bash -eux {0}
+      run: |
+        export VERSION=${{inputs.version}}
+        export TAG=$(echo "${{inputs.tag_template}}" | envsubst)
+        echo "TAG=$TAG" >> $GITHUB_ENV
+    - name: Get the tag message
+      shell: bash -eux {0}
+      run: |
+        export VERSION=${{inputs.version}}
+        export TAG_MESSAGE=$(echo "${{inputs.tag_message_template}}" | envsubst)
+        echo "TAG_MESSAGE=$TAG_MESSAGE" >> $GITHUB_ENV
+    - name: Tag the version
+      uses: mongodb-labs/drivers-github-tools/git-sign@v2
+      with:
+        command: git tag -a \"${{ env.TAG }}\" -m \"${{ env.TAG_MESSAGE }}\" -s --local-user=${{ env.GPG_KEY_ID }}
+        artifactory_image: ${{ inputs.artifactory_image }}
+    - name: Verify the tag
+      shell: bash -eux {0}
+      run: |
+        if [ -n "$GPG_PUBLIC_URL" ]; then
+          curl $GPG_PUBLIC_URL --output /tmp/signature.pub
+          gpg --import /tmp/signature.pub
+          git verify-tag $TAG
+        else
+          echo "Skipping tag verification"
+        fi
+    - name: Push the tag to the source branch
+      shell: bash -eux {0}
+      run: |
+        if [ ${{ inputs.push_tag }} == "true" ]; then
+          git push origin --tags
+          echo "### Pushed tag: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY
+        else
+          echo "### Created tag (no push): ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY
+        fi