diff --git a/README.md b/README.md index b71ce09..f1bb24a 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,7 @@ The action requires `id-token: write` permissions. ## Signing tools -The actions in the `garasign` folder are used to sign artifacts using the team's -GPG key. +These actions are used to sign artifacts using the team's GPG key. ### git-sign @@ -75,6 +74,34 @@ Use this action to create signed git artifacts: command: "git tag -m 'Tag' -s --local-user=${{ env.GPG_KEY_ID }} -a " ``` +### bump-version + +This is a convenience action to bump the version, create a signed commit, and +push the commit unless `push_commit` is disabled. You can override the commit message +format if desired. The version bump script should accept a new version as +an argument and update the version accordingly. + +```yaml +- name: Bump version + uses: mongodb-labs/drivers-github-tools/bump-version@v2 + with: + version: ${{ inputs.version }} + version_bump_script: "bash ./my-bump-version-script.sh" +``` + +### tag-version + +This is a convenience action to create a signed tag, optionally verify the tag, +and push the tag unless `push_tag` is disabled. You can override the tag format and the +tag message format if desired. + +```yaml +- name: Tag version + uses: mongodb-labs/drivers-github-tools/tag-version@v2 + with: + version: ${{ inputs.version }} +``` + ### gpg-sign This action is used to create detached signatures for files: diff --git a/bump-version/action.yml b/bump-version/action.yml new file mode 100644 index 0000000..0ab6c83 --- /dev/null +++ b/bump-version/action.yml @@ -0,0 +1,46 @@ +name: Bump Version +description: Bump the version and push if not a dry-run +inputs: + version: + description: The new version + required: true + version_bump_script: + description: The version bump script + required: true + commit_template: + description: The template for the git commit message + default: "BUMP ${VERSION}" + push_commit: + description: Whether to push the commit + default: "true" + artifactory_image: + description: "Image to use for artifactory" + default: release-tools-container-registry-local/garasign-git + +runs: + using: composite + steps: + - name: Set new version + shell: bash -eux {0} + run: | + ${{ inputs.version_bump_script }} ${{ inputs.version }} + - name: Get the commit message + shell: bash -eux {0} + run: | + export VERSION=${{inputs.version}} + export COMMIT_MESSAGE=$(echo "${{inputs.commit_template}}" | envsubst) + echo "COMMIT_MESSAGE=$COMMIT_MESSAGE" >> $GITHUB_ENV + - name: Commit the version bump + uses: mongodb-labs/drivers-github-tools/git-sign@v2 + with: + command: git commit -a -m \"${{env.COMMIT_MESSAGE}}\" -s --gpg-sign=${{ env.GPG_KEY_ID }} + artifactory_image: ${{inputs.artifactory_image}} + - name: Push the commit to the source branch + shell: bash -eux {0} + run: | + if [ ${{ inputs.push_commit }} == "true" ]; then + git push origin + echo "### Pushed version bump: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY + else + echo "### Created version bump (no push): ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY + fi \ No newline at end of file diff --git a/python/bump-and-tag/action.yml b/python/bump-and-tag/action.yml deleted file mode 100644 index 477045c..0000000 --- a/python/bump-and-tag/action.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Python Bump and Tag -description: Perform bump and tag operations for Python Libraries -inputs: - version: - description: "The published version" - required: true - post_version: - description: "The post version" - required: true - version_bump_script: - description: "The version bump script" - required: true - dry_run: - description: "Whether this is a dry run" - required: true - -runs: - using: composite - steps: - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - name: Set new version - shell: bash -eux {0} - run: | - bash ${{ inputs.version_bump_script }} ${{ inputs.version }} - - name: Commit the version bump - uses: mongodb-labs/drivers-github-tools/git-sign@v2 - with: - command: git commit -a -m \"BUMP ${{ inputs.version }}\" -s --gpg-sign=${{ env.GPG_KEY_ID }} - - name: Tag the version - uses: mongodb-labs/drivers-github-tools/git-sign@v2 - with: - command: git tag -a \"${{ inputs.version }}\" -m \"BUMP ${{ inputs.version }}\" -s --local-user=${{ env.GPG_KEY_ID }} - - name: Verify the tag - shell: bash -eux {0} - run: | - curl $GPG_PUBLIC_URL --output /tmp/signature.pub - gpg --import /tmp/signature.pub - git verify-tag ${{inputs.version}} - - name: Push the commit and tag to the source branch - shell: bash -eux {0} - run: | - if [ ${{ inputs.dry_run }} != "true" ]; then - git push origin - git push origin --tags - echo "### Created tag: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY - else - echo "### Dry run for version: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY - fi diff --git a/python/pre-release/action.yml b/python/pre-release/action.yml new file mode 100644 index 0000000..202785c --- /dev/null +++ b/python/pre-release/action.yml @@ -0,0 +1,30 @@ +name: Python Pre-Release +description: Perform pre-release operations for Python Libraries +inputs: + version: + description: The published version + required: true + version_bump_script: + description: The version bump script + required: true + dry_run: + description: Whether this is a dry run + required: true + +runs: + using: composite + steps: + - uses: actions/setup-python@v5 + with: + python-version: '3.11' + - name: Set version + uses: blink1073/drivers-github-tools/bump-version@bump-version + with: + version: ${{ inputs.version }} + version_bump_script: ${{ inputs.version_bump_script }} + dry_run: ${{ inputs.dry_run }} + - name: Tag version + uses: blink1073/drivers-github-tools/tag-version@bump-version + with: + version: ${{ inputs.version }} + dry_run: ${{ inputs.dry_run }} diff --git a/python/publish/action.yml b/python/publish/action.yml index 9d5a196..ba10498 100644 --- a/python/publish/action.yml +++ b/python/publish/action.yml @@ -68,20 +68,14 @@ runs: - name: Publish distribution 📦 to PyPI if: inputs.dry_run == 'false' uses: pypa/gh-action-pypi-publish@release/v1 - - name: Set following version + - name: Ensure a clean repo shell: bash -eux {0} run: | git clean -dffx - bash ${{ inputs.version_bump_script }} ${{ inputs.version }} - - name: Commit the version bump - uses: mongodb-labs/drivers-github-tools/git-sign@v2 + git pull origin ${{ github.ref }} + - name: Set following version + uses: blink1073/drivers-github-tools/bump-version@bump-version with: - command: git commit -a -m \"BUMP ${{ inputs.following_version }}\" -s --gpg-sign=${{ env.GPG_KEY_ID }} - - name: Push the commit to the source branch - shell: bash -eux {0} - run: | - if [ ${{ inputs.dry_run }} != "true" ]; then - git push origin --tags - else - echo "Not pushing the following_version tag since it is a dry run" - fi + version: ${{ inputs.following_version }} + version_bump_script: ${{ inputs.version_bump_script }} + dry_run: ${{ inputs.dry_run }} diff --git a/tag-version/action.yml b/tag-version/action.yml new file mode 100644 index 0000000..91e10c0 --- /dev/null +++ b/tag-version/action.yml @@ -0,0 +1,58 @@ +name: Bump Version +description: Bump the version and push if not a dry-run +inputs: + version: + description: The new version + required: true + tag_template: + description: The template for the git tag + default: "${VERSION}" + tag_message_template: + description: The template for the git tag message + default: "BUMP ${VERSION}" + push_tag: + description: Whether to push the tag + default: "true" + artifactory_image: + description: "Image to use for artifactory" + default: release-tools-container-registry-local/garasign-git + +runs: + using: composite + steps: + - name: Get the tag + shell: bash -eux {0} + run: | + export VERSION=${{inputs.version}} + export TAG=$(echo "${{inputs.tag_template}}" | envsubst) + echo "TAG=$TAG" >> $GITHUB_ENV + - name: Get the tag message + shell: bash -eux {0} + run: | + export VERSION=${{inputs.version}} + export TAG_MESSAGE=$(echo "${{inputs.tag_message_template}}" | envsubst) + echo "TAG_MESSAGE=$TAG_MESSAGE" >> $GITHUB_ENV + - name: Tag the version + uses: mongodb-labs/drivers-github-tools/git-sign@v2 + with: + command: git tag -a \"${{ env.TAG }}\" -m \"${{ env.TAG_MESSAGE }}\" -s --local-user=${{ env.GPG_KEY_ID }} + artifactory_image: ${{ inputs.artifactory_image }} + - name: Verify the tag + shell: bash -eux {0} + run: | + if [ -n "$GPG_PUBLIC_URL" ]; then + curl $GPG_PUBLIC_URL --output /tmp/signature.pub + gpg --import /tmp/signature.pub + git verify-tag $TAG + else + echo "Skipping tag verification" + fi + - name: Push the tag to the source branch + shell: bash -eux {0} + run: | + if [ ${{ inputs.push_tag }} == "true" ]; then + git push origin --tags + echo "### Pushed tag: ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY + else + echo "### Created tag (no push): ${{inputs.version}}" >> $GITHUB_STEP_SUMMARY + fi \ No newline at end of file