Skip to content

Publish

Publish #45

Workflow file for this run

name: Publish
on:
workflow_dispatch:
inputs:
vault_version:
description: "Vault version"
required: true
type: string
bump-package:
description: |-
How to bump `django-encryption` version:
- `none` - do not bump version and do not publish
- `patch` - bump patch version
- `minor` - bump minor version
- `major` - bump major version
default: patch
type: choice
options:
- none
- patch
- minor
- major
jobs:
update-readme:
name: Update README
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.CICD_RELEASES_PAT }}
- name: Update README to reference Vault version ${{ inputs.vault_version }}
env:
LINE: This package is compatible with Vault version
run: |
sed -i -E \
"s|$LINE [0-9]+\.[0-9]+\.[0-9]+|$LINE ${{ inputs.vault_version }}|g" \
$(git ls-files README.md '**/README.md')
- name: Commit and push changes
# even though we're using `if: github.event_name == 'workflow_dispatch'` in the job definition
# we still want to be extra safe and make sure we don't push changes to workflow that is triggered by push event.
if: github.event_name != 'push'
run: |
git config --global user.email "[email protected]"
git config --global user.name "Github Actions"
git_status=$(git status -s)
if [ -n "$git_status" ]; then
echo "There are changes to commit"
git add README.md '**/README.md'
git commit -a -m 'Update README.md files to Vault version ${{ inputs.vault_version }}'
git push
else
echo "No changes to commit"
fi
build-n-publish:
runs-on: ubuntu-latest
needs: update-readme
steps:
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.CICD_RELEASES_PAT }}
# explicitly set ref so we pull based on branch name and get latest changes and not by commit hash and miss out
# changes that are committed by the workflow itself
ref: ${{ github.ref_name }}
- name: Update vault version
run: |
sed -i 's/DOCKER_TAG=.*/DOCKER_TAG=${{ inputs.vault_version }}/g' run.sh
working-directory: examples/django-encryption-example
- name: Install dependencies
run: |
set -x
curl -sSL https://install.python-poetry.org | python3 -
pipx install toml-cli
- name: Update PYPI package versions
if: inputs.bump-package != 'none'
run: |
# find current version
set -x
PYPI_CUR_VER=`toml get --toml-path pyproject.toml tool.poetry.version`
PYPI_NEXT_VER=`npx --yes semver -i ${{ inputs.bump-package }} ${PYPI_CUR_VER}`
toml set --toml-path pyproject.toml tool.poetry.version ${PYPI_NEXT_VER}
working-directory: sdk/orm-django
- name: Commit change and push
if: inputs.bump-package != 'none'
run: |
git config --global user.email "[email protected]"
git config --global user.name "Github Actions"
git_status=$(git status -s)
if [ -n "$git_status" ]; then
echo "There are changes to commit"
git add examples/django-encryption-example/run.sh
git add sdk/orm-django/pyproject.toml
git commit -m "update version to ${{ inputs.bump-package }}"
git push
else
echo "No changes to commit"
fi
- name: Run example
run: |
poetry install
PVAULT_SERVICE_LICENSE=${{ secrets.PVAULT_SERVICE_LICENSE }} /bin/bash run.sh
working-directory: examples/django-encryption-example
- name: Build and publish
if: inputs.bump-package != 'none'
run: |
poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
poetry build
poetry publish
working-directory: sdk/orm-django