Publish #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| vault_version: | |
| description: "Vault version" | |
| required: true | |
| type: string | |
| bump-package: | |
| description: |- | |
| How to bump `django-encryption` version: | |
| - `none` - do not bump version and do not publish | |
| - `patch` - bump patch version | |
| - `minor` - bump minor version | |
| - `major` - bump major version | |
| default: patch | |
| type: choice | |
| options: | |
| - none | |
| - patch | |
| - minor | |
| - major | |
| jobs: | |
| update-readme: | |
| name: Update README | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.CICD_RELEASES_PAT }} | |
| - name: Update README to reference Vault version ${{ inputs.vault_version }} | |
| env: | |
| LINE: This package is compatible with Vault version | |
| run: | | |
| sed -i -E \ | |
| "s|$LINE [0-9]+\.[0-9]+\.[0-9]+|$LINE ${{ inputs.vault_version }}|g" \ | |
| $(git ls-files README.md '**/README.md') | |
| - name: Commit and push changes | |
| # even though we're using `if: github.event_name == 'workflow_dispatch'` in the job definition | |
| # we still want to be extra safe and make sure we don't push changes to workflow that is triggered by push event. | |
| if: github.event_name != 'push' | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Github Actions" | |
| git_status=$(git status -s) | |
| if [ -n "$git_status" ]; then | |
| echo "There are changes to commit" | |
| git add README.md '**/README.md' | |
| git commit -a -m 'Update README.md files to Vault version ${{ inputs.vault_version }}' | |
| git push | |
| else | |
| echo "No changes to commit" | |
| fi | |
| build-n-publish: | |
| runs-on: ubuntu-latest | |
| needs: update-readme | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.CICD_RELEASES_PAT }} | |
| # explicitly set ref so we pull based on branch name and get latest changes and not by commit hash and miss out | |
| # changes that are committed by the workflow itself | |
| ref: ${{ github.ref_name }} | |
| - name: Update vault version | |
| run: | | |
| sed -i 's/DOCKER_TAG=.*/DOCKER_TAG=${{ inputs.vault_version }}/g' run.sh | |
| working-directory: examples/django-encryption-example | |
| - name: Install dependencies | |
| run: | | |
| set -x | |
| curl -sSL https://install.python-poetry.org | python3 - | |
| pipx install toml-cli | |
| - name: Update PYPI package versions | |
| if: inputs.bump-package != 'none' | |
| run: | | |
| # find current version | |
| set -x | |
| PYPI_CUR_VER=`toml get --toml-path pyproject.toml tool.poetry.version` | |
| PYPI_NEXT_VER=`npx --yes semver -i ${{ inputs.bump-package }} ${PYPI_CUR_VER}` | |
| toml set --toml-path pyproject.toml tool.poetry.version ${PYPI_NEXT_VER} | |
| working-directory: sdk/orm-django | |
| - name: Commit change and push | |
| if: inputs.bump-package != 'none' | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Github Actions" | |
| git_status=$(git status -s) | |
| if [ -n "$git_status" ]; then | |
| echo "There are changes to commit" | |
| git add examples/django-encryption-example/run.sh | |
| git add sdk/orm-django/pyproject.toml | |
| git commit -m "update version to ${{ inputs.bump-package }}" | |
| git push | |
| else | |
| echo "No changes to commit" | |
| fi | |
| - name: Run example | |
| run: | | |
| poetry install | |
| PVAULT_SERVICE_LICENSE=${{ secrets.PVAULT_SERVICE_LICENSE }} /bin/bash run.sh | |
| working-directory: examples/django-encryption-example | |
| - name: Build and publish | |
| if: inputs.bump-package != 'none' | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry build | |
| poetry publish | |
| working-directory: sdk/orm-django |