diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml index 7489497e..72634114 100644 --- a/.github/workflows/bump.yml +++ b/.github/workflows/bump.yml @@ -79,15 +79,10 @@ jobs: if [ "${{ steps.bump-type.outputs.type }}" = "stable" ]; then COMMAND="hatch run bump" else - # For beta, only proceed if current version is not beta - if [ "${{ steps.current-version.outputs.is_beta }}" = "true" ]; then - echo "Current version is already beta, skipping bump" - echo "bumped=false" >> $GITHUB_OUTPUT - exit 0 - fi + # For beta, we should always run the bump COMMAND="hatch run beta-bump" fi - + # Execute the command if $COMMAND; then echo "bumped=true" >> $GITHUB_OUTPUT diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..ddb0105e --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,84 @@ +name: cd + +on: + push: + tags: + # Stable releases (1.2.3) + - 'v?[0-9]+.[0-9]+.[0-9]+' + # Beta releases (1.2.3b0) + - 'v?[0-9]+.[0-9]+.[0-9]+b[0-9]+' + +jobs: + ci: + uses: ./.github/workflows/ci.yml + + build: + needs: [ci] + uses: ./.github/workflows/reusable-build.yml + + # TODO: Test generated artifacts before releasing and publish + + release: + needs: [ci, build] + runs-on: ubuntu-24.04 + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Download all artifacts + uses: actions/download-artifact@v4 + + - name: Get version from tag + id: get_version + run: | + VERSION=${GITHUB_REF#refs/tags/} + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "Tag version: $VERSION" + + - name: Generate release notes + id: release_notes + run: | + PREV_TAG=$(git describe --tags --abbrev=0 HEAD^) + NOTES=$(git log ${PREV_TAG}..HEAD --pretty=format:"* %s (%h)") + echo "RELEASE_NOTES<> $GITHUB_OUTPUT + echo "## What's Changed" >> $GITHUB_OUTPUT + echo "$NOTES" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Create GitHub Release + id: create_release + uses: softprops/action-gh-release@v2.0.1 + with: + name: Version ${{ steps.get_version.outputs.version }} + body: ${{ steps.release_notes.outputs.RELEASE_NOTES }} + files: | + safety-linux/safety + safety-windows/safety.exe + safety-macos/safety + dist/* + prerelease: ${{ contains(steps.get_version.outputs.version, 'b') }} + + publish: + needs: [release] + runs-on: ubuntu-24.04 + environment: + name: pypi + url: https://pypi.org/p/safety + permissions: + id-token: write + steps: + - name: Download dist artifact + uses: actions/download-artifact@v4 + with: + name: dist + path: dist + + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: dist/ + verbose: true + print-hash: true diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 0fe68b55..58daae03 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -8,8 +8,9 @@ on: type: string default: "3.12" bump-command: - required: true + required: false type: string + default: "" branch-name: required: false type: string