-
Notifications
You must be signed in to change notification settings - Fork 42
142 lines (121 loc) · 4.2 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Build, Test, and Release
on:
pull_request:
branches:
- main
types:
- closed
jobs:
release-build:
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install GitHub CLI
run: |
type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
sudo apt update
sudo apt install gh -y
- name: Bump version in setup.py
if: github.event.pull_request.merged == true
id: bump_version
run: |
python bump_version.py
- name: Upload new version as artifact
uses: actions/upload-artifact@v2
with:
name: new-version-artifact
path: new_version.txt
- name: Configure Git
run: |
git config user.name "GitHub Actions"
git config user.email "[email protected]"
- name: Commit and push version bump
run: |
git add setup.py
if git diff --staged --quiet; then
echo "No changes to commit"
exit 0
fi
git commit -m "Bump version [ci skip]"
git push origin main
- name: Install build tool
run: |
python -m pip install --upgrade pip build
- name: Build release distributions
run: |
python -m build --sdist --wheel .
- name: Upload release distributions
uses: actions/upload-artifact@v3
with:
name: release-dists
path: dist/
pypi-docker-publish:
runs-on: ubuntu-latest
environment: nebula
needs: release-build
permissions:
id-token: write
contents: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Retrieve release distributions
uses: actions/download-artifact@v3
with:
name: release-dists
path: dist/
- name: Publish release distributions to PyPI
if: github.event.pull_request.merged == true
uses: pypa/gh-action-pypi-publish@release/v1
- name: Download new version artifact
uses: actions/download-artifact@v2
with:
name: new-version-artifact
path: ./
- name: Set new version variable
id: set_version_var
run: |
echo "NEW_VERSION=$(<new_version.txt)" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and Push Docker image
if: github.event.pull_request.merged == true
run: |
NEW_VERSION=$(<new_version.txt)
docker build src -f src/nebula/Dockerfile --build-arg APP_VERSION=$NEW_VERSION -t berylliumsec/nebula:$NEW_VERSION
docker push berylliumsec/nebula:$NEW_VERSION
docker tag berylliumsec/nebula:$NEW_VERSION berylliumsec/nebula:latest
docker push berylliumsec/nebula:latest
- name: Create GitHub Release
if: github.event.pull_request.merged == true
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.NEW_VERSION }}
release_name: Release ${{ env.NEW_VERSION }}
draft: false
prerelease: false
body: |
Release Notes:
- This release adds awareness for Nebula Pro
- name: Upload Release Assets
if: github.event.pull_request.merged == true
run: |
for asset in dist/*; do
gh release upload ${{ env.NEW_VERSION }} $asset
done
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}