Create and publish release #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create and publish release | |
# example: gh workflow run release.yml -f tag_name=v1.1.4 | |
on: | |
workflow_dispatch: | |
inputs: | |
tag_name: | |
type: string | |
required: true | |
description: Tag name | |
publish-to-pypi: | |
type: boolean | |
description: Publish to PyPI | |
default: true | |
first-release: | |
type: boolean | |
description: First release | |
default: false | |
jobs: | |
create-release: | |
name: Create release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Check naming convention | |
run: | | |
VERIF=$(echo ${{ github.event.inputs.tag_name }} | grep -E "^v([0-9]{1,}\.)([0-9]{1,}\.)([0-9]{1,})(-(alpha|beta)\.[0-9]{1,})?$") | |
if [ ! ${VERIF} ] | |
then | |
echo "Tag name '${{ github.event.inputs.tag_name }}' does not comply with naming convention vX.Y.Z" | |
exit 1 | |
fi | |
- name: Set version number without v | |
run: | | |
echo "VERSION_NUMBER=$(echo ${{ github.event.inputs.tag_name }} | sed 's/v//g' )" >> $GITHUB_ENV | |
- name: Clone sources | |
uses: actions/checkout@v4 | |
- name: Check version ${{ env.VERSION_NUMBER }} consistency in files | |
# CHANGELOG.md | |
run: | | |
# Check top ## [VERSION_NUMBER](GITHUB_URL/releases/tag/vVERSION_NUMBER) - yyyy-mm-dd in CHANGELOG.md | |
# Example: ## [0.0.2](https://github.com/crowdsecurity/python-capi-sdk/releases/tag/v0.0.2) - 2024-02-07 | |
CURRENT_DATE=$(date +'%Y-%m-%d') | |
echo $CURRENT_DATE | |
CHANGELOG_VERSION=$(grep -o -E "## \[(.*)\].* - $CURRENT_DATE" CHANGELOG.md | head -1 | sed 's/ //g') | |
echo $CHANGELOG_VERSION | |
if [[ $CHANGELOG_VERSION == "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE" ]] | |
then | |
echo "CHANGELOG VERSION OK" | |
else | |
echo "CHANGELOG VERSION KO" | |
echo $CHANGELOG_VERSION | |
exit 1 | |
fi | |
# Check top [_Compare with previous release_](GITHUB_URL/compare/vLAST_TAG...vVERSION_NUMBER) in CHANGELOG.md | |
# Example: [_Compare with previous release_](https://github.com/crowdsecurity/python-capi-sdk/compare/v0.0.1...v0.0.2) | |
if [[ ${{ github.event.inputs.first-release }} != "true" ]] | |
then | |
COMPARISON=$(grep -oP "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/compare/\K(.*)$" CHANGELOG.md | head -1) | |
LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/latest | grep -oP "\/tag\/\K(.*)$") | |
if [[ $COMPARISON == "$LAST_TAG...v${{ env.VERSION_NUMBER }})" ]] | |
then | |
echo "VERSION COMPARISON OK" | |
else | |
echo "VERSION COMPARISON KO" | |
echo $COMPARISON | |
echo "$LAST_TAG...v${{ env.VERSION_NUMBER }})" | |
exit 1 | |
fi | |
fi | |
- name: Create Tag ${{ github.event.inputs.tag_name }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ github.token }} | |
script: | | |
github.rest.git.createRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: "refs/tags/${{ github.event.inputs.tag_name }}", | |
sha: context.sha | |
}) | |
- name: Prepare release notes | |
run: | | |
# Retrieve release body and remove --- | |
VERSION_RELEASE_NOTES=$(awk -v ver="[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})" '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next} } p && NF' CHANGELOG.md | sed ':a;N;$!ba;s/\n---/ /g') | |
echo "$VERSION_RELEASE_NOTES" >> CHANGELOG.txt | |
- name: Create release ${{ env.VERSION_NUMBER }} | |
uses: softprops/action-gh-release@v1 | |
with: | |
body_path: CHANGELOG.txt | |
name: ${{ env.VERSION_NUMBER }} | |
tag_name: ${{ github.event.inputs.tag_name }} | |
publish-on-pypi: | |
name: Publish to PyPI | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/cscapi | |
permissions: | |
# IMPORTANT: this permission is mandatory for trusted publishing | |
id-token: write | |
if: success() && github.event.inputs.publish-to-pypi == 'true' | |
needs: [ create-release ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-tags: true | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install build | |
- name: Build package | |
run: python -m build | |
- name: Publish package to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 |