Skip to content

Commit

Permalink
ci: add bump file
Browse files Browse the repository at this point in the history
  • Loading branch information
@yeisonvargasf
yeisonvargasf committed Jan 22, 2025
1 parent 4d3adbd commit 0d5cb0b
Show file tree
Hide file tree
Showing 6 changed files with 425 additions and 2 deletions.
112 changes: 112 additions & 0 deletions .github/workflows/bump-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
name: Release on Version Bump

on:
push:
branches: [main]

jobs:
check-and-release:
runs-on: ubuntu-24.04
if: startsWith(github.event.head_commit.message, 'bump:')
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Install hatch
run: pip install hatch

# Use the reusable build workflow with no bump command since we're already at the right version
- name: Build and Release
uses: ./.github/workflows/reusable-build.yml
with:
bump-command: "" # No bump needed, we're releasing the current version

- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION=$(hatch version)
# Determine if this is a beta release
if [[ $VERSION =~ .*[ab][0-9]+$ ]]; then
IS_PRERELEASE="true"
else
IS_PRERELEASE="false"
fi
# Create GitHub release
gh release create "v$VERSION" \
--title "Release v$VERSION" \
--notes "Release v$VERSION" \
--prerelease=$IS_PRERELEASE \
./dist/*
- name: Publish to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
run: |
pip install twine
twine upload dist/*
- name: Notify Slack
if: env.SLACK_WEBHOOK != ''
uses: slackapi/[email protected]
with:
payload: |
{
"text": "🚀 New release: $(hatch version)"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}


build:
runs-on: ubuntu-24.04
needs: test

steps:
- name: Generate SLUG
id: slug
run: |
SLUG=$(echo "$BRANCH_NAME" | iconv -t ascii//TRANSLIT | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z)
echo "SLUG=$SLUG" >> $GITHUB_OUTPUT
# Bump for PRs with local a PEP440 version
- name: PR bump
if: github.event_name == 'pull_request' && github.base_ref == 'main'
run: hatch run local-bump $(hatch version)+${{ steps.slug.outputs.SLUG }}




# ON PRs opened, syncronized against main branch
# Call hatch local-bump, this only will modify the version to be version+branch-name, this won't sync any commit, will be just a local change to generate the artifacts
# Build package
# Build binaries
# Upload artifacts
# Comment the PR (Or update the PR comment), with the instructions to install the binary or whl generated

# Every weekly
# Every workflow_dispatch
# Call hatch bump, this will add a commit to main branch called bump:

# ON bump: -> Push Bump Beta commit for main branch [Some logic to check the version is a a beta/pre-release PEP 440 version]
# Build package
# Build binaries
# Upload artifacts
# Release PyPi
# Release Github
# Update slack?

# ON bump: -> Push bump release commit for main branch [Some logic to check the version is a stable PEP 440 version]
# Build package
# Build binaries
# Upload artifacts
# Release PyPi
# Release Github
# Update slack?
101 changes: 101 additions & 0 deletions .github/workflows/bump.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
name: Bump

on:
workflow_dispatch:
inputs:
bump_type:
description: 'Type of bump to perform'
required: true
default: 'beta'
type: choice
options:
- beta
- stable

jobs:
check-and-bump:
environment: production
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4

- name: Check current commit
run: |
COMMIT_MSG=$(git log --format=%B -n 1)
echo "Checking commit message: $COMMIT_MSG"
if [[ $COMMIT_MSG == bump:* ]]; then
echo "Current commit is a bump, skipping"
exit 0
fi
- name: Determine bump type
id: bump-type
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "type=${{ inputs.bump_type }}" >> $GITHUB_OUTPUT
else
echo "type=beta" >> $GITHUB_OUTPUT
fi
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Install hatch
run: pip install hatch

- name: Configure Git
run: |
git config --global user.name 'safety-bot'
git config --global user.email '[email protected]'
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.SAFETY_BOT_GPG_KEY }}
passphrase: ${{ secrets.SAFETY_BOT_GPG_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true

- name: Get current version
id: current-version
run: |
CURRENT_VERSION=$(hatch version)
echo "version -> $CURRENT_VERSION"
echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
if [[ $CURRENT_VERSION =~ .*b[0-9]+$ ]]; then
echo "is_beta=true" >> $GITHUB_OUTPUT
else
echo "is_beta=false" >> $GITHUB_OUTPUT
fi
- name: Perform version bump
id: version-bump
run: |
if [ "${{ steps.bump-type.outputs.type }}" = "stable" ]; then
COMMAND="hatch run bump"
else
# For beta, only proceed if current version is not beta
if [ "${{ steps.current-version.outputs.is_beta }}" = "true" ]; then
echo "Current version is already beta, skipping bump"
echo "bumped=false" >> $GITHUB_OUTPUT
exit 0
fi
COMMAND="hatch run beta-bump"
fi
# Execute the command
if $COMMAND; then
echo "bumped=true" >> $GITHUB_OUTPUT
else
echo "bumped=false" >> $GITHUB_OUTPUT
fi
- name: Push changes
if: steps.version-bump.outputs.bumped == 'true'
run: |
git push --follow-tags
101 changes: 101 additions & 0 deletions .github/workflows/cd.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
on:
schedule:
# Monday at 9 AM UTC
- cron: '0 9 * * 1'
workflow_dispatch: # Manual trigger for emergency releases

jobs:
ci:
uses: ./.github/workflows/ci.yml
release:
needs: ci




# Release steps

build-binaries:
needs: test
runs-on: ${{ matrix.os }}

strategy:
matrix:
os: [ 'windows-latest', 'ubuntu-20.04', 'macos-latest' ]
env:
BINARY_OS: '${{ matrix.os }}'
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: Install Dependencies
run: python binaries.py install
- name: Test Safety
run: python binaries.py test
- name: Producing Binaries
run: python binaries.py dist
- uses: actions/upload-artifact@v4
if: ${{ matrix.os == 'windows-latest' }}
with:
name: safety-win-i686.exe
path: dist/safety-win-i686.exe
if-no-files-found: error
- uses: actions/upload-artifact@v4
if: ${{ matrix.os == 'windows-latest' }}
with:
name: safety-win-x86_64.exe
path: dist/safety-win-x86_64.exe
if-no-files-found: error
- uses: actions/upload-artifact@v4
if: ${{ matrix.os == 'ubuntu-20.04' }}
with:
name: safety-linux-x86_64
path: dist/safety-linux-x86_64
if-no-files-found: error
- uses: actions/upload-artifact@v4
if: ${{ matrix.os == 'macos-latest' }}
with:
name: safety-macos-x86_64
path: dist/safety-macos-x86_64
if-no-files-found: error


deploy-pypi:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
needs: build-binaries
name: Upload release to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/safety
permissions:
id-token: write # Required for trusted publishing
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build
- name: Build package
run: python -m build
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1

create-gh-release:
needs: deploy-pypi
runs-on: ubuntu-20.04
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
permissions:
contents: write
steps:
- uses: actions/checkout@v2
- uses: ncipollo/release-action@v1
with:
artifacts: "dist/*"
draft: True
47 changes: 47 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# .github/workflows/release.yml
name: Release

on:
schedule:
- cron: "0 0 * * 0" # Weekly on Sunday
workflow_dispatch:

jobs:
check-and-bump:
runs-on: ubuntu-latest
outputs:
bumped: ${{ steps.bump.outputs.bumped }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.11"

- name: Install hatch
run: pip install hatch

- name: Version bump
id: bump
run: |
if hatch bump; then
echo "bumped=true" >> $GITHUB_OUTPUT
else
echo "bumped=false" >> $GITHUB_OUTPUT
fi
- name: Push changes
if: steps.bump.outputs.bumped == 'true'
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
git push
release:
needs: check-and-bump
if: needs.check-and-bump.outputs.bumped == 'true'
uses: ./.github/workflows/reusable-release.yml
secrets: inherit
Loading

0 comments on commit 0d5cb0b

Please sign in to comment.