This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reusable release and tag workflow | |
| on: | |
| workflow_call: | |
| inputs: | |
| publish_on_pypi: | |
| description: Upload on pypi public index | |
| type: boolean | |
| required: false | |
| default: false | |
| publish_on_test_pypi: | |
| description: Upload on test pypi public index | |
| type: boolean | |
| required: false | |
| default: false | |
| publish_on_npm: | |
| description: Upload on npm public index | |
| type: boolean | |
| required: false | |
| default: false | |
| publish_on_twitter: | |
| description: Publish changelog on twitter | |
| type: boolean | |
| required: false | |
| default: false | |
| twitter_message: | |
| description: Twitter message to append after changelog (i.e. tags) | |
| type: string | |
| required: false | |
| default: #CyberSecurity | |
| publish_on_ecr: | |
| description: Publish on ecr | |
| type: boolean | |
| required: false | |
| default: false | |
| repository: | |
| description: todo | |
| type: string | |
| required: false | |
| dockerfile: | |
| description: todo | |
| type: string | |
| required: false | |
| aws_region: | |
| description: todo | |
| type: string | |
| required: false | |
| default: eu-central-1 | |
| jobs: | |
| release_and_tag: | |
| name: Create release and tag | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.merged == true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # otherwise, you do not retrieve the tags | |
| - name: Push on ecr branch | |
| uses: ./.github/actions/push_on_ecr | |
| env: | |
| TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} | |
| with: | |
| repository: ${{ inputs.repository }} | |
| aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} | |
| aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} | |
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| dockerfile: ${{ inputs.dockerfile }} | |
| image_tag: $TAG | |
| aws_region: ${{ inputs.aws_region }} | |
| - name: Check Tag | |
| id: check-tag | |
| if: github.base_ref == 'master' || github.base_ref == 'main' | |
| run: | | |
| if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "match=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create Tag and Release | |
| id: create-release | |
| if: steps.check-tag.outputs.match == 'true' | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ github.event.pull_request.title }} | |
| name: Version ${{ github.event.pull_request.title }} | |
| draft: false | |
| generate_release_notes: true | |
| prerelease: false | |
| target_commitish: ${{ github.base_ref }} | |
| append_body: true | |
| - name: Checkout created tag | |
| uses: actions/checkout@v4 | |
| if: steps.check-tag.outputs.match == 'true' && ( inputs.publish_on_test_pypi || inputs.publish_on_pypi) | |
| with: | |
| fetch-depth: 0 # otherwise, you do not retrieve the tags | |
| - uses: actions/setup-python@v1 | |
| if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi) | |
| with: | |
| python-version: "3.x" | |
| - name: Install pypa/build | |
| if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi) | |
| run: | | |
| python -m pip install build --user | |
| - name: Build a binary wheel and a source tarball | |
| if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi) | |
| run: | | |
| python -m build --sdist --wheel --outdir dist/ | |
| - name: Publish to test PyPi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_test_pypi | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
| - name: Publish to PyPi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_pypi | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| - uses: actions/setup-node@v3 | |
| if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_npm | |
| with: | |
| node-version: '18.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| scope: '@certego' | |
| - run: npm publish --access public | |
| if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_npm | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_API_TOKEN }} | |
| - uses: infraway/[email protected] | |
| if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_twitter | |
| with: | |
| status: published #IntelOwl ${{github.ref}}! full changelog here: ${GITHUB_SERVER_URL}/${GITHUB_ACTION_REPOSITORY}/blob/${{github.base_ref}}/.github/CHANGELOG.md ${{inputs.twitter_message}} | |
| api_key: ${{ secrets.TWITTER_API_KEY }} | |
| api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} | |
| access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} | |
| access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} | |
| - name: Push on ecr tag | |
| if: steps.check-tag.outputs.match == 'true' | |
| with: | |
| repository: ${{ inputs.repository }} | |
| aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} | |
| aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} | |
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| dockerfile: ${{ inputs.dockerfile }} | |
| image_tag: ${{ github.event.pull_request.title }} | |
| aws_region: ${{ inputs.aws_region }} |