-
Notifications
You must be signed in to change notification settings - Fork 1
121 lines (113 loc) · 4.25 KB
/
stable.yml
File metadata and controls
121 lines (113 loc) · 4.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
name: Stable release
on:
workflow_dispatch:
schedule:
- cron: "12 * * * *"
permissions:
contents: write
id-token: write
jobs:
tags:
runs-on: ubuntu-latest
steps:
- id: app-token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
with:
app-id: "${{ secrets.GH_APP_ID }}"
private-key: "${{ secrets.GH_APP_PRIVATE_KEY }}"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
token: "${{ steps.app-token.outputs.token }}"
- id: tags
name: Get list of missing tags
run: |
tags="$(gh --repo goauthentik/authentik release list --exclude-drafts --json tagName --jq '.[].tagName' |
tac |
while read -r tag; do
if ! git show "$tag" >/dev/null 2>/dev/null; then
echo "$tag"
fi
done | jq -R -s -c 'split("\n") | map(select(length > 0))')"
should_run="$([ "$(echo "$tags" | jq '.|length')" -eq 0 ] && echo false || echo true)"
echo "tags=$tags" >> "$GITHUB_OUTPUT"
echo "should_run=$should_run" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
outputs:
tags: "${{ steps.tags.outputs.tags }}"
should_run: "${{ steps.tags.outputs.should_run }}"
release:
runs-on: ubuntu-latest
needs:
- tags
if: "${{ needs.tags.outputs.should_run == 'true' }}"
strategy:
fail-fast: false
max-parallel: 1
matrix:
tag: "${{ fromJson(needs.tags.outputs.tags) }}"
steps:
- id: app-token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
with:
app-id: "${{ secrets.GH_APP_ID }}"
private-key: "${{ secrets.GH_APP_PRIVATE_KEY }}"
- id: get-user-id
name: Get GitHub app user ID
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
token: "${{ steps.app-token.outputs.token }}"
path: client-python
- name: Install python and dependencies
run: |
pipx install poetry || true
- name: Setup Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: client-python/pyproject.toml
- name: Fetch schema
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: goauthentik/authentik
token: "${{ steps.app-token.outputs.token }}"
ref: "${{ matrix.tag }}"
path: authentik
sparse-checkout: |
schema.yml
sparse-checkout-cone-mode: false
- name: Publish
working-directory: client-python
run: |
tag="${{ matrix.tag }}"
version="$(echo -n "$tag" | sed 's/version\///')"
branch="$(echo -n "$tag" | sed 's/\//-/' | grep -oE "^version-[0-9]{4}\.[0-9]{1,2}")"
if ! git ls-remote --heads origin "$branch" | grep -q "$branch"; then
git checkout -b "$branch"
else
git checkout "$branch"
fi
make version="$version"
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
git add .
git commit -m "Version $version" || exit 0
git tag "$tag"
git push origin "$branch"
git push --tags
gh release create "$tag" --latest --title "$version"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
- name: Build package
working-directory: client-python
run: |
poetry build
- name: Publish to PyPi
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
with:
packages-dir: client-python/dist/