-
Notifications
You must be signed in to change notification settings - Fork 0
/
_release_and_tag.yml
118 lines (103 loc) · 4.17 KB
/
_release_and_tag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Reusable release and tag workflow
on:
workflow_call:
inputs:
publish_on_pypi:
description: Upload on pypi public index
type: boolean
required: false
default: false
publish_on_test_pypi:
description: Upload on test pypi public index
type: boolean
required: false
default: false
publish_on_npm:
description: Upload on npm public index
type: boolean
required: false
default: false
publish_on_twitter:
description: Publish changelog on twitter
type: boolean
required: false
default: false
twitter_message:
description: Twitter message to append after changelog (i.e. tags)
type: string
required: false
default: #CyberSecurity
jobs:
release_and_tag:
name: Create release and tag
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags
- name: Check Tag
id: check-tag
run: |
if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
fi
- name: Create Tag and Release
id: create-release
if: steps.check-tag.outputs.match == 'true'
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.event.pull_request.title }}
name: Version ${{ github.event.pull_request.title }}
draft: false
generate_release_notes: true
prerelease: false
target_commitish: ${{ github.base_ref }}
append_body: true
- name: Checkout created tag
uses: actions/checkout@v4
if: steps.check-tag.outputs.match == 'true' && ( inputs.publish_on_test_pypi || inputs.publish_on_pypi)
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags
- uses: actions/setup-python@v4
if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi)
with:
python-version: "3.x"
- name: Install pypa/build
if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi)
run: |
python -m pip install build --user
- name: Build a binary wheel and a source tarball
if: steps.check-tag.outputs.match == 'true' && (inputs.publish_on_pypi || inputs.publish_on_test_pypi)
run: |
python -m build --sdist --wheel --outdir dist/
- name: Publish to test PyPi
uses: pypa/gh-action-pypi-publish@release/v1
if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_test_pypi
with:
user: __token__
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
- name: Publish to PyPi
uses: pypa/gh-action-pypi-publish@release/v1
if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_pypi
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
- uses: actions/setup-node@v4
if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_npm
with:
node-version: 20
registry-url: 'https://registry.npmjs.org'
scope: '@certego'
- run: npm publish --access public
if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_API_TOKEN }}
- uses: infraway/[email protected]
if: steps.check-tag.outputs.match == 'true' && inputs.publish_on_twitter
with:
status: published #IntelOwl ${{github.ref}}! full changelog here: ${GITHUB_SERVER_URL}/${GITHUB_ACTION_REPOSITORY}/blob/${{github.base_ref}}/.github/CHANGELOG.md ${{inputs.twitter_message}}
api_key: ${{ secrets.TWITTER_API_KEY }}
api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}