Release 1.9.3 #29
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This GitHub workflow will publish the collection | |
# https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ | |
name: publish | |
on: | |
push: # When pushing a tag | |
tags: | |
- "*" | |
jobs: | |
publish: | |
name: Publish the collection | |
if: startsWith(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
steps: | |
#-------- Info gathering and checks | |
- name: Determine pushed tag | |
id: set-tag | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
const result = "${{ github.ref }}".match("refs/tags/(.*)$")[1] | |
console.log(result) | |
return result | |
- name: Check validity of pushed tag | |
run: | | |
if [[ ${{ steps.set-tag.outputs.result }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "Pushed tag '${{ steps.set-tag.outputs.result }}' is valid"; | |
else | |
echo "Pushed tag '${{ steps.set-tag.outputs.result }}' is invalid (must be 'M.N.U')"; | |
false; | |
fi | |
- name: Determine whether releasing the master branch | |
id: set-is-master-branch | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
const resp = await github.rest.git.getRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: "heads/master", | |
}) | |
const result = (resp.data.object.sha == "${{ github.sha }}") | |
console.log(result) | |
return result | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Determine name of stable branch for pushed tag | |
id: set-stable-branch | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
const result = "stable_"+"${{ steps.set-tag.outputs.result }}".match("([0-9]+\.[0-9]+)\.")[1] | |
console.log(result) | |
return result | |
- name: Determine whether releasing stable branch for pushed tag | |
id: set-is-stable-branch | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
var resp | |
try { | |
resp = await github.rest.git.getRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: "heads/${{ steps.set-stable-branch.outputs.result }}", | |
}) | |
} | |
catch(err) { | |
console.log("false (stable branch does not exist: "+err+")") | |
return false | |
} | |
const result = (resp.data.object.sha == "${{ github.sha }}") | |
console.log(result) | |
return result | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check released commit to be master branch or stable branch for pushed tag | |
run: | | |
if [[ ${{ steps.set-is-master-branch.outputs.result }} == 'false' && ${{ steps.set-is-stable-branch.outputs.result }} == 'false' ]]; then | |
echo "Released commit is not 'master' or '${{ steps.set-stable-branch.outputs.result }}' branch"; | |
false; | |
fi | |
- name: Determine update version | |
id: set-update-version | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
const result = "${{ steps.set-tag.outputs.result }}".match("[0-9]+\.[0-9]+\.([0-9]+)")[1] | |
console.log(result) | |
return result | |
- name: Check update version to be 0 when releasing master branch | |
if: ${{ steps.set-is-master-branch.outputs.result == 'true' }} | |
run: | | |
if [[ ${{ steps.set-update-version.outputs.result }} != '0' ]]; then | |
echo "Update version '${{ steps.set-update-version.outputs.result }}' in tag '${{ steps.set-tag.outputs.result }}' is invalid (must be 0 when releasing master branch)"; | |
false; | |
fi | |
- name: Check update version to be non-0 when releasing stable branch for pushed tag | |
if: ${{ steps.set-is-stable-branch.outputs.result == 'true' }} | |
run: | | |
if [[ ${{ steps.set-update-version.outputs.result }} == '0' ]]; then | |
echo "Update version '${{ steps.set-update-version.outputs.result }}' in tag '${{ steps.set-tag.outputs.result }}' is invalid (must be non-0 when releasing stable branch for pushed tag)"; | |
false; | |
fi | |
#-------- Setup of work environment | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Development setup | |
run: | | |
make develop | |
#-------- Final vulnerability checks upon release | |
- name: Run safety | |
env: | |
RUN_TYPE: release | |
run: | | |
make safety | |
- name: Run bandit | |
env: | |
RUN_TYPE: release | |
run: | | |
make bandit | |
#-------- Publishing of documentation | |
- name: Build documentation | |
run: | | |
make docs | |
- name: Set up gh-pages worktree | |
run: | | |
git worktree add gh-pages gh-pages | |
bash -c "cd gh-pages; git fetch" | |
- name: Sync documentation to gh-pages worktree | |
# The file .gh-pages-exclude defines files to be excluded from the sync | |
run: | | |
rm -rf gh-pages/* | |
rm -rf gh-pages/.doctrees | |
rm -f gh-pages/.buildinfo | |
ls -al gh-pages | |
rsync -a --exclude-from=.gh-pages-exclude docs_build/ gh-pages/ | |
- name: Commit changes in the gh-pages branch locally | |
# The git config can specify any user name and email | |
run: | | |
git config --global user.name "GitHub Actions" | |
git config --global user.email "[email protected]" | |
bash -c "cd gh-pages; git add .; git status; git commit -m 'Docs update from PR with commit ${{ github.SHA }}'; true" | |
- name: Push gh-pages branch to upstream repo | |
uses: ad-m/github-push-action@master | |
# From https://github.com/marketplace/actions/github-push | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: gh-pages | |
directory: gh-pages | |
force: true | |
#-------- Publishing of collection | |
- name: Publish collection to Ansible Galaxy | |
uses: artis3n/ansible_galaxy_collection@v2 | |
with: | |
api_key: ${{ secrets.GALAXY_API_KEY }} | |
#-------- Creation of Github release | |
- name: Determine whether release on Github exists for the pushed tag | |
id: set-release-exists | |
uses: octokit/[email protected] | |
with: | |
route: GET /repos/${{ github.repository }}/releases/tags/${{ steps.set-tag.outputs.result }} | |
continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create release on Github for the pushed tag if it does not exist | |
if: ${{ steps.set-release-exists.outputs.status == 404 }} | |
uses: octokit/[email protected] | |
with: | |
route: POST /repos/${{ github.repository }}/releases | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
INPUT_TAG_NAME: ${{ steps.set-tag.outputs.result }} | |
INPUT_NAME: "Release ${{ steps.set-tag.outputs.result }}" | |
INPUT_BODY: "Change log https://zhmcclient.github.io/zhmc-ansible-modules/${{ steps.set-tag.outputs.result }}/release_notes.html" | |
#-------- Creation of stable branch | |
- name: Create new stable branch when releasing master branch | |
if: steps.set-is-master-branch.outputs.result == 'true' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
github.rest.git.createRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: "refs/heads/${{ steps.set-stable-branch.outputs.result }}", | |
sha: "${{ github.sha }}", | |
}) | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |