Skip to content

Commit a4ab69b

Browse files
TheLandolorienTheLandolorien
authored
chore: Auto-bump package version on pull request merge (#24)
2 parents d808361 + e662f6c commit a4ab69b

1 file changed

Lines changed: 46 additions & 14 deletions

File tree

.github/workflows/delivery.yml

Lines changed: 46 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,15 @@ env:
1111
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
1212

1313
jobs:
14-
test:
14+
release:
1515
if: github.event.pull_request.merged == true
1616
runs-on: ubuntu-latest
1717

1818
steps:
1919
- name: Checkout Source Code
2020
uses: actions/checkout@v4
21+
with:
22+
token: ${{ secrets.GH_TOKEN }}
2123

2224
- name: Install Poetry
2325
run: pipx install poetry
@@ -28,25 +30,55 @@ jobs:
2830
cache: "poetry"
2931

3032
- name: Install Python Dependencies
31-
run: poetry install
33+
run: poetry install --no-ansi --without dev
3234

3335
- name: Run End-to-End Tests
3436
run: poetry run pytest tests/e2e
3537

36-
- name: Bump Version
37-
id: bump-version
38+
- name: Configure GPG
3839
run: |
39-
package_version="$(poetry version ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }} --short)"
40-
git config user.name ccc-service-account
41-
git config user.email service@cloudcitycrafted.io
42-
git commit -am "chore: Bump package version to v$package_version"
43-
git push
44-
echo "new-version=$package_version" >> $GITHUB_OUTPUT
40+
mkdir -p "$HOME/.gnupg"
41+
echo "default-cache-ttl 21600" >> "$HOME/.gnupg/gpg-agent.conf"
42+
echo "allow-preset-passphrase" >> "$HOME/.gnupg/gpg-agent.conf"
43+
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
44+
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
45+
gpg-connect-agent RELOADAGENT /bye
46+
47+
- name: Configure Git
48+
id: configure-git
49+
env:
50+
GPG_PRIVATE_KEY: ${{ secrets.SERVICE_ACCOUNT_GPG_PRIVATE_KEY }}
51+
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.SERVICE_ACCOUNT_GPG_PASSPHRASE }}
52+
SERVICE_ACCOUNT_USERNAME: ${{ vars.SERVICE_ACCOUNT_USERNAME }}
53+
SERVICE_ACCOUNT_EMAIL_ADDRESS: ${{ vars.SERVICE_ACCOUNT_EMAIL_ADDRESS }}
54+
run: |
55+
echo "$GPG_PRIVATE_KEY" | gpg --import --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE"
56+
key_metadata=$(gpg --with-colons --with-keygrip --list-secret-keys $SERVICE_ACCOUNT_EMAIL_ADDRESS)
57+
key_id=$(echo "$key_metadata" | awk -F: 'NR == 1 { print $5 }')
58+
key_fingerprint=$(echo "$key_metadata" | awk -F: 'NR == 2 { print $10 }')
59+
key_grip=$(echo "$key_metadata" | awk -F: 'NR == 3 { print $10 }')
60+
echo "$GPG_PRIVATE_KEY_PASSPHRASE" | "$(gpgconf --list-dirs libexecdir)"/gpg-preset-passphrase --preset $key_grip
4561
46-
- name: Build Package
47-
run: poetry build
62+
git config --global user.name $SERVICE_ACCOUNT_USERNAME
63+
git config --global user.email $SERVICE_ACCOUNT_EMAIL_ADDRESS
64+
git config --global user.signingkey $key_id
65+
git config --global commit.gpgsign true
66+
git config --global tag.gpgsign true
67+
68+
echo "gpg-key-fingerprint=$key_fingerprint" >> $GITHUB_OUTPUT
4869
4970
- name: Create GitHub Release
50-
run: gh release create --generate-notes --latest 'v${{ steps.bump-version.outputs.new-version }}' ./dist/*.tar.gz
5171
env:
52-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
72+
GH_TOKEN: ${{ secrets.GH_TOKEN }}
73+
BUMP_TYPE: ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }}
74+
run: |
75+
package_version="$(poetry version $BUMP_TYPE --short)"
76+
poetry build
77+
git commit -am "chore: Bump package version to v$package_version" --no-verify
78+
git push
79+
gh release create --generate-notes "v$package_version" "./dist/*$package_version0*"
80+
81+
- name: Clean Up GPG Credentials
82+
env:
83+
GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.configure-git.outputs.gpg-key-fingerprint }}
84+
run: echo $GPG_PRIVATE_KEY_FINGERPRINT | xargs gpg --batch --yes --delete-secret-and-public-keys

0 commit comments

Comments
 (0)