chore: merge staging to main #minor (#162) #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'cortexapps_cli/**' | |
| - '.github/workflows/publish.yml' | |
| env: | |
| CORTEX_API_KEY: ${{ secrets.CORTEX_API_KEY_PRODUCTION }} | |
| CORTEX_BASE_URL: ${{ vars.CORTEX_BASE_URL }} | |
| DOCKER_USERNAME: jeffschnittercortex | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_ORGANIZATION: cortexapp | |
| jobs: | |
| pypi: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| EMAIL: ${{ steps.git-details.outputs.EMAIL }} | |
| PUSHER: ${{ steps.git-details.outputs.PUSHER }} | |
| SHA: ${{ steps.publish.outputs.SHA }} | |
| URL: ${{ steps.git-details.outputs.URL }} | |
| VERSION: ${{ steps.git-details.outputs.VERSION }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| fetch-depth: 0 | |
| - name: Bump version and push tag | |
| uses: anothrNick/github-tag-action@1.64.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| WITH_V: false | |
| - name: Set up Git | |
| run: | | |
| git config --global user.name "GitHub Actions" | |
| git config --global user.email "actions@github.com" | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry git-changelog | |
| - name: Generate HISTORY.md | |
| run: | | |
| git-changelog -c angular > HISTORY.md | |
| cat HISTORY.md | |
| - name: Commit and Push | |
| run: | | |
| if git diff --exit-code HISTORY.md; then | |
| echo "No changelog update needed" | |
| else | |
| git add HISTORY.md | |
| git commit -m "chore: update HISTORY.md for ${{ github.ref_name }}" | |
| git push | |
| fi | |
| - name: Git details about version | |
| id: git-details | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: | | |
| version=$(git describe --tags --abbrev=0) | |
| echo "VERSION=${version}" >> $GITHUB_ENV | |
| echo "VERSION=${version}" >> $GITHUB_OUTPUT | |
| pusher=$(echo "$GITHUB_CONTEXT" | jq -r ".event.pusher.name") | |
| email=$(echo "$GITHUB_CONTEXT" | jq -r ".event.pusher.email") | |
| echo "PUSHER=${pusher}" >> $GITHUB_OUTPUT | |
| echo "EMAIL=${email}" >> $GITHUB_OUTPUT | |
| echo "URL=https://pypi.org/project/cortexapps-cli/${version}/" >> $GITHUB_OUTPUT | |
| - name: Publish | |
| id: publish | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry version ${{ env.VERSION }} | |
| export SOURCE_DATE_EPOCH=$(date +%s) # https://github.com/cortexapps/cli/issues/121 | |
| poetry build | |
| poetry publish | |
| sha=$(sha256sum dist/*.tar.gz | awk '{ print $1 }') | |
| echo "SHA=${sha}" >> $GITHUB_OUTPUT | |
| pypi-deploy-event: | |
| needs: pypi | |
| runs-on: ubuntu-latest | |
| container: | |
| image: cortexapp/cli:latest | |
| env: | |
| CORTEX_API_KEY: ${{ secrets.CORTEX_API_KEY_PRODUCTION }} | |
| CORTEX_BASE_URL: ${{ vars.CORTEX_BASE_URL }} | |
| steps: | |
| - name: Post pypi deploy event to Cortex | |
| run: | | |
| cat << EOF > /tmp/deploy.json | |
| { | |
| "customData": {}, | |
| "deployer": { | |
| "email": "${{needs.pypi.outputs.EMAIL}}", | |
| "name": "${{needs.pypi.outputs.PUSHER}}" | |
| }, | |
| "environment": "PyPI.org", | |
| "sha": "${{needs.pypi.outputs.SHA}}", | |
| "timestamp": "$(date +'%Y-%m-%dT%H:%M:%S').000Z", | |
| "title": "${{needs.pypi.outputs.VERSION}}", | |
| "type": "DEPLOY", | |
| "url": "${{needs.pypi.outputs.URL}}" | |
| } | |
| EOF | |
| cortex deploys add -t cli -f /tmp/deploy.json | |
| docker: | |
| needs: pypi | |
| runs-on: ubuntu-latest | |
| outputs: | |
| SHA: ${{ steps.build-docker-image.outputs.SHA }} | |
| URL: ${{ steps.build-docker-image.outputs.URL }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get version info | |
| env: | |
| VERSION: ${{needs.pypi.outputs.VERSION}} | |
| run: | | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE=${{ env.DOCKER_ORGANIZATION }}/cli:${VERSION}" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE_LATEST=${{ env.DOCKER_ORGANIZATION }}/cli:latest" >> $GITHUB_ENV | |
| - name: build docker image | |
| id: build-docker-image | |
| working-directory: ./docker | |
| run: | | |
| docker build -t ${{ env.DOCKER_IMAGE }} . | |
| sha=$(docker images --format {{.ID}} --no-trunc ${{ env.DOCKER_ORGANIZATION }}/cli:${{ env.VERSION }}) | |
| echo "SHA=${sha}" >> $GITHUB_OUTPUT | |
| echo "URL=https://hub.docker.com/layers/${{ env.DOCKER_ORGANIZATION }}/cli/${{ env.VERSION }}/images/${sha}" >> $GITHUB_OUTPUT | |
| - name: Run Trivy on Root Image | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.DOCKER_IMAGE }} | |
| format: table | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: CRITICAL,HIGH | |
| - name: push docker image | |
| run: | | |
| docker login -u ${{ env.DOCKER_USERNAME }} -p ${{ env.DOCKER_PASSWORD }} | |
| docker tag ${{ env.DOCKER_IMAGE }} ${{ env.DOCKER_IMAGE_LATEST }} | |
| docker push ${{ env.DOCKER_IMAGE }} | |
| docker push ${{ env.DOCKER_IMAGE_LATEST }} | |
| docker-deploy-event: | |
| needs: | |
| - docker | |
| - pypi | |
| runs-on: ubuntu-latest | |
| container: | |
| image: cortexapp/cli:latest | |
| env: | |
| CORTEX_API_KEY: ${{ secrets.CORTEX_API_KEY_PRODUCTION }} | |
| CORTEX_BASE_URL: ${{ vars.CORTEX_BASE_URL }} | |
| steps: | |
| - name: Post docker deploy event to Cortex | |
| run: | | |
| cat << EOF > /tmp/deploy.json | |
| { | |
| "customData": {}, | |
| "deployer": { | |
| "email": "${{needs.pypi.outputs.EMAIL}}", | |
| "name": "${{needs.pypi.outputs.PUSHER}}" | |
| }, | |
| "environment": "docker", | |
| "sha": "${{needs.docker.outputs.SHA}}", | |
| "timestamp": "$(date +'%Y-%m-%dT%H:%M:%S').000Z", | |
| "title": "${{needs.pypi.outputs.VERSION}}", | |
| "type": "DEPLOY", | |
| "url": "${{needs.docker.outputs.URL}}" | |
| } | |
| EOF | |
| cortex deploys add -t cli -f /tmp/deploy.json | |
| homebrew: | |
| needs: | |
| - pypi | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: mislav/bump-homebrew-formula-action@v3 | |
| with: | |
| formula-name: cortexapps-cli | |
| homebrew-tap: cortexapps/homebrew-tap | |
| tag-name: ${{ needs.pypi.outputs.VERSION }} | |
| download-url: https://pypi.io/packages/source/c/cortexapps_cli/cortexapps_cli-${{ needs.pypi.outputs.VERSION }}.tar.gz | |
| download-sha256: ${{ needs.pypi.outputs.SHA }} | |
| commit-message: | | |
| {{formulaName}} ${{ needs.pypi.outputs.VERSION }} | |
| Created by https://github.com/mislav/bump-homebrew-formula-action | |
| env: | |
| COMMITTER_TOKEN: ${{ secrets.GH_TOKEN }} | |
| homebrew-custom-event: | |
| needs: | |
| - homebrew | |
| - pypi | |
| runs-on: ubuntu-latest | |
| container: | |
| image: cortexapp/cli:latest | |
| env: | |
| CORTEX_API_KEY: ${{ secrets.CORTEX_API_KEY_PRODUCTION }} | |
| CORTEX_BASE_URL: ${{ vars.CORTEX_BASE_URL }} | |
| steps: | |
| - name: Post homebrew deploy event to Cortex | |
| run: | | |
| cat << EOF > /tmp/cortex.json | |
| { | |
| "timestamp": "$(date +'%Y-%m-%dT%H:%M:%S').000Z", | |
| "title": "Update homebrew formula to ${{needs.pypi.outputs.VERSION}}", | |
| "type": "HOMEBREW_UPDATE" | |
| } | |
| EOF | |
| cortex custom-events create -t cli -f /tmp/cortex.json |