[pre-commit.ci] pre-commit autoupdate #126
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| paths-ignore: | |
| - "**.md" | |
| - "docs/**" | |
| - "docsrc/**" | |
| jobs: | |
| pypi: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Build goosebit package ${{ github.event_name != 'pull_request' && 'and push to PyPI' || '' }} | |
| uses: JRubics/poetry-publish@7100bd02517e9f82452e6247849042f6c74dde04 # v2.0 | |
| with: | |
| pypi_token: ${{ github.event_name == 'pull_request' && 'none' || secrets.PYPI_API_KEY }} | |
| poetry_publish_options: ${{ github.event_name == 'pull_request' && '--dry-run' || '' }} | |
| - name: Build goosebit-simple-stats package ${{ github.event_name != 'pull_request' && 'and push to PyPI' || '' }} | |
| uses: JRubics/poetry-publish@7100bd02517e9f82452e6247849042f6c74dde04 # v2.0 | |
| with: | |
| pypi_token: ${{ github.event_name == 'pull_request' && 'none' || secrets.PYPI_API_KEY }} | |
| poetry_publish_options: --skip-existing ${{ github.event_name == 'pull_request' && '--dry-run' || '' }} | |
| package_directory: plugins/goosebit_simple_stats | |
| - name: Build goosebit-forwarded-header package ${{ github.event_name != 'pull_request' && 'and push to PyPI' || '' }} | |
| uses: JRubics/poetry-publish@7100bd02517e9f82452e6247849042f6c74dde04 # v2.0 | |
| with: | |
| pypi_token: ${{ github.event_name == 'pull_request' && 'none' || secrets.PYPI_API_KEY }} | |
| poetry_publish_options: --skip-existing ${{ github.event_name == 'pull_request' && '--dry-run' || '' }} | |
| package_directory: plugins/goosebit_forwarded_header | |
| docker: | |
| needs: pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set GOOSEBIT_VERSION env var | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| if [ $GITHUB_REF_TYPE = tag ]; then | |
| tag=$GITHUB_REF_NAME | |
| else | |
| echo "This job is only supposed to be run for Git tags" | |
| exit 1 | |
| fi | |
| echo "GOOSEBIT_VERSION=${tag#v}" >> $GITHUB_ENV | |
| - name: Wait for PyPI package to become available | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| while [ "$(curl -Ss https://pypi.org/pypi/goosebit/json | | |
| jq ".releases | has(\"$GOOSEBIT_VERSION\")")" != "true" ] | |
| do | |
| sleep 1 | |
| done | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| - name: Log in to Docker Hub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 | |
| with: | |
| images: upstreamdata/goosebit | |
| - name: Build Docker image ${{ github.event_name != 'pull_request' && 'and push to registry' || '' }} | |
| id: push | |
| uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 | |
| with: | |
| context: ${{ github.event_name == 'pull_request' && '.' || 'docker' }} | |
| file: ${{ github.event_name == 'pull_request' && 'docker/dev.dockerfile' || 'docker/Dockerfile' }} | |
| build-args: GOOSEBIT_VERSION=${{ env.GOOSEBIT_VERSION }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: mode=max | |
| sbom: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| github: | |
| if: github.event_name != 'pull_request' | |
| needs: docker | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Publish GH release | |
| uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 | |
| with: | |
| generate_release_notes: true |