Application Release #84
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Application Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| build_packages: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install packaging tools | |
| shell: bash | |
| run: | | |
| curl -L https://github.com/goreleaser/nfpm/releases/download/v2.15.0/nfpm_amd64.deb -o nfpm_amd64.deb | |
| sudo dpkg -i nfpm_amd64.deb | |
| pip install shiv==1.0.1 build | |
| - name: Create packages | |
| shell: bash | |
| run: scripts/build-packages/build-packages | |
| - name: Upload packages | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: packages | |
| path: | | |
| dist | |
| packages | |
| push_to_pypi: | |
| needs: build_packages | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Download packages | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: packages | |
| - name: Publish distribution 📦 to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.pypi_password }} | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: build_packages | |
| continue-on-error: true | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| # This is required for `gh release create` to work | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Read info | |
| id: tags | |
| shell: bash | |
| run: | | |
| echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
| - name: Download packages | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: packages | |
| - name: Create release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create --draft ${{ steps.tags.outputs.tag }} | |
| - name: Upload release assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release upload \ | |
| ${{ steps.tags.outputs.tag }} \ | |
| packages/ggshield-*.pyz \ | |
| packages/ggshield_*.deb \ | |
| packages/ggshield-*.rpm | |
| push_to_docker_hub: | |
| name: Push Docker image to Docker Hub | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build and push | |
| uses: docker/build-push-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| repository: gitguardian/ggshield | |
| tag_with_ref: true | |
| tags: latest | |
| push_to_github_packages: | |
| name: Push Docker image to GitHub Packages | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Push to GitHub Packages | |
| uses: docker/build-push-action@v1 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: docker.pkg.github.com | |
| repository: gitguardian/ggshield/ggshield | |
| tag_with_ref: true | |
| tags: latest | |
| push_to_tap: | |
| needs: push_to_pypi | |
| name: Push to GitGuardian taps | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| steps: | |
| - name: Set up Python 3.9 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Checkout Homebrew-tap | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: GitGuardian/homebrew-tap | |
| token: ${{ secrets.PAT_GITHUB }} | |
| - name: Update Homebrew-tap | |
| run: | | |
| version=${GITHUB_REF/refs\/tags\/v/} | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| scripts/update-ggshield --commit "$version" | |
| git push | |
| push_to_cloudsmith: | |
| needs: build_packages | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download packages | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: packages | |
| - name: Install Cloudsmith CLI | |
| run: pip install cloudsmith-cli | |
| - name: Push to Cloudsmith | |
| run: | | |
| scripts/push-to-cloudsmith | |
| env: | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} |