v2.0.39 #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| # Install all dependencies from pyproject.toml | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install hatchling==1.27.0 hatch==1.14.0 | |
| - name: Get Version | |
| id: version | |
| run: | | |
| RAW_VERSION=$(hatch version) | |
| echo "VERSION=$RAW_VERSION" >> $GITHUB_ENV | |
| if [ "v$RAW_VERSION" != "${{ github.ref_name }}" ]; then | |
| echo "Error: Git tag (${{ github.ref_name }}) does not match hatch version (v$RAW_VERSION)" | |
| exit 1 | |
| fi | |
| - name: Check if version exists on PyPI | |
| id: version_check | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| if curl -s -f https://pypi.org/pypi/socketsecurity/$VERSION/json > /dev/null; then | |
| echo "Version ${VERSION} already exists on PyPI" | |
| echo "pypi_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Version ${VERSION} not found on PyPI - proceeding with PyPI deployment" | |
| echo "pypi_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check Docker image existence | |
| id: docker_check | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| if curl -s -f "https://hub.docker.com/v2/repositories/socketdev/cli/tags/${{ env.VERSION }}" > /dev/null; then | |
| echo "Docker image socketdev/cli:${VERSION} already exists" | |
| echo "docker_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "docker_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build package | |
| if: steps.version_check.outputs.pypi_exists != 'true' | |
| run: | | |
| pip install hatchling | |
| hatch build | |
| - name: Publish to PyPI | |
| if: steps.version_check.outputs.pypi_exists != 'true' | |
| uses: pypa/[email protected] | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Verify package is installable | |
| id: verify_package | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| for i in {1..30}; do | |
| if pip install socketsecurity==${VERSION}; then | |
| echo "Package ${VERSION} is now available and installable on PyPI" | |
| pip uninstall -y socketsecurity | |
| echo "success=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| echo "Attempt $i: Package not yet installable, waiting 20s... (${i}/30)" | |
| sleep 20 | |
| done | |
| echo "success=false" >> $GITHUB_OUTPUT | |
| exit 1 | |
| - name: Build & Push Docker | |
| if: | | |
| steps.verify_package.outputs.success == 'true' && | |
| steps.docker_check.outputs.docker_exists != 'true' | |
| uses: docker/build-push-action@v5 | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| with: | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| socketdev/cli:latest | |
| socketdev/cli:${{ env.VERSION }} | |
| build-args: | | |
| CLI_VERSION=${{ env.VERSION }} |