Python package #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Python package | |
on: | |
schedule: | |
- cron: '0 0 * * 0' | |
workflow_dispatch: | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
new_version: ${{ steps.version.outputs.new_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v3 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install setuptools | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
- name: Update Database | |
run: | | |
python ./primeExploitDb.py | |
- name: Extract and increment version using sed and awk | |
id: increment_version | |
run: | | |
version=$(sed -n "s/^ *version=['\"]\([^'\"]*\)['\"],/\1/p" setup.py) | |
new_version=$(echo $version | awk -F. -v OFS=. '{$NF += 1; print}') | |
sed -i "s;$version;$new_version;g" setup.py | |
echo "new_version=$new_version" >> $GITHUB_ENV | |
- name: Update ChangeLog | |
run: | | |
echo "## v${{ env.new_version }} - $(date +'%Y-%m-%d')" >> ChangeLog.md | |
echo "- Last commit by ${{ env.commit_author }}: Updated exploit database mappings" >> ChangeLog.md | |
- name: Commit and push changes | |
run: | | |
git config --local user.email "action@github.com" | |
git config --local user.name "GitHub Action" | |
git add -A | |
git commit -m "Update exploit database mapping, Bump version to ${{ env.new_version }} and update ChangeLogs" | |
git push | |
build: | |
needs: prepare | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [3.11] | |
os: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v3 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install flake8 semgrep setuptools wheel build twine | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
- name: Lint with flake8 | |
run: | | |
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=128 --statistics | |
- name: Security scan with Semgrep | |
run: | | |
semgrep --config=p/r2c | |
- name: Patch version using sed and awk (not because we can't pull the commited update in prepare) | |
run: | | |
version=$(sed -n "s/^ *version=['\"]\([^'\"]*\)['\"],/\1/p" setup.py) | |
new_version=$(echo $version | awk -F. -v OFS=. '{$NF += 1; print}') | |
sed -i "s;$version;$new_version;g" setup.py | |
- name: Build the package | |
run: python setup.py sdist bdist_wheel | |
- name: Build and publish | |
if: success() | |
run: | | |
twine upload dist/* | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
- name: Upload artifacts | |
if: success() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-${{ matrix.python-version }}-${{ matrix.os }} | |
path: dist/* | |
if-no-files-found: error | |
retention-days: 90 |