From d808361bdefc1233780747c0f1663fef828dd755 Mon Sep 17 00:00:00 2001 From: Lando Toothman <25360446+TheLandolorien@users.noreply.github.com> Date: Mon, 25 Sep 2023 21:40:55 -0400 Subject: [PATCH 1/4] chore: Only trigger integration runs on PR changes --- .github/workflows/integration.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 2d4c457..89b74b1 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -5,10 +5,6 @@ on: pull_request: - push: - branches: - - "main" - jobs: check: runs-on: ubuntu-latest From e77c819978f151a9856d177b6373098422fc00ea Mon Sep 17 00:00:00 2001 From: Lando Toothman <25360446+TheLandolorien@users.noreply.github.com> Date: Mon, 2 Oct 2023 17:15:55 -0400 Subject: [PATCH 2/4] chore: Auto-bump version on PR merge --- .github/workflows/delivery.yml | 56 ++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml index 67494ca..bebbdcf 100644 --- a/.github/workflows/delivery.yml +++ b/.github/workflows/delivery.yml @@ -11,13 +11,15 @@ env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} jobs: - test: + release: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - name: Checkout Source Code uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} - name: Install Poetry run: pipx install poetry @@ -28,25 +30,53 @@ jobs: cache: "poetry" - name: Install Python Dependencies - run: poetry install + run: poetry install --no-ansi --without dev - name: Run End-to-End Tests run: poetry run pytest tests/e2e - - name: Bump Version - id: bump-version + - name: Configure GPG run: | - package_version="$(poetry version ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }} --short)" - git config user.name ccc-service-account - git config user.email service@cloudcitycrafted.io - git commit -am "chore: Bump package version to v$package_version" - git push - echo "new-version=$package_version" >> $GITHUB_OUTPUT + mkdir -p "$HOME/.gnupg" + echo "default-cache-ttl 21600" >> "$HOME/.gnupg/gpg-agent.conf" + echo "allow-preset-passphrase" >> "$HOME/.gnupg/gpg-agent.conf" + find "$HOME/.gnupg" -type f -exec chmod 600 {} \; + find "$HOME/.gnupg" -type d -exec chmod 700 {} \; + gpg-connect-agent RELOADAGENT /bye + + - name: Configure Git + id: configure-git + env: + GPG_PRIVATE_KEY: ${{ secrets.SERVICE_ACCOUNT_GPG_PRIVATE_KEY }} + GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.SERVICE_ACCOUNT_GPG_PASSPHRASE }} + run: | + echo "$GPG_PRIVATE_KEY" | gpg --import --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE" + key_metadata=$(gpg --with-colons --with-keygrip --list-secret-keys $SERVICE_ACCOUNT_EMAIL_ADDRESS) + key_id=$(echo "$key_metadata" | awk -F: 'NR == 1 { print $5 }') + key_fingerprint=$(echo "$key_metadata" | awk -F: 'NR == 2 { print $10 }') + key_grip=$(echo "$key_metadata" | awk -F: 'NR == 3 { print $10 }') + echo "$GPG_PRIVATE_KEY_PASSPHRASE" | "$(gpgconf --list-dirs libexecdir)"/gpg-preset-passphrase --preset $key_grip - - name: Build Package - run: poetry build + git config --global user.name $SERVICE_ACCOUNT_USERNAME + git config --global user.email $SERVICE_ACCOUNT_EMAIL_ADDRESS + git config --global user.signingkey $key_id + git config --global commit.gpgsign true + git config --global tag.gpgsign true + + echo "gpg-key-fingerprint=$key_fingerprint" >> $GITHUB_OUTPUT - name: Create GitHub Release - run: gh release create --generate-notes --latest 'v${{ steps.bump-version.outputs.new-version }}' ./dist/*.tar.gz env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BUMP_TYPE: ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }} + run: | + package_version="$(poetry version $BUMP_TYPE --short)" + poetry build + git commit -am "chore: Bump package version to v$package_version" --no-verify + git push + gh release create --generate-notes "v$package_version" "./dist/*$package_version0*" + + - name: Clean Up GPG Credentials + env: + GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.configure-git-gpg.outputs.gpg-key-fingerprint }} + run: echo $GPG_PRIVATE_KEY_FINGERPRINT | xargs gpg --batch --yes --delete-secret-and-public-keys From f7e54b0385eb76d55329e92a81048cbb3c01c622 Mon Sep 17 00:00:00 2001 From: Lando Toothman <25360446+TheLandolorien@users.noreply.github.com> Date: Mon, 2 Oct 2023 20:48:17 -0400 Subject: [PATCH 3/4] chore: Fix reference to configure-git step --- .github/workflows/delivery.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml index bebbdcf..dd27671 100644 --- a/.github/workflows/delivery.yml +++ b/.github/workflows/delivery.yml @@ -78,5 +78,5 @@ jobs: - name: Clean Up GPG Credentials env: - GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.configure-git-gpg.outputs.gpg-key-fingerprint }} + GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.configure-git.outputs.gpg-key-fingerprint }} run: echo $GPG_PRIVATE_KEY_FINGERPRINT | xargs gpg --batch --yes --delete-secret-and-public-keys From 8effe6205bb8e9c089edb869b2551c95207c7102 Mon Sep 17 00:00:00 2001 From: Lando Toothman <25360446+TheLandolorien@users.noreply.github.com> Date: Mon, 2 Oct 2023 20:57:34 -0400 Subject: [PATCH 4/4] fix: Service account variable imports --- .github/workflows/delivery.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml index dd27671..8ed44be 100644 --- a/.github/workflows/delivery.yml +++ b/.github/workflows/delivery.yml @@ -49,6 +49,8 @@ jobs: env: GPG_PRIVATE_KEY: ${{ secrets.SERVICE_ACCOUNT_GPG_PRIVATE_KEY }} GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.SERVICE_ACCOUNT_GPG_PASSPHRASE }} + SERVICE_ACCOUNT_USERNAME: ${{ vars.SERVICE_ACCOUNT_USERNAME }} + SERVICE_ACCOUNT_EMAIL_ADDRESS: ${{ vars.SERVICE_ACCOUNT_EMAIL_ADDRESS }} run: | echo "$GPG_PRIVATE_KEY" | gpg --import --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE" key_metadata=$(gpg --with-colons --with-keygrip --list-secret-keys $SERVICE_ACCOUNT_EMAIL_ADDRESS)