Merge pull request #36 from advanced-security/workflow-releases

Release Workflows

Author: GeekMasher

.github/workflows/dependency-review.yml

@@ -38,14 +38,14 @@ jobs:
             echo "No local configuration file found"
             echo "Using configuration file from advanced-security/reusable-workflows repository"
 
-            echo "config=advanced-security/reusable-workflows/.github/dependency-review.yml@main" >> $GITHUB_STATE
+            echo "config=advanced-security/reusable-workflows/.github/dependency-review.yml@v0.1.0" >> $GITHUB_STATE
 
           fi
 
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
         with:
           # this value can also be hardcoded to a remote repository
-          # Example: advanced-security/reusable-workflows/.github/dependency-review.yml@main
+          # Example: advanced-security/reusable-workflows/.github/dependency-review.yml@v0.1.0
           config-file: ${{ steps.config.outputs.config }}
           comment-summary-in-pr: "always"

.github/workflows/python-release.yml

@@ -57,7 +57,7 @@ jobs:
           fi
 
   github-release:
-    uses: advanced-security/reusable-workflows/.github/workflows/release.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.1.0
     needs: [ version-changes ]
     if: ${{ needs.version-changes.outputs.release == 'true' }}
     secrets: inherit

.github/workflows/python.yml

@@ -26,22 +26,22 @@ on:
 jobs:
   # Run the tests on all supported versions of Python
   testing:
-    uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@v0.1.0
     secrets: inherit
     with:
       versions: ${{ inputs.versions }}
 
   # Run linters on the codebase
   linting:
-    uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@v0.1.0
     needs: [ testing ]
     secrets: inherit
     with:
       versions: ${{ inputs.versions }}
 
   # Vendor the dependencies into the repository if needed
   vendoring:
-    uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@v0.1.0
     needs: [ testing, linting ]
     if: ${{ inputs.vendor == 'true' }}
     secrets: inherit
@@ -51,7 +51,7 @@ jobs:
 
   # Release a new version of the package
   release:
-    uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@v0.1.0
     needs: [ testing, linting ]
     secrets: inherit
     with:

.github/workflows/release.yml

@@ -0,0 +1,82 @@
+# GitHub Releasing Workflow
+name: GitHub - Release
+
+on:
+  workflow_distach:
+    inputs:
+      bump:
+        type: choice
+        description: "The type of version bump to perform"
+        options: 
+          - patch
+          - minor
+          - major
+
+  workflow_call:
+    inputs:
+      version:
+        description: "The version to release"
+        required: true
+        type: string
+
+permissions:
+  contents: write
+
+jobs:
+  release-next:
+    runs-on: ubuntu-latest
+    # If the workflow was triggered by workflow_dispatch
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v3
+
+      - name: "Patch Release Me"
+        uses: 42ByteLabs/patch-release-me@0.3.0
+        with:
+          mode: ${{ github.event.inputs.bump }}
+
+      - name: "Create Release"
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ github.token }}
+          commit-message: "[chore]: Create release for ${{ github.event.inputs.version }}"
+          title: "[chore]: Create release for ${{ github.event.inputs.version }}"
+          branch: chore-release-${{ github.event.inputs.version }}
+          base: ${{ github.event.before }}
+          labels: version
+          body: |
+            This is an automated PR to create a new release. The release will be created once this PR is merged.
+
+  release:
+    runs-on: ubuntu-latest
+    # If the workflow was triggered by a workflow call and the version is not null
+    if: ${{ github.event_name == 'workflow_call' && github.event.inputs.version != null }}
+    steps:
+      # https://github.com/peter-murray/semver-data-action
+      - name: Parse SemVer
+        id: version
+        uses: peter-murray/semver-action@v1
+        with:
+          version: ${{ inputs.version }}
+
+      # Tags :: ${Full}, v${Major}, v${Major}.${Minor}, v${Major}.${Minor}.${Patch}
+      - name: "GitHub Release"
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+
+          git tag "${{ steps.version.outputs.version }}" --force
+          git tag "v${{ steps.version.outputs.major }}" --force
+          git tag "v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}" --force
+          git tag "v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}.${{ steps.version.outputs.patch }}" --force
+
+          git push origin ${{ github.ref_name }}
+          git push origin --tags --force
+
+          gh release create --latest --generate-notes \
+            --title "v${{ steps.version.outputs.version }}" \
+            "${{ steps.version.outputs.version }}"
+      

.github/workflows/self-dependency-review.yml

@@ -19,5 +19,5 @@ permissions:
 
 jobs:
   dependency-review:
-    uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@main
+    uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@v0.1.0
     secrets: inherit

.github/workflows/self-release.yml

@@ -0,0 +1,45 @@
+name: "Self - Release"
+
+on:
+  push:
+    branches: ["main"]
+
+permissions:
+  contents: write
+
+jobs:
+  fetch-release:
+    runs-on: ubuntu-latest
+    outputs:
+      release: ${{ steps.version-changes.outputs.release }}
+      version: ${{ steps.version-changes.outputs.version }}
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: "Fetch Release"
+        id: version-changes
+        run: |
+          set -e
+
+          pip install yq
+
+          current_version=$(cat .release.yml | yq -r ".version")
+          released_version=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/:owner/:repo/releases/latest | jq -r ".tag_name")
+
+          if [[ "$current_version" == "NA" || "$current_version" == "$released_version" ]]; then
+            echo "No new release found"
+            echo "release=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "New release found"
+            echo "version=$current_version" >> "$GITHUB_OUTPUT"
+            echo "release=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  release:
+    uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.1.0
+    needs: [ fetch-release ]
+    if: ${{ needs.fetch-release.outputs.release == 'true' }}
+    secrets: inherit
+    with:
+      version: ${{ needs.fetch-release.outputs.version }}

.release.yml

@@ -0,0 +1,11 @@
+name: "reusable-workflows"
+version: "0.1.0"
+
+locations:
+  - name: "Actions Versions"
+    paths:
+      - '.github/workflows/*.yml'
+      - 'wiki/*.md'
+    patterns:
+      # Actions
+      - 'advanced-security/reusable-workflows/.github/workflows/.*\.yml@v([0-9]\.[0-9]\.[0-9])'

wiki/Build-Container.md

@@ -15,7 +15,7 @@ This workflow does the following:
 **Simple:**
 
 ```yaml
-uses: advanced-security/reusable-workflows/.github/workflows/container.yml@main
+uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.1.0
 secrets: inherit
 with:
   # This is used for tagging the container image.
@@ -26,7 +26,7 @@ with:
 **With Settings:**
 
 ```yaml
-uses: advanced-security/reusable-workflows/.github/workflows/container.yml@main
+uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.1.0
 secrets: inherit
 with:
   # This is used for tagging the container image

wiki/Build-Python.md

@@ -15,13 +15,13 @@ The Action will try to determine how to install, build, test, and lint your proj
 **Simple:**
 
 ```yaml
-uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@main
+uses: advanced-security/reusable-workflows/.github/workflows/python.yml@v0.1.0
 ```
 
 **With Settings:**
 
 ```yaml
-uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@main
+uses: advanced-security/reusable-workflows/.github/workflows/python-build.yml@v0.1.0
 with:
   install: true  # Install dependencies (default is true)
   build: false   # Build the project

wiki/Linting-Markdown.md

@@ -9,6 +9,6 @@ Lint markdown files in your repository.
 **Simple:**
 
 ```yaml
-uses: advanced-security/reusable-workflows/.github/workflows/markdown-lint.yml@main
+uses: advanced-security/reusable-workflows/.github/workflows/markdown-lint.yml@v0.1.0
 secrets: inherit
 ```