v2.4.2 #121
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.13' | |
| - name: Install build tooling | |
| uses: ./.github/actions/setup-hatch | |
| - name: Get Version | |
| id: version | |
| env: | |
| REF_NAME: ${{ github.ref_name }} | |
| run: | | |
| RAW_VERSION=$(hatch version) | |
| echo "VERSION=$RAW_VERSION" >> $GITHUB_ENV | |
| if [ "v$RAW_VERSION" != "$REF_NAME" ]; then | |
| echo "Error: Git tag ($REF_NAME) does not match hatch version (v$RAW_VERSION)" | |
| exit 1 | |
| fi | |
| - name: Check if version exists on PyPI | |
| id: version_check | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| if curl -s -f https://pypi.org/pypi/socketsecurity/$VERSION/json > /dev/null; then | |
| echo "Version ${VERSION} already exists on PyPI" | |
| echo "pypi_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Version ${VERSION} not found on PyPI - proceeding with PyPI deployment" | |
| echo "pypi_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check Docker image existence | |
| id: docker_check | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| if curl -s -f "https://hub.docker.com/v2/repositories/socketdev/cli/tags/${VERSION}" > /dev/null; then | |
| echo "Docker image socketdev/cli:${VERSION} already exists" | |
| echo "docker_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "docker_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build package | |
| if: steps.version_check.outputs.pypi_exists != 'true' | |
| run: | | |
| pip install hatchling | |
| hatch build | |
| - name: Publish to PyPI | |
| if: steps.version_check.outputs.pypi_exists != 'true' | |
| uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 | |
| - name: Set up Docker publishing | |
| uses: ./.github/actions/setup-docker | |
| with: | |
| dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Verify package is installable | |
| id: verify_package | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| for i in {1..30}; do | |
| if pip install socketsecurity==${VERSION}; then | |
| echo "Package ${VERSION} is now available and installable on PyPI" | |
| pip uninstall -y socketsecurity | |
| echo "success=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| echo "Attempt $i: Package not yet installable, waiting 20s... (${i}/30)" | |
| sleep 20 | |
| done | |
| echo "success=false" >> $GITHUB_OUTPUT | |
| exit 1 | |
| - name: Build & Push Docker | |
| if: | | |
| steps.verify_package.outputs.success == 'true' && | |
| steps.docker_check.outputs.docker_exists != 'true' | |
| uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| with: | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: | | |
| socketdev/cli:latest | |
| socketdev/cli:${{ env.VERSION }} | |
| build-args: | | |
| CLI_VERSION=${{ env.VERSION }} |