1+ ---
12name : ci
23
34on :
@@ -15,133 +16,117 @@ on:
1516
1617env :
1718 VAULT_ADDR : https://vault.eng.aserto.com/
18- GO_VERSION : " 1.22"
19+ PYTHON_VERSION : " 3.9"
20+ POETRY_VERSION : " 1.8.3"
21+ TOPAZ_VERSION : " 0.32.38"
1922
2023jobs :
2124 test :
2225 name : Run test
2326 runs-on : ubuntu-latest
2427 steps :
25- - name : Read Configuration
26- uses : hashicorp/vault-action@v3
27- id : vault
28- with :
29- url : ${{ env.VAULT_ADDR }}
30- token : ${{ secrets.VAULT_TOKEN }}
31- secrets : |
32- kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
33-
34- name : Setup git
35- run : |
36- mkdir -p $HOME/.ssh
37- umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
38- ssh-keyscan github.com >> $HOME/.ssh/known_hosts
39- git config --global url."[email protected] :".insteadOf https://github.com/ 40-
41- name : Checkout Repo
28+ -
29+ name : Checkout Repo
4230 uses : actions/checkout@v4
43-
44- - name : Set up Homebrew
45- uses : Homebrew/actions/setup-homebrew@master
46-
47- - name : Install topaz
48- run : brew tap aserto-dev/tap && brew install aserto-dev/tap/topaz && topaz install
49-
50- - name : Use python 3.9
31+ -
32+ name : Install topaz CLI
33+ env :
34+ GH_TOKEN : ${{ github.token }}
35+ run : |
36+ gh release download v${{ env.TOPAZ_VERSION }} --repo aserto-dev/topaz --pattern "topaz_linux_x86_64.zip" \
37+ --output ./ext/topaz.zip --clobber
38+ unzip ./ext/topaz.zip -d bin
39+ chmod +x ./bin/topaz
40+ ./bin/topaz version
41+ echo "TOPAZ=$(realpath ./bin/topaz)" >> "$GITHUB_ENV"
42+ echo "TOPAZ_CERTS_DIR=$(./bin/topaz config info | jq '.config.topaz_certs_dir' -r)" >> "$GITHUB_ENV"
43+ echo "PATH=$PATH:$(realpath ./bin)" >> "$GITHUB_ENV"
44+
45+ name : Install topazd container
46+ run : |
47+ topaz install --container-tag=${{ env.TOPAZ_VERSION }}
48+ topaz version
49+
50+ name : Generate topaz certs
51+ run : topaz certs generate
52+ -
53+ name : Setup python
5154 uses : actions/setup-python@v5
5255 with :
53- python-version : ' 3.12 '
54-
55- - name : Install and configure Poetry
56+ python-version : ${{ env.PYTHON_VERSION }}
57+ -
58+ name : Install and configure Poetry
5659 uses : snok/install-poetry@v1
5760 with :
58- version : 1.8.3
61+ version : ${{ env.POETRY_VERSION }}
62+ -
63+ name : Install dependencies
64+ run : poetry install
65+ -
66+ name : Lint
67+ run : poetry run pyright .
68+ -
69+ name : Test
70+ run : poetry run pytest -vv
5971
60- - name : Run lint
61- run : |
62- poetry install
63- poetry run pyright .
64-
65- name : Run tests
66- run : |
67- poetry run pytest -vv
6872 release :
6973 runs-on : ubuntu-latest
7074 needs : test
7175 if : github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
7276
7377 name : Release to pypi
7478 steps :
75- - name : Read Configuration
79+ -
80+ uses : actions/create-github-app-token@v1
81+ id : app-token
82+ with :
83+ app-id : ${{ vars.CODEGEN_APP_ID }}
84+ private-key : ${{ secrets.CODEGEN_APP_KEY }}
85+ -
86+ name : Checkout
87+ uses : actions/checkout@v4
88+ with :
89+ fetch-depth : 0
90+ token : ${{ steps.app-token.outputs.token }}
91+ -
92+ name : Read Configuration
7693 uses : hashicorp/vault-action@v3
7794 id : vault
7895 with :
7996 url : ${{ env.VAULT_ADDR }}
8097 token : ${{ secrets.VAULT_TOKEN }}
8198 secrets : |
82- kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
8399 kv/data/pypi "API_TOKEN" | POETRY_HTTP_BASIC_PYPI_PASSWORD;
84-
85- name : Checkout
86- uses : actions/checkout@v4
87- with :
88- fetch-depth : 0
89-
90- - name : Setup Go
91- uses : actions/setup-go@v5
92- with :
93- go-version : ${{ env.GO_VERSION }}
94-
95- - name : Setup caching
96- uses : actions/cache@v4
97- with :
98- path : |
99- ~/.cache/go-build
100- ~/go/pkg/mod
101- .ext
102- key : ${{ runner.os }}-go-${{ hashFiles('**/go.sum', 'Depfile') }}
103- restore-keys : |
104- ${{ runner.os }}-go-
105-
106- name : Install dependencies
107- run : |
108- mkdir -p $HOME/.ssh
109- umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
110- ssh-keyscan github.com >> $HOME/.ssh/known_hosts
111-
112- git config --global url."[email protected] :".insteadOf https://github.com/ 113- git config --global user.email "[email protected] " 114- git config --global user.name "Aserto Bot"
115-
116- eval `ssh-agent`
117- ssh-add $HOME/.ssh/id_rsa
118-
119- go run mage.go deps
120-
121- name : Set up Python
100+
101+ name : Set up Python
122102 uses : actions/setup-python@v5
123103 with :
124- python-version : ' 3.12 '
125-
126- - name : Install Poetry
104+ python-version : ${{ env.PYTHON_VERSION }}
105+ -
106+ name : Install Poetry
127107 uses : snok/install-poetry@v1
128108 with :
129- version : 1.8.3
130-
131- - name : Build and push the python package
109+ version : ${{ env.POETRY_VERSION }}
110+ -
111+ name : Build
112+ run : poetry build
113+ -
114+ name : Publish
132115 env :
133116 # When using a PYPI API token, the user name must be set to "__token__"
134117 POETRY_HTTP_BASIC_PYPI_USERNAME : __token__
135- run : go run mage.go release
136-
137- - name : Bump to the next version
138- run : go run mage.go bump patch
139-
140- - name : Commit changes
118+ run : |
119+ poetry publish
120+
121+ name : Bump version
122+ id : bump
123+ uses : callowayproject/bump-my-version@master
124+ with :
125+ args : patch
126+ -
127+ name : Commit changes
141128 uses : EndBug/add-and-commit@v9
142129 with :
143130 default_author : github_actions
144- message : ' Bump to next version'
131+ message : ' Bump version: ${{ steps.bump.outputs.current- version }} '
145132 add : ' pyproject.toml'
146- push : origin HEAD:main
147-
0 commit comments