Skip to content

feat: auto publish on version change #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Hrishabh17 merged 1 commit into from
Aug 12, 2025
Merged

feat: auto publish on version change #106

Hrishabh17 merged 1 commit into from
Aug 12, 2025

Conversation

@Hrishabh17
Copy link
Member

@Hrishabh17 Hrishabh17 commented Aug 12, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 12, 2025
View reviewed changes
.github/workflows/publish-on-version-change.yml
Comment on lines +10 to +65
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 2

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'

- name: Get current and previous version
id: get_version
run: |
set -e
CURR_VERSION=$(grep "version=" setup.py | head -1 | sed -E "s/.*version=['\"]([^'\"]*)['\"].*/\1/")
PREV_VERSION=$(git show HEAD^:setup.py | grep "version=" | head -1 | sed -E "s/.*version=['\"]([^'\"]*)['\"].*/\1/")
echo "Current version: $CURR_VERSION"
echo "Previous version: $PREV_VERSION"
echo "curr_version=$CURR_VERSION" >> $GITHUB_OUTPUT
echo "prev_version=$PREV_VERSION" >> $GITHUB_OUTPUT

- name: Check if version changed
id: version_check
run: |
if [ "${{ steps.get_version.outputs.curr_version }}" != "${{ steps.get_version.outputs.prev_version }}" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
else
echo "changed=false" >> $GITHUB_OUTPUT
fi

- name: Create GitHub Release
if: ${{ steps.version_check.outputs.changed == 'true' }}
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ steps.get_version.outputs.curr_version }}
name: Release ${{ steps.get_version.outputs.curr_version }}
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Install dependencies
if: ${{ steps.version_check.outputs.changed == 'true' }}
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine

- name: Build and publish
if: ${{ steps.version_check.outputs.changed == 'true' }}
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
run: |
python setup.py sdist bdist_wheel
twine upload dist/*

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix the problem, add a permissions block to the workflow, specifying the least privileges required for the job. Since the workflow creates a GitHub release (which requires contents: write), but most other steps only need read access, the best approach is to set contents: write at the job level for the publish job. If you want to be even more restrictive, you could set contents: read at the workflow level and override with contents: write only for the job or step that creates the release. For simplicity and clarity, add the following block under the publish job (line 10), before runs-on:

permissions:
  contents: write

This ensures the job only has the permissions it needs to create a release, and not broader write access.

Suggested changeset 1
.github/workflows/publish-on-version-change.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/publish-on-version-change.yml b/.github/workflows/publish-on-version-change.yml
--- a/.github/workflows/publish-on-version-change.yml
+++ b/.github/workflows/publish-on-version-change.yml
@@ -9,2 +9,4 @@
   publish:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
EOF
@@ -9,2 +9,4 @@
publish:
permissions:
contents: write
runs-on: ubuntu-latest
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link

github-actions bot commented Aug 12, 2025

Coverage

Coverage Report
FileStmtsMissCoverMissing
fyle
   __init__.py10100% 
fyle/platform
   __init__.py40100% 
   exceptions.py29390%20–22
   platform.py280100% 
fyle/platform/apis
   __init__.py20100% 
fyle/platform/apis/v1
   __init__.py30100% 
   version.py10100% 
fyle/platform/apis/v1/accountant
   __init__.py40100% 
   orgs.py60100% 
fyle/platform/apis/v1/admin
   __init__.py400100% 
   accounting_exports.py21195%40
   advance_requests.py80100% 
   categories.py80100% 
   corporate_card_transactions.py80100% 
   corporate_cards.py60100% 
   cost_centers.py80100% 
   departments.py80100% 
   dependent_expense_field_values.py20765%22–27, 30
   employees.py110100% 
   expense_fields.py80100% 
   expenses.py12192%22
   files.py250100% 
   org_settings.py60100% 
   projects.py80100% 
   reimbursements.py11191%21
   reports.py8188%13
   scheduled_callbacks.py70100% 
   subscriptions.py70100% 
   tax_groups.py100100% 
fyle/platform/apis/v1/approver
   __init__.py100100% 
   categories.py60100% 
   expenses.py80100% 
   projects.py60100% 
   reports.py100100% 
fyle/platform/apis/v1/common
   __init__.py90100% 
   currencies.py160100% 
   expense_extract.py00100% 
   places.py30197%32
fyle/platform/apis/v1/spender
   __init__.py280100% 
   accounts.py60100% 
   categories.py60100% 
   corporate_cards.py60100% 
   cost_centers.py60100% 
   employees.py60100% 
   expense_fields.py60100% 
   expenses.py15193%23
   files.py240100% 
   merchants.py70100% 
   my_profile.py15193%34
   projects.py60100% 
   reports.py13285%21, 28
   tax_groups.py60100% 
fyle/platform/globals
   __init__.py00100% 
   config.py40100% 
fyle/platform/internals
   __init__.py00100% 
   api_base.py57689%52, 108, 111, 114, 117, 122
   auth.py26773%40–48
   decorators.py20195%32
   get_resources.py21195%41
   list_all_resources.py24483%14–17
   list_resources.py140100% 
   network.py280100% 
   post_bulk_resources.py10460%14–17
   post_resources.py100100% 
   serializers.py90100% 
test
   __init__.py00100% 
test/common
   __init__.py00100% 
   utilities.py350100% 
test/integration
   __init__.py00100% 
test/integration/accountant
   __init__.py00100% 
   conftest.py110100% 
   test_accountant_apis.py21767%23–27, 40–41
   utilities.py170100% 
test/integration/admin
   __init__.py00100% 
   conftest.py110100% 
   test_admin_apis.py1971095%113–114, 203–204, 296–297, 307–308, 352–353
   utilities.py240100% 
test/integration/approver
   __init__.py00100% 
   conftest.py110100% 
   test_approver_apis.py40588%52–53, 62, 66–67
   utilities.py170100% 
test/integration/common
   __init__.py00100% 
   conftest.py120100% 
   test_common_apis.py440100% 
   utilities.py190100% 
test/integration/spender
   __init__.py00100% 
   conftest.py110100% 
   test_spender_apis.py61297%96, 110
   utilities.py200100% 
TOTAL13376695% 

Tests Skipped Failures Errors Time
46 0 💤 3 ❌ 0 🔥 1m 59s ⏱️

@Hrishabh17 Hrishabh17 merged commit 79733bf into master Aug 12, 2025
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruuushhh ruuushhh ruuushhh approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Hrishabh17 @ruuushhh