|
| 1 | +name: "Build, Tag, and Release" |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: |
| 6 | + - main |
| 7 | + paths-ignore: |
| 8 | + - .gitignore |
| 9 | + - .github/renovate.json |
| 10 | + - .pre-commit-config.yaml |
| 11 | + - LICENSE |
| 12 | + - README.MD |
| 13 | + - docs/ |
| 14 | + workflow_dispatch: |
| 15 | + |
| 16 | +env: |
| 17 | + REGISTRY: ghcr.io |
| 18 | + IMAGE_NAME: ${{ github.repository }} |
| 19 | + |
| 20 | +jobs: |
| 21 | + build-tag-release: |
| 22 | + runs-on: ubuntu-latest |
| 23 | + if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} |
| 24 | + permissions: |
| 25 | + contents: write |
| 26 | + packages: write |
| 27 | + attestations: write |
| 28 | + id-token: write |
| 29 | + steps: |
| 30 | + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 |
| 31 | + with: |
| 32 | + fetch-depth: 0 |
| 33 | + |
| 34 | + - name: Get next version |
| 35 | + id: version |
| 36 | + uses: anothrNick/github-tag-action@f278d49d30cdd8775cc3e7dd00b5ee11686ee297 # 1.71.0 |
| 37 | + env: |
| 38 | + WITH_V: true |
| 39 | + DEFAULT_BUMP: patch |
| 40 | + DRY_RUN: true |
| 41 | + |
| 42 | + - name: Check if version changed |
| 43 | + id: changed |
| 44 | + continue-on-error: true |
| 45 | + run: | |
| 46 | + if [[ "${{ steps.version.outputs.new_tag }}" == "${{ steps.version.outputs.old_tag }}" ]]; then |
| 47 | + echo "Version not changed" |
| 48 | + exit 1 |
| 49 | + else |
| 50 | + echo "Version changed" |
| 51 | + fi |
| 52 | + |
| 53 | + - name: Install uv |
| 54 | + if: ${{ steps.changed.outcome == 'success' }} |
| 55 | + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6 |
| 56 | + |
| 57 | + - name: Bump version in files |
| 58 | + if: ${{ steps.changed.outcome == 'success' }} |
| 59 | + run: | |
| 60 | + version="${{ steps.version.outputs.new_tag }}" |
| 61 | + clean_version="${version#v}" |
| 62 | + sed -i "s/__version__ = .*/__version__ = \"${clean_version}\"/" src/restic_compose_backup/__init__.py |
| 63 | + sed -i "s/version = .*/version = \"${clean_version}\"/" src/pyproject.toml |
| 64 | + sed -i "s/release = .*/release = \"${clean_version}\"/" docs/conf.py |
| 65 | + uv lock --directory src --upgrade-package restic-compose-backup |
| 66 | +
|
| 67 | + - name: Commit changes |
| 68 | + if: ${{ steps.changed.outcome == 'success' }} |
| 69 | + uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5 |
| 70 | + with: |
| 71 | + commit_message: automated version bump |
| 72 | + |
| 73 | + - name: Push version tag |
| 74 | + if: ${{ steps.changed.outcome == 'success' }} |
| 75 | + uses: anothrNick/github-tag-action@f278d49d30cdd8775cc3e7dd00b5ee11686ee297 # 1.71.0 |
| 76 | + env: |
| 77 | + GITHUB_TOKEN: ${{ secrets.PAT }} |
| 78 | + CUSTOM_TAG: ${{ steps.version.outputs.new_tag }} |
| 79 | + |
| 80 | + - name: Log in to the Container registry |
| 81 | + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 |
| 82 | + with: |
| 83 | + registry: ${{ env.REGISTRY }} |
| 84 | + username: ${{ github.actor }} |
| 85 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 86 | + |
| 87 | + - name: Set up QEMU |
| 88 | + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 |
| 89 | + |
| 90 | + - name: Set up Docker Buildx |
| 91 | + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 |
| 92 | + |
| 93 | + - name: Generate metadata for published image |
| 94 | + id: meta |
| 95 | + run: | |
| 96 | + TAG=${{ steps.version.outputs.new_tag }} |
| 97 | + echo "version=${TAG#v}" >> $GITHUB_OUTPUT |
| 98 | + echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%S.000Z')" >> $GITHUB_OUTPUT |
| 99 | +
|
| 100 | + - name: Build and push Docker image |
| 101 | + id: push |
| 102 | + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 |
| 103 | + with: |
| 104 | + context: src/ |
| 105 | + platforms: linux/amd64,linux/arm64 |
| 106 | + push: true |
| 107 | + tags: | |
| 108 | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} |
| 109 | + ${{ steps.changed.outcome == 'success' && format('{0}/{1}:latest', env.REGISTRY, env.IMAGE_NAME) || null }} |
| 110 | + ${{ steps.changed.outcome == 'success' && format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_NAME, steps.version.outputs.new_tag) || null }} |
| 111 | + labels: | |
| 112 | + org.opencontainers.image.title=${{ github.event.repository.name }} |
| 113 | + org.opencontainers.image.url=${{ github.repositoryUrl }} |
| 114 | + org.opencontainers.image.source=${{ github.repositoryUrl }} |
| 115 | + org.opencontainers.image.version=${{ steps.meta.outputs.version }} |
| 116 | + org.opencontainers.image.revision=${{ steps.commit.outputs.commit_hash }} |
| 117 | + org.opencontainers.image.created=${{ steps.meta.outputs.timestamp }} |
| 118 | +
|
| 119 | + - name: Generate artifact attestation |
| 120 | + uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2 |
| 121 | + with: |
| 122 | + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} |
| 123 | + subject-digest: ${{ steps.push.outputs.digest }} |
| 124 | + push-to-registry: true |
| 125 | + |
| 126 | + - name: Update release |
| 127 | + if: ${{ steps.changed.outcome == 'success' }} |
| 128 | + uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1 |
| 129 | + with: |
| 130 | + allowUpdates: true |
| 131 | + updateOnlyUnreleased: true |
| 132 | + generateReleaseNotes: true |
| 133 | + tag: ${{ steps.version.outputs.new_tag }} |
0 commit comments