Merge pull request #503 from sadsfae/master

grafuls · web-flow · commit 604b47146a93 · 2026-02-03T18:22:50.000+01:00
feat: rework/refactor GHA and CI/CD.
diff --git a/.github/workflows/development-build.yml b/.github/workflows/development-build.yml
@@ -0,0 +1,44 @@
+name: Development Build
+
+on:
+    push:
+        branches-ignore:
+            - master
+
+concurrency:
+    group: dev-build-${{ github.ref }}
+    cancel-in-progress: true
+
+jobs:
+    quay_dev:
+        name: Push Quay (Dev)
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+
+        steps:
+            - name: Checkout Code
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+            - name: Podman Login
+              env:
+                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
+                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
+              run: echo "$QUAY_TOKEN" | podman login -u="$QUAY_USER" --password-stdin quay.io
+
+            - name: Clean Old Development Tag
+              env:
+                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
+                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
+              run: |
+                  REPO="quay.io/quads/badfish"
+                  echo "$QUAY_TOKEN" | skopeo login -u="$QUAY_USER" --password-stdin quay.io
+
+                  echo "Attempting to delete old development tag..."
+                  skopeo delete "docker://$REPO:development" || echo "Tag development not found or already deleted."
+
+            - name: Build and Push Dev
+              run: |
+                  # Added --no-cache to ensure fresh layers
+                  podman build --no-cache -t quay.io/quads/badfish:development .
+                  podman push quay.io/quads/badfish:development
diff --git a/.github/workflows/production-release.yml b/.github/workflows/production-release.yml
@@ -0,0 +1,137 @@
+name: Production Release
+
+on:
+    push:
+        branches:
+            - master
+
+concurrency:
+    group: production-release
+    cancel-in-progress: true
+
+jobs:
+    # ------------------------------------------------------------------
+    # JOB 1: RELEASE (Calculate Version, Tag, Push to PyPI)
+    # ------------------------------------------------------------------
+    release:
+        name: Semantic Release
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write # Needed to create releases/tags
+            id-token: write # Needed for PyPI trusted publishing
+        outputs:
+            released: ${{ steps.semantic.outputs.released }}
+            tag: ${{ steps.semantic.outputs.tag }}
+            version: ${{ steps.semantic.outputs.version }}
+
+        steps:
+            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  fetch-depth: 0
+
+            - name: Python Semantic Release
+              id: semantic
+              uses: python-semantic-release/python-semantic-release@7f12e960334860b29ce37894a485596489438914 # v9.15.0
+              with:
+                  github_token: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Publish to PyPI
+              if: steps.semantic.outputs.released == 'true'
+              uses: pypa/gh-action-pypi-publish@67339c736fd9352e5f1a7421053be3d68444052f # release/v1
+              with:
+                  password: ${{ secrets.PYPI_API_TOKEN }}
+
+    # ------------------------------------------------------------------
+    # JOB 2: COPR BUILD (Fedora SRPM)
+    # ------------------------------------------------------------------
+    copr_build:
+        name: Submit to COPR
+        needs: release
+        if: needs.release.outputs.released == 'true'
+        runs-on: ubuntu-latest
+        container: fedora:latest
+        permissions:
+            contents: read
+
+        steps:
+            - name: Install Git
+              run: dnf -y install git
+
+            - name: Checkout Tagged Release
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  ref: ${{ needs.release.outputs.tag }}
+
+            - name: Install tooling
+              run: |
+                  dnf -y install @development-tools @rpm-development-tools copr-cli make zlib-devel
+
+            - name: Work around GHA permission issue
+              run: git config --global --add safe.directory /__w/badfish/badfish
+
+            - name: Setup COPR Config
+              env:
+                  API_TOKEN_CONTENT: ${{ secrets.COPR_API_TOKEN }}
+              run: |
+                  mkdir -p "$HOME/.config"
+                  echo "$API_TOKEN_CONTENT" > "$HOME/.config/copr"
+
+            - name: Sync Spec Version and Build
+              env:
+                  RELEASE_VERSION: ${{ needs.release.outputs.version }}
+              run: |
+                  cd rpm
+                  sed -i "s/^Version:.*/Version: ${RELEASE_VERSION}/" python3-badfish.spec
+                  make srpm
+                  SRPM_FILE=$(find . -name "*.src.rpm" -type f | head -n 1)
+                  if [ -z "$SRPM_FILE" ]; then
+                      echo "Error: No .src.rpm file found in $(pwd) or subdirectories."
+                      echo "Ensure your Makefile outputs the SRPM locally or defines _topdir."
+                      exit 1
+                  fi
+                  echo "Found SRPM: $SRPM_FILE"
+                  copr build quadsdev/badfish "$SRPM_FILE"
+    # ------------------------------------------------------------------
+    # JOB 3: QUAY PUBLISH (Master & Latest)
+    # ------------------------------------------------------------------
+    quay_master:
+        name: Push Quay (Master)
+        needs: release
+        if: needs.release.outputs.released == 'true'
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+
+        steps:
+            - name: Checkout Tagged Release
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  ref: ${{ needs.release.outputs.tag }}
+
+            - name: Podman Login
+              env:
+                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
+                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
+              run: echo "$QUAY_TOKEN" | podman login -u="$QUAY_USER" --password-stdin quay.io
+
+            - name: Clean Old Tags
+              env:
+                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
+                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
+              run: |
+                  REPO="quay.io/quads/badfish"
+                  echo "$QUAY_TOKEN" | skopeo login -u="$QUAY_USER" --password-stdin quay.io
+
+                  # Delete 'master' and 'latest' if they exist
+                  for tag in master latest; do
+                    echo "Attempting to delete old tag: $tag"
+                    skopeo delete "docker://$REPO:$tag" || echo "Tag $tag not found or already deleted."
+                  done
+
+            - name: Build and Push
+              run: |
+                  # Added --no-cache to ensure fresh layers
+                  podman build --no-cache -t quay.io/quads/badfish:master .
+                  podman tag quay.io/quads/badfish:master quay.io/quads/badfish:latest
+                  podman push quay.io/quads/badfish:master
+                  podman push quay.io/quads/badfish:latest
diff --git a/.github/workflows/push-copr-build.yml b/.github/workflows/push-copr-build.yml
diff --git a/.github/workflows/source-tarball.yml b/.github/workflows/source-tarball.yml
diff --git a/.github/workflows/sync-back.yml b/.github/workflows/sync-back.yml
@@ -0,0 +1,43 @@
+name: Sync Back to Development
+
+on:
+    workflow_run:
+        workflows: ["Production Release"]
+        types:
+            - completed
+
+permissions:
+    contents: write
+
+jobs:
+    sync-branches:
+        runs-on: ubuntu-latest
+        # Only run if the Production Release actually succeeded
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+        steps:
+            - name: Checkout Source Code
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  # Fetch full history to ensure merge works
+                  fetch-depth: 0
+                  # We need to checkout development, but the context starts at the default branch (usually master)
+                  ref: development
+                  token: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Merge Master into Development
+              run: |
+                  git config --global user.name 'github-actions[bot]'
+                  git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+
+                  # Fetch latest updates from origin
+                  git fetch origin
+
+                  # Merge origin/master (which holds the new version commit) into the current branch (development)
+                  # We use --no-ff to create a merge commit, or plain merge is fine too.
+                  # If there are no changes in dev, this is a fast-forward.
+                  echo "Merging master back into development..."
+                  git merge origin/master --no-edit
+
+                  # Push the update back to development
+                  git push origin development
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,3 +4,10 @@ build-backend = "setuptools.build_meta"
 
 [tool.black]
 line-length = 120
+
+[tool.semantic_release]
+version_variables = [
+    "src/badfish/__init__.py:__version__"
+]
+branch = "master"
+build_command = "pip install build && python -m build"
diff --git a/src/badfish/__init__.py b/src/badfish/__init__.py
@@ -0,0 +1 @@
+__version__ = "1.0.7"
