66 branches :
77 - main
88 paths :
9- - ' .github/workflows/**'
109 - pyproject.toml
11- - Dockerfile
12- - ' *.py'
13- - tests/**
14- - tools/**
15- - utils/**
1610
1711concurrency :
18- group : ' publish-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }} '
19- cancel-in-progress : true
12+ group : ' publish-${{ github.workflow }}'
13+ cancel-in-progress : false
2014
2115jobs :
22- tests :
23- permissions :
24- checks : write
25- pull-requests : write
26- contents : write
27- uses : ./.github/workflows/test.yaml
28- secrets : inherit
16+ get-newer-version :
17+ runs-on : ubuntu-latest
18+ outputs :
19+ new-version : ${{ steps.check.outputs.new_version }}
20+ steps :
21+ - name : Checkout repository
22+ uses : actions/checkout@v5
23+ with :
24+ fetch-tags : true
25+ fetch-depth : 0
26+
27+ - name : Extract version from pyproject.toml
28+ id : extract
29+ run : |
30+ VERSION=$(grep -m1 '^version\s*=' pyproject.toml | sed -E 's/version\s*=\s*"([^"]+)".*/\1/')
31+ echo "Extracted version: v$VERSION"
32+ echo "version=v$VERSION" >> $GITHUB_OUTPUT
33+
34+ name : Get latest tag
35+ id : latest
36+ run : |
37+ LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "none")
38+ echo "Latest tag: $LATEST_TAG"
39+ echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
40+
41+ name : Check if version is new
42+ id : check
43+ run : |
44+ VERSION="${{ steps.extract.outputs.version }}"
45+ LATEST="${{ steps.latest.outputs.latest_tag }}"
46+ if [ "$VERSION" = "$LATEST" ]; then
47+ echo "No new version detected."
48+ echo "new_version=" >> $GITHUB_OUTPUT
49+ else
50+ echo "New version detected: $VERSION"
51+ echo "new_version=$VERSION" >> $GITHUB_OUTPUT
52+ fi
53+
2954push_to_registry :
3055 name : Push Docker image to GitHub Packages
3156 runs-on : ubuntu-latest
32- needs : tests
57+ needs : [ get-newer-version ]
58+ if : needs.get-newer-version.outputs.new-version != ''
3359 permissions :
3460 contents : read # required for actions/checkout
3561 packages : write # required for pushing to ghcr.io
3662 id-token : write # required for signing with cosign
37- outputs :
38- version : ${{ steps.extract_version.outputs.VERSION }}
39- tag : ${{ steps.extract_version.outputs.TAG }}
4063 steps :
4164 - name : Check out the repo
4265 uses : actions/checkout@v4
4366
44- - name : Extract version
45- id : extract_version
46- run : |
47- VERSION=$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
48- echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
49- TAG=v$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
50- echo "TAG=$TAG" >> "$GITHUB_OUTPUT"
51-
5267 - name : Log in to GitHub Container Registry
5368 uses : docker/login-action@v3
5469 with :
5570 registry : ghcr.io
5671 username : ${{ github.actor }}
5772 password : ${{ secrets.GITHUB_TOKEN }}
5873
59- - name : Install cosign
60- uses : sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
61- with :
62- cosign-release : ' v2.2.4'
63-
6474 - name : Build and push Docker image
6575 id : build-and-push
6676 uses : docker/build-push-action@v5
@@ -69,38 +79,37 @@ jobs:
6979 push : true
7080 tags : |
7181 ghcr.io/sysdiglabs/sysdig-mcp-server:latest
72- ghcr.io/sysdiglabs/sysdig-mcp-server:v ${{ steps.extract_version .outputs.VERSION }}
82+ ghcr.io/sysdiglabs/sysdig-mcp-server:${{ needs.get-newer-version .outputs.new-version }}
7383
74- name : Sign the published Docker image
75- env :
76- TAGS : |
77- ghcr.io/sysdiglabs/sysdig-mcp-server:latest
78- ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ steps.extract_version.outputs.VERSION }}
79- DIGEST : ${{ steps.build-and-push.outputs.digest }}
80- run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
81-
82- tag_release :
83- name : Tag Release
84+ release :
85+ name : Create release at Github
86+ needs : [ get-newer-version ]
87+ if : needs.get-newer-version.outputs.new-version != ''
8488 runs-on : ubuntu-latest
85- needs : push_to_registry
89+ permissions :
90+ contents : write # Required for release creation
8691 steps :
87- - name : Check out repository
88- uses : actions/checkout@v4
92+ - uses : actions/checkout@v4
8993 with :
90- ref : ${{ github.sha }} # required for better experience using pre-releases
91- fetch-depth : ' 0 ' # Required due to the way Git works, without it this action won't be able to find any or the correct tags
94+ fetch-depth : 0
95+ fetch-tags : true
9296
93- - name : Get tag version
94- id : semantic_release
95- uses :
anothrNick/[email protected] 96- env :
97- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
98- DEFAULT_BUMP : " patch"
99- TAG_CONTEXT : ' repo'
100- WITH_V : true
97+ - name : Install Nix
98+ uses : DeterminateSystems/nix-installer-action@main
10199
102- - name : Summary
103- run : |
104- echo "## Release Summary
105- - Tag: ${{ steps.semantic_release.outputs.tag }}
106- - Docker Image: ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ needs.push_to_registry.outputs.version }}" >> $GITHUB_STEP_SUMMARY
100+ - name : Install git-chglog
101+ run : nix profile install nixpkgs#git-chglog
102+
103+ - name : Tag with version ${{ needs.get-newer-version.outputs.new-version }}
104+ run : git tag ${{ needs.get-newer-version.outputs.new-version }}
105+
106+ - name : Generate changelog
107+ run : git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md $(git describe --tags $(git rev-list --tags --max-count=1))
108+
109+ - name : Create release
110+ uses : softprops/action-gh-release@v2
111+ with :
112+ name : ${{ needs.get-newer-version.outputs.new-version }}
113+ tag_name : ${{ needs.get-newer-version.outputs.new-version }}
114+ prerelease : false
115+ body_path : RELEASE_CHANGELOG.md
0 commit comments