client-python/.github/workflows/rolling.yml at main · goauthentik/client-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
name: Rolling release

on:
  workflow_dispatch:
  schedule:
    - cron: "*/15 * * * *"

permissions:
  id-token: write
  contents: write

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - id: app-token
        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - id: get-user-id
        name: Get GitHub app user ID
        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
        env:
          GH_TOKEN: "${{ steps.app-token.outputs.token }}"
      - name: Check out code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          token: ${{ steps.app-token.outputs.token }}
          path: client-python
      - name: Install python and dependencies
        run: |
          pipx install poetry || true
      - name: Setup Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version-file: client-python/pyproject.toml
      - name: Fetch schema
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          repository: goauthentik/authentik
          token: "${{ steps.app-token.outputs.token }}"
          ref: main
          path: authentik
          sparse-checkout: |
            schema.yml
          sparse-checkout-cone-mode: false
      - id: changes
        name: Check for changes
        working-directory: client-python
        run: |
          cp ../authentik/schema.yml schema.yml
          if git diff --exit-code -- schema.yml > /dev/null; then
            echo "schema_has_changes=false" >> "$GITHUB_OUTPUT"
          else
            echo "schema_has_changes=true" >> "$GITHUB_OUTPUT"
          fi
      - name: Publish to GitHub
        if: "${{ steps.changes.outputs.schema_has_changes == 'true' }}"
        working-directory: client-python
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          version="$(yq -r '.info.version' schema.yml)-$(date +%s)"
          make version="$version"

          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'

          git add .
          git commit -F "diff.test" || exit 0
          git tag v$version
          git push
          git push --tags
          truncate -s '<125000' diff.test
          gh release create v$version -F diff.test --prerelease
      - name: Build package
        if: "${{ steps.changes.outputs.schema_has_changes == 'true' }}"
        working-directory: client-python
        run: |
          poetry build
      - name: Publish to PyPi
        if: "${{ steps.changes.outputs.schema_has_changes == 'true' }}"
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
        with:
          packages-dir: client-python/dist/