-
Notifications
You must be signed in to change notification settings - Fork 1
263 lines (229 loc) · 8.33 KB
/
cd.yml
File metadata and controls
263 lines (229 loc) · 8.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# GitHub - Continuous Deployment Workflow
#
# This workflow runs on version tags (e.g., v0.1.0) and publishes to PyPI and Docker Hub.
# It also creates GitHub releases with auto-generated changelogs.
name: CD
on:
push:
tags:
- 'v*.*.*' # Trigger on version tags (e.g., v0.1.0, v1.2.3)
workflow_dispatch: # Allow manual trigger
inputs:
version:
description: 'Version to deploy (e.g., 0.1.0)'
required: true
type: string
permissions:
contents: write # For creating releases
packages: write # For publishing to GHCR
id-token: write # For OIDC token (PyPI trusted publishing)
jobs:
# ==========================================================================
# Build Job
# ==========================================================================
build:
name: Build Package
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for changelog
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
- name: Install build tools
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: python -m build
- name: Check package
run: twine check dist/*
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
retention-days: 7
# ==========================================================================
# Publish to PyPI
# ==========================================================================
publish-pypi:
name: Publish to PyPI
runs-on: ubuntu-latest
needs: build
environment:
name: pypi
url: https://pypi.org/project/github/
steps:
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Publish to PyPI (OIDC)
uses: pypa/gh-action-pypi-publish@release/v1
with:
# Uses OIDC trusted publishing (no API token needed)
# Configure at: https://pypi.org/manage/account/publishing/
# Project: github
# Publisher: yourusername/github
# Workflow: cd.yml
# Environment: pypi
verbose: true
# Alternative: Publish with API token (if not using OIDC)
# - name: Publish to PyPI (Token)
# uses: pypa/gh-action-pypi-publish@release/v1
# with:
# password: ${{ secrets.PYPI_API_TOKEN }}
# ==========================================================================
# Build and Publish Docker Image
# ==========================================================================
publish-docker:
name: Publish Docker Image
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version from tag
id: version
run: |
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
else
VERSION="${{ inputs.version }}"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "major=$(echo ${VERSION} | cut -d. -f1)" >> $GITHUB_OUTPUT
echo "minor=$(echo ${VERSION} | cut -d. -f1-2)" >> $GITHUB_OUTPUT
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
yourusername/github:latest
yourusername/github:${{ steps.version.outputs.version }}
yourusername/github:${{ steps.version.outputs.major }}
yourusername/github:${{ steps.version.outputs.minor }}
ghcr.io/yourusername/github:latest
ghcr.io/yourusername/github:${{ steps.version.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max
labels: |
org.opencontainers.image.title=GitHub
org.opencontainers.image.version=${{ steps.version.outputs.version }}
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
# ==========================================================================
# Create GitHub Release
# ==========================================================================
release:
name: Create GitHub Release
runs-on: ubuntu-latest
needs: [publish-pypi, publish-docker]
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for changelog
- name: Extract version from tag
id: version
run: |
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
else
VERSION="${{ inputs.version }}"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Generate changelog
id: changelog
run: |
# Get commits since last tag
LAST_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
if [ -z "$LAST_TAG" ]; then
COMMITS=$(git log --pretty=format:"- %s (%h)" --reverse)
else
COMMITS=$(git log ${LAST_TAG}..HEAD --pretty=format:"- %s (%h)" --reverse)
fi
# Write to file for multiline output
cat > changelog.txt <<EOF
## Changes in v${{ steps.version.outputs.version }}
${COMMITS}
## Installation
\`\`\`bash
pip install github==${{ steps.version.outputs.version }}
\`\`\`
## Docker
\`\`\`bash
docker pull yourusername/github:${{ steps.version.outputs.version }}
\`\`\`
## Links
- PyPI: https://pypi.org/project/github/${{ steps.version.outputs.version }}/
- Docker Hub: https://hub.docker.com/r/yourusername/github
- GitHub Container Registry: https://ghcr.io/yourusername/github
EOF
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ steps.version.outputs.version }}
name: v${{ steps.version.outputs.version }}
body_path: changelog.txt
draft: false
prerelease: false
files: |
dist/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ==========================================================================
# Deployment Success Notification (Optional)
# ==========================================================================
notify:
name: Notify Deployment Success
runs-on: ubuntu-latest
needs: [release]
if: success()
steps:
- name: Extract version
id: version
run: |
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
else
VERSION="${{ inputs.version }}"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Send success notification
run: |
echo "✅ Successfully deployed github v${{ steps.version.outputs.version }}"
echo "PyPI: https://pypi.org/project/github/${{ steps.version.outputs.version }}/"
echo "Docker: yourusername/github:${{ steps.version.outputs.version }}"
# Optional: Send to Slack, Discord, email, etc.
# - name: Slack notification
# uses: 8398a7/action-slack@v3
# with:
# status: ${{ job.status }}
# text: 'Deployed github v${{ steps.version.outputs.version }}'
# webhook_url: ${{ secrets.SLACK_WEBHOOK }}